I’ve taken up a small side project to analyze the data file that allegedly contains a record of activity—during the months leading up to the election—between a server at Alfa Bank in Russia, the Trump Organization and a server at the Spectrum Health company in Grand Rapids, Michigan.
One of my goals is to provide clear visualizations and analysis of what is contained within this one data set that spans May 4th to September 23rd, 2016. There are aspects of this exercise that may seem dry, and even repetitive. I hope that some find this useful, and perhaps even timely.
(Follow links for Part I and Part II, Part III and the original Slate article on this story. At the end of this diary I include related links, including to other dkos diaries on this same story.)
Alfa-Bank activity: Herky-jerky
Previously I showed that activity increased significantly on two specific dates, just after Brexit, and again on the weekend between the RNC and DNC. In Part III, I also showed how events between the Trump server and Spectrum Health followed a precise clock period, one that could be used to look for subtle changes in activity over time.
On the other hand, the data also showed that activity between the Trump and Alfa Bank servers appears both quasi-random and quasi-periodic. What can we learn from those patterns?
Imagine a mechanized wristwatch where the gears are failing. At times the watch will tick normally, but at other times the gears slip and movement halts. After a while, for no obvious reason the watch starts ticking again. Herky-jerky.
Keep that in mind when you look at the top plot above. It shows the time interval between successive Alfa/Trump server events. Throughout most of May and June these were infrequent and non-periodic (red points in top plot). Starting in July, most notably after the RNC/DNC weekend when overall activity increased, periodic intervals dominate (blue points — 61 minute period).
For some unknown reason, in these later months the Alfa/Trump server activity followed a pattern where the activity was mostly periodic, though the “gears” would occasionally slip.
Quiet/peak moments with Alfa Bank?
Interestingly there are some dates in August and September where the regularity is perfect, the “slipping” drops to zero. In the top plot we see flat blue lines, with no red points corresponding to slips.
Thinking of the analogy of the wristwatch—leave an erratic watch on a night-table and it might keep ticking normally until the next time it gets disturbed. Was that also happening with the Alfa/Trump server data? Was someone on vacation? Were certain activities halted?
An alternate hypothesis might be that regular periodic activity was increased during these dates, to the point of obscuring information about other irregular activities. The second and third plots above capture both ways of looking at what might have happened, showing how the periodic and non-periodic event rates varied with time, with the peak/quiet periods labelled.
Either way, something changed that caused the Alfa/Trump server activity to remain periodic and regular in two specific date ranges: August 13-17 and September 14-20. Is there an explanation for the changes on or around these dates?
Spikes in Spectrum Health activity?
Another characteristic of the Alfa/Trump activity is that the total event rate—shown as gray histograms in 2nd and 3rd plots—remains quite constant, other than the step-like increases that occurred after Brexit and the RNC/DNC weekend.
With that in mind, I thought it would be interesting to show the event rate for the Spectrum Health server, shown in green in the last, 4th plot. We do see some variation in the event rate with time.
Notable in the Spectrum Health event rate data, not discussed previously, are two sharp peaks, on July 9 and July 31 (see arrows) where the event rate spikes beyond twice that of the surrounding days. Why would there be a spike on those dates?
I’ll leave it as homework for the reader to determine if anything interesting and possibly relevant occurred on or around any of the dates of unusual activity identified above:
- July 9 (Spectrum spike)
- July 31 (Spectrum spike)
- August 13-17 (Alfa quiet in non-periodic activity / peak periodic)
- September 14-20 (Alfa quiet non-periodic activity / peak periodic)
Extra credit for ~July 9th, why not?
**********
In my next diary, likely to be the last in this series, I’ll comment briefly on some of the other articles and blogs that covered the Trump server data (see below), and discuss how their observations and inferences compare to my own. As reference, I’ll also provide a complete timeline of notable features in the data set.
There are many details that I’ve left out, and I’ve intentionally kept this analysis fairly straightforward. Even this relatively cursory inspection has provided a much more detailed view of the data set than has been previously discussed. Enjoy!
************
The original F. Foer Slate story: Was a Trump Server Communicating With Russia? (dkos diary) and follow-up Slate posting. Rebuttal stories (incomplete list): Vox, Intercept, Verge, ErrataSec (follow-up), Medium (N. Jeewa), Logs (J. Camp). Earlier dkos analysis with a different emphasis. Recent dkos diary on the Spectrum Health connection.