There is a major flap in the United States about whether trump Tower was wiretapped by former President Obama (impossible) and that has reignited FBI interest into a very unusual email server in Lititz, a small Pennsylvania town in the Amish region of Lancaster County. It is an unusual small town with 9500 residents and nearly 30 computer companies but the big question is why is a Russian bank with ties to Putin (every Russian bank has ties to Putin) is so interested in the mail1.mail-trump (name slightly mangled for reasons I’ll explain below.)

So, is this small town the mythical Amish attempt to take over the Internet, or is it the home of a Honey Trap for anyone trying to pry open the Trump Organization?

Have I reached the party to whom I am speaking?

With apologies to Lily Tomlin’s Ernestine character, the party in question is a Trump Organization owned email server (according to GoDaddy’s whois registry) and the party calling is the Alfa organization, Russia’s largest commercial bank.

The bank’s computers have looked up the location or IP address of the Trump server in Lititz, PA 2800 times and did so during a very short period of time during the election campaign. A DNS lookup in itself is not suspicious or unusual but the fact that there were only two companies which made up 99% of all DNS (Domain Name Server) lookups for the Trump server is strange if there is no business relationship. The largest visitor by far was Alfa and the other one was the medical company run by the husband of President Trump’s newly-minted Secretary of Education.

The FBI had noted this strange and, so far, unexplained connection between a Russian bank and the Trump email server and dismissed it as extremely unusual, but not of particular interest. But when President Trump made his weird claim that President Obama had personally ordered Trump Tower telephones wiretapped, the FBI investigation ordered by President Trump will also necessarily include a deeper look at the connection with the Alfa bank group and the Trump Organization.

Actually the Trump Organization, Alfa, and the DeVos family business have all given explanations, but they were all different and unsupported by any evidence.

What is DNS

DNS is simply the translation database between human memorable website names and the actual number string such as 184.168.211.46 (the IP address for the email server.) The Internet can’t find a computer using the name such as BlastingNews but needs to look up the numeric, physical location on the network which is known as the IP address.

Your computer does this every time you go to a web page with your browser but the activity is hidden behind the scenes. You can do it directly with a ping of the text-based URL name from a command line on your computer. The Ping will show the actual IP address and will time how long it takes to reach the site but does nothing else. This activity isn’t secret and doesn’t require any wiretapping of any kind but it is suggested by his staff that President Trump may think so and that may be the basis of his claim that then President Obama had him wiretapped.

Wiretapping someone in the United States can only be done by a local prosecutor/law enforcement agency, or at a federal level by the FBI and only by showing probable cause of a crime being committed and obtaining a warrant from a secret court known as the FISA court (Foreign Intelligence Surveillance Act.)

Why did I give a fake address?

The address I gave above for the Trump email server wasn’t correct but it was similar.

The reason is simple, when I tested the site I got a blank page but looking into the source code I found a link to a known malware site which can take over your browser.

This site is the source of ak2.imgaft virus and if you went to the Trump server out of curiosity you might well have become infected. If you have the technical capability to risk going to the site then you should have no problem finding the correct address.