Russian bank threatens researcher with CFAA suit over DNS request data

The Russian bank is considering litigation against an Indiana University researcher under the Computer Fraud and Abuse Act’s civil action provision.

A Russian bank under investigation for possible ties to the Trump Organization has threatened at least one security researcher with a lawsuit over the dissemination of data that point to a server connection between the bank and the first family’s conglomerate.  

In a document obtained by CyberScoop, Alfa Bank notified Indiana University computer researcher L. Jean Camp that it’s pursuing “all available options” after Camp’s research suggested the bank engaged in some form of communication with the Trump Organization. Washington-based law firm Kirkland & Ellis sent the letter on the bank’s behalf on March 17.

Among the options listed is litigation under the Computer Fraud and Abuse Act’s civil action provision, which allows companies to sue for damages in the event of unauthorized computer access. Foreign entities can bring cases to U.S. federal courts under a CFAA provision that allows private causes of action.

Camp’s research has pointed to Alfa Bank’s servers making an unusually high amount of DNS lookups to Trump Organization servers, particularly during a period of time in the summer of 2016. The possible connection was first revealed in October by Slate, but the bank claimed the most likely explanation was spam marketing due to bank executives’ use of Trump hotels.


The story resurfaced earlier this month after CNN learned the FBI’s counterintelligence team was still investigating the connection. The letter to Camp comes as scrutiny of Russia’s activity during the 2016 U.S. campaign has intensified. In a hearing Monday before the House Intelligence Committee, FBI Director James Comey publicly announced that the bureau is investigating possible collusion ties between President Donald Trump’s campaign and the Russian government.

Alfa Bank’s lawyers maintain that Camp’s data shows nothing improper.

“Recent media reports indicate that you disclosed certain computer data regarding Alfa Bank to the public last year and encouraged inquiries into supposed links to the Trump Organization,” the letter to Camp reads. “Those same reports suggest that your activities continue to this day to promote an unwarranted investigation into Alfa Bank’s ‘communication’ with the Trump Organization.”

Since the initial Slate story, the information security community has been at odds over what Camp’s findings show. The logs demonstrate no evidence of Trump Organization servers communicating back to Alfa Bank.

Yet over the past few months, Camp has called for an investigation into the data as members of Trump’s inner circle have been connected to members of the Russian government.


The letter also instructs Camp to keep any and all communications between her research team, the anonymous researcher known as “Tea Leaves,” or any other researchers, political organizations or media members she has corresponded with.

Neither Alfa Bank or Camp returned CyberScoop’s request for comment.

Last Friday, the bank issued a press release saying it had discovered three attempts to spoof its DNS requests in order make it appear it was still communicating with a Trump Organization server. That was later to be found as a prank.

The full letter from Alfa Bank’s lawyers to Camp:


[documentcloud url=”” responsive=true sidebar=false text=false pdf=false]

Latest Podcasts