What do Tea Leaves, data scientists, pings & DNS lookups have in common? A much deeper dive into the Sussman indictment

Apologies this includes a lot of original documents and when relevant I’ve embedded open source links to aforementioned documents…


-Tea Leaves-

When the Justice Department Announced that it had unsealed an indictment — it only took @PerkinsCoieLLP less than 24-hours to scrub Michael Sussman from their firm’s website. I started and stopped this article over a week ago. I was intensely distracted by continuing to chase down additional research because

It’s not my intent to enter into an esoteric argument about pro/con of the Sussman Indictment. My goal is to simply give you the prerequisite original/root documents, make a few observations and then allow for you to formulate your own opinion.

Sussman Indictment - found via this DOJ-Link - the OPA reads in part -

met with the FBI General Counsel at FBI Headquarters in Washington, D.C. Sussmann had requested the meeting to provide the General Counsel with certain data files and “white papers” that allegedly demonstrated a covert communications channel between the Trump Organization and a Russia-based bank. Sussmann, who had previously represented the Democratic National Committee in connection with a cyber hack, falsely stated to the General Counsel that he was not bringing these allegations to the FBI on behalf of any client. This false representation led the General Counsel to understand that Sussmann was providing information as a good citizen rather than a paid advocate or political operative. In fact, Sussmann assembled and conveyed the allegations to the FBI on behalf of at least two clients, including a U.S. technology executive and the Clinton Presidential Campaign. 

…previously represented the Democratic National Committee in connection with a cyber hack, falsely stated to the General Counsel that he was not bringing these allegations to the FBI on behalf of any client…

-Senate and DOJ-OIG Reports-

Sometimes it’s best to go back the the basics. Even with the highly anticipated release of the Senate Intel Committee Volume V it seems as though people forgot about this investigation into the alleged Trump & Alfa back channel. Again you’re under zero obligation to agree with me. The Sussman Indictment certainly reeks of a partisan prosecution and I’d actually expect Sussman to argue “selective prosecution” or any derivative thereof. As you’ll note in (rereading) the Senate Intelligence Report -run a word search “Alfa” - Volume V provided a lot of factual details -

I’d also like draw your attention to footnote 5137 -as I said the Senate Intelligence Report, Volume 5 -

  • June 17, 2016 and September 14, 2016 -domain "maill.trump-email.com" a total of 2,817 times

  • two servers registered to Alfa Bank IP addresses & 217. 12.97.15

  • According to logs and documents purporting to reflect analysis by computer scientists, along with public reporting about the DNS lookups, during the 90-day period between

  • additional 729 DNS lookups were conducted by a third server registered to Spectrum Health, based in Michigan.

Of the total number of DNS lookups of the Trump Organization server, approximately 99.8% originated with these three servers during that three-month period, as reflected below…

Based on the FBI’s assessment, the Committee did not find the DNS activity reflected the existence of covert communication between Alfa Bank and Trump Organization personnel. However, the Committee also could not positively determine an intent or purpose that would explain the unusual activity.

Relevant to “tea leaves” on July 21, 2017 - Kirkland Ellis (see footnote 2 for the link to the 27 page 2017 letter or click here) because this came a few month before the August 2017 HPSCI Deposition of YARED TAMENE WOLDE-YOHANNES

These stories were published after select media outlets received highly confidential and highly private Domain Name Server (DNS) logs improper manner by an individual known only as “Tea Leaves” Alfa Bank. Although allegations of such a backdoor communication channel are plainly outlandish, Alfa Bank nevertheless hired Mandiant to conduct an independent review of the matter. To no one’s surprise at Alfa Bank, Mandiant concluded that there was no evidence of substantive contact, such as emails or financial links, between Alfa Bank and the Trump Organization in 2016.

2017 Kirkland Ellis Disclosed - FBI & DOJ Chicago

And while most won’t understand the significance of the disclosure made on page 3 —this ties directly to the Sussman Indictment. Meaning if the facts are correct in Kirkland’s 2017 letters —then I’d like to know if the same FBI Agents (in Chicago) are the same agent Durham questioned…

Whats a little bit baffling is, it appears the FBI, NSA, or CIA appears to have refused to provide any documents/reports to the Senate Intel Committee. It also appears the Senate Intelligence Committee pretty much took Trump Org IT Director, Jae Cho’s word versus truly investigating the DNS-gate.

one letter noted that Alfa Bank had "continue[d] to receive unsolicited marketing emails from an address allegedly affiliated with the Trump Organization," which it did not identify….As to the cause of the DNS activity, that letter posited Mandiant's "working hypothesis is that the activity was caused by a marketing or spam campaign directed at Alfa Bank employees by a marketing server affiliated with the Trump Organization."

See what’s in the black box? For now I want you to tuck that away because it means we need to go visit a Pennsylvania and Florida Civil Court Systems and then ask a few questions. As of yet I’ve yet to seen any and I mean any reporting concerning Alfa Bank’s 1 2 civil litigation… But again I suppose it wasn’t on anyone else’s radar.

