Researcher Still Being Pursued By Russian Bank Over Last Year's Mistaken Trump Connection Story

from the every-weapon-deployed dept

The war on security researchers continues. But then, it's never really shown any sign of abating, has it? Report after report comes in of security researchers being threatened with lawsuits or arrest simply for finding and reporting security breaches.

The war on Jean Camp continues to this day, with the researcher on the receiving end of multiple legal threats from the American law firm representing Kremlin-linked Alfa Bank. Camp came under fire from the bank last year, after a story came and went mistakenly insinuating a Trump server was in engaged in lively conversation with Alfa Bank's servers during the run-up to the presidential election.

That was back in March. Law firm Kirkland & Ellis sent legal threats and communication retention demands to Camp. In addition to demanding she retain all communications possibly relevant to Alfa Bank's vendetta, the firm also threatened to file CFAA charges.

Nothing has improved over the last several months. The law firm's tactics now apparently include the use of FOIA laws to grab even more of Camp's communications. The Intercept reports on the latest developments in the Alfa Bank case.

Alfa’s lawyers went beyond scary lawyer boilerplate, demanding that Camp not only turn over all of her related communications with members of the media, but also divulge her full correspondence with the anonymous Tea Leaves, presumably for the purpose of unmasking and pursuing them. As a professor at a publicly funded university, Camp’s official correspondence is subject to public disclosure.

Alfa Bank seems keen on discovering who the mysterious security researcher "Tea Leaves" is. The pseudonymous researcher was instrumental to the mistaken claims published by Slate in its original report on the supposed link between Trump and the Russian bank. A letter sent by the law firm in May demands Camp turn over "Tea Leaves'" real name, title, and work address if she's in possession of that information.

Another letter in June expanded Alfa's demands, ordering Camp to turn over communications and other information related to her work with other security researchers. The latest letter, dated August 3, shows Alfa -- through Kirkland & Ellis -- serving up a public records request for

"All emails sent, received, or deleted by Professor Camp from University computers or systems using her University or personal email accounts that include any of the keywords "Alfa," "Alpha," "Alfa Bank," "Alpha Bank," "Trump," "Clinton," "Russia" or "Tea Leaves."

Considering this all took place shortly before the election, this request has the potential to sweep up a great number of communications not directly related to Alfa Bank's case. But even if it were more limited, it would still be disturbing. Alfa is looking to out other security researchers Camp has been in contact with, presumably in hopes of nailing a few of them to the wall for drawing mistaken conclusions about Trump server traffic.

The Intercept's Sam Biddle notes this clearly isn't what legislators had in mind when crafting public records laws.

Although public records laws typically don’t distinguish between U.S. citizens and foreign entities that use them, the purpose and spirit of such laws are generally understood to be a means of making government activities transparent for the public interest. Camp works for a public university and is a government employee, of course, but it’s hard to imagine laws like Indiana’s Access to Public Records act drafted with the well-being of Russian financial mega-institutions in mind.

This is likely true, but ultimately it makes no difference. The law cannot forbid companies from using public records laws to obtain information. (And companies know it.) After all, companies are made up of people and proxy records requests aren't just for bullying by foreign banks. Muckrock does this all the time, acting as an intermediary for requesters who don't live in the states they're requesting records from. Some laws prevent out-of-state requests. Muckrock's proxies work around this limitation. The use of a US law firm is more of the same, even though most records requesters aren't normally looking to destroy the target of their requests.

Oddly, the PR firm representing Alfa Bank has been the only entity to respond to requests for comment. And it has done so with as much spin as possible. As Biddle reports, BGR Public Relations claims the nearly-yearlong issuance of threats and demands to Jean Camp isn't illustrative of Alfa Bank's end goals. It just wants to "get the facts straight." Apparently, straightening things out means endangering Camp's career and, potentially, the livelihoods of every researcher she spoke to about Alfa Bank server traffic.

Filed Under: foia, jean camp, tea leaves, threats
Companies: alfa bank, kirkland & ellis

Russian Bank Sends Legal Threats To Researcher Who Revealed Spike In Traffic Supposedly Tied To Trump's Server

from the is-the-wrong-message-worth-shooting-the-messenger-over? dept

Late last year, a security researcher noticed what was believed to be an unusual amount of network traffic between Donald Trump's server and a Russian bank. A lot of bad reporting followed -- some it aided by the security researcher's conclusions -- which attempted to tie some spikes in spam to Trump's supposed collusion with the Russians.

It was a conspiracy theory borne of a researcher's belief something was happening, even when further research by others showed it to be a whole lot of nothing. At this point, only the die hard conspiracy theorists are still holding onto this spike in traffic between a Trump server and a Russian bank as evidence of anything.

Now, there's an additional wrinkle. The FBI is investigating possible connections between Trump and Russia that may have played a part in the election. Nothing has been confirmed by the FBI. As for the spike in network traffic noticed by the researcher, it can still be chalked up to the most boring of non-conspiracy theories: spammers using the same domain name server as both Trump's server and a Russian bank to spam recipients with hotel-related email.

The other party that can't let go of this conspiracy theory is the Russian bank's lawyers. CyberScoop reports Alfa Bank's lawyers have issued legal threats to a security researcher behind the Trump-Russia story.

In a document obtained by CyberScoop, Alfa Bank notified Indiana University computer researcher L. Jean Camp that it’s pursuing “all available options” after Camp’s research suggested the bank engaged in some form of communication with the Trump Organization. Washington-based law firm Kirkland & Ellis sent the letter on the bank’s behalf on March 17.

Alfa Bank is considering, among other things, using one of our nation's most easily-abused laws to pursue legal action against Camp for "promoting an unwarranted investigation" into the bank's ties to Donald Trump. The CFAA is cited as one route the bank may take towards making Camp pay for besmirching the reputation of the Russian bank. It also demands [PDF] she retain records possibly needed in upcoming litigation, including those detailed in this memorable sentence:

communications between you and the individuals you have publicly identified as a "loose group of concerned nerds" with whom you reportedly worked in concert regarding this matter

Being a security researcher is dangerous enough, even when you're 100% in the right. Legal threats tend to follow news of security breaches or unpatched exploits. When you follow the wrong conclusion because you're so sure you're right, you make things worse. The CFAA is a blunt weapon with surprising flexibility, and all the data researchers normally avail themselves of without issue can be twisted into "unauthorized access" by a complainant with sufficient motivation.

Filed Under: cfaa, donald trump, investigation, jean camp, research, russia
Companies: alfa bank