(Click here to see the server’s registration record.) But now this capacious server handled a strangely small load of traffic, such a small load that it would be hard for a company to justify the expense and trouble it would take to maintain it.
“I get more mail in a day than the server handled,” Davis says. When the researchers pinged the server, they received error messages.
The greatest miracle of the internet is that it exists—the second greatest is that it persists.
“I have an outlier here that connects to Russia in a strange way,” he wrote in his notes. But what he saw was a bank in Moscow that kept irregularly pinging a server registered to the Trump Organization on Fifth Avenue.DNS enables our words to set in motion a chain of connections between servers, which in turn delivers the results we desire.Before a mail server can deliver a message to another mail server, it has to look up its IP address using the DNS.The researchers had initially stumbled in their diagnosis because of the odd configuration of Trump’s server.“I’ve never seen a server set up like that,” says Christopher Davis, who runs the cybersecurity firm HYAS Info Sec Inc.To extend the traffic metaphor, these scientists have cameras posted on the internet’s stoplights and overpasses.They are entrusted with something close to a complete record of all the servers of the world connecting with one another.Computer scientists have built a set of massive DNS databases, which provide fragmentary histories of communications flows, in part to create an archive of malware: a kind of catalog of the tricks bad actors have tried to pull, which often involve masquerading as legitimate actors.These databases can give a useful, though far from comprehensive, snapshot of traffic across the internet.Word arrived that Russian hackers had infiltrated the servers of the Democratic National Committee, an attack persuasively detailed by the respected cybersecurity firm Crowd Strike.The computer scientists posited a logical hypothesis, which they set out to rigorously test: If the Russians were worming their way into the DNC, they might very well be attacking other entities central to the presidential campaign, including Donald Trump’s many servers.