A Reporter at Large
October 15, 2018 Issue
Was There a Connection Between a Russian Bank and the Trump Campaign?
A team of computer scientists sifted through records of unusual Web traffic in search of answers.
By Dexter Filkins

In June, 2016, after news broke that the Democratic National Committee had been hacked, a group of prominent computer scientists went on alert. Reports said that the infiltrators were probably Russian, which suggested to most members of the group that one of the country’s intelligence agencies had been involved. They speculated that if the Russians were hacking the Democrats they must be hacking the Republicans, too. “We thought there was no way in the world the Russians would just attack the Democrats,” one of the computer scientists, who asked to be identified only as Max, told me.

The group was small—a handful of scientists, scattered across the country—and politically diverse. (Max described himself as “a John McCain Republican.”) Its members sometimes worked with law enforcement or for private clients, but mostly they acted as self-appointed guardians of the Internet, trying to thwart hackers and to keep the system clean of malware—software that hackers use to control a computer remotely, or to extract data. “People think the Internet runs on its own,” Max told me. “It doesn’t. We do this to keep the Internet safe.” The hack of the D.N.C. seemed like a pernicious attack on the integrity of the Web, as well as on the American political system. The scientists decided to investigate whether any Republicans had been hacked, too. “We were trying to protect them,” Max said.

Max’s group began combing the Domain Name System, a worldwide network that acts as a sort of phone book for the Internet, translating easy-to-remember domain names into I.P. addresses, the strings of numbers that computers use to identify one another. Whenever someone goes online—to send an e-mail, to visit a Web site—her device contacts the Domain Name System to locate the computer that it is trying to connect with. Each query, known as a D.N.S. lookup, can be logged, leaving records in a constellation of servers that extends through private companies, public institutions, and universities. Max and his group are part of a community that has unusual access to these records, which are especially useful to cybersecurity experts who work to protect clients from attacks.

Max and the other computer scientists asked me to withhold their names, out of concern for their privacy and their security. I met with Max and his lawyer repeatedly, and interviewed other prominent computer experts. (Among them were Jean Camp, of Indiana University; Steven Bellovin, of Columbia University; Daniel Kahn Gillmor, of the A.C.L.U.; Richard Clayton, of the University of Cambridge; Matt Blaze, of the University of Pennsylvania; and Paul Vixie, of Farsight Security.) Several of them independently reviewed the records that Max’s group had discovered and confirmed that they would be difficult to fake. A senior aide on Capitol Hill, who works in national security, said that Max’s research is widely respected among experts in computer science and cybersecurity.