HPSCI - Deposition of -

On August 30, 2017 the YARED TAMENE WOLDE-YOHANNES 3 for the most part, the deposition was uneventful —until you realize that in September 2015 the FBI made its first contact with the DNC —stating concern that there “might be” a malicious actor burrowed within their network

Furthermore based on this section of the deposition transcript it certainly appears that the FBI and DNC IT were in frequent communication. It almost reads like a game of cat and mouse. In that analogy the cat(s) are the Special Agent and YARED TAMENE WOLDE-YOHANNES —whereas the mouse -Russian Hackers used XTunnel and XAgent to burrow further into the DNC network…


But then read the Dec 2019 DOJ-OIG report. Specifically see pages 153, 154, 155, 156, 314, and 315 — of the 2019 DOJ-OIG’s CrossFire Hurricane Report as you’ll note the DOJ-OIG report substantially differentiates itself from the Senate Intel Report. That being the DOJ-OIG investigation largely focused on the conduct of Federal Investigators.

The FBI investigated whether there were cyber links between the Trump Organization and Alfa Bank, but concluded by early February 2017 that there were no such links.”

"at the behest of an institution he declined to identify that had been hacked." The summary also noted that Steele told the attendees that the "institution .. .is keen to see this information come to light prior to November 8." However, the FBI did not interview Kavalec nor did they seek her notes.

Two days after the meeting with Steele, Kavalec emailed an FBI CD Section Chief a document that Kavalec received from Winer discussing allegations about a linkage between Alfa Bank and the Trump campaign, a topic that was discussed at the October 11 meeting…Kavalec advised the FBI Section Chief in the email that the information related to an investigation that Steele's firm had been conducting. The Section Chief forwarded the document to SSA 1 the same day.

Alfa Bank -Florida, Pennsylvania and Indiana

Remember how I said that we’d need to take detour - Alfa Bank filed an appeal —the underlying subtext here is Alfa Bank wanted to know the name of the “anonymous data scientist” but the lower (State) Court ruled the bank wasn’t entitled to the unmasking of the data scientist and a reinstatement of Alfa’s 2020 Subpoena as to Jean Camp - to be fair I highly recommend you read Brian Kreb’s recent article —he does an excellent job explaining highly technical issues in simple terms an average reader can understand. Notwithstanding I do think you should be aware of the May 19, 2021 Judge Elizabeth Tavitas wrote the following;

There is no indication that the claim falls within the general scope of authority conferred upon the Monroe Circuit Court by the constitution, and likewise, there is no statutory authority giving the Monroe Circuit Court authority to a consider a motion to quash a foreign subpoena,”

Alfa-Bank v. John Doe, et al. and L. Jean Camp, Case No; 20A-MI-2352.

The Bank appeals the trial court’s grant of Camp’s motion to quash the Florida Subpoena. We sua sponte, however, consider whether the trial court had subject matter jurisdiction to address the Florida Subpoena and the motion to quash. Our Supreme Court has clarified that subject matter jurisdiction involves a “determination of whether a court has jurisdiction over the general class of actions to which a particular case belongs.” K.S. v. State, 849 N.E.2d 538, 542 (Ind. 2006)

…because Professor Camp filed a Motion to Quash Alfa Bank’s Subpoena in an Indiana State Court (which by the way is slightly WTFINGF but who am I to judge) their Court of Appeals effectively overturned the lower court’s order to quash the subpoena. So in a roundabout way I’m telling you that Alfa’s Florida 2020 subpoena is very much active. Granted it’s possible Camp’s attorneys will not avail her for the Deposition it’s still interesting how hard Alfa is fighting on numerous legal venues. For Example:

Pennsylvania Lancaster County - September 2021 Reinstatement of Alfa’s 2020 Complaint;

On September 7, 2021 Alfa Bank moved for a reinstatement 4 of their 2020 complaint 5. Again nothing that I’m reporting is located in a secret database. Nearly all of the documents I’ve embedded are sourced from public/government websites. So while many are solely focused on the Sussman indictment…

…perhaps it would be advantageous to open your scope up and view a larger picture —whereby you can factually connect dots…because one element that is extraordinarily vexing - why is Alfa litigating this? why have they been unable to “identify Doe” —we are now solidly into the fourth year of the Alfa-Trump saga. And yet the injured party has yet to identify who attacked them? Because as you’ll note Alfa’s Civil RICO complaint alleges a John Doe engaged in RICO and falsely attempted to link Alfa & the Trump Campaign

As for my opinion concerning the Sussman Indictment - my opinion is immaterial. I do think that Durham overreached but was under pressure plus the obligatory statute of limitations time clock running up. But I did find Alfa’s September 7, 2021 filing to reinstate their RICO Civil complaint (a mere nine days before the Sussman Indictment was unsealed) rather interesting and I’m not entirely sure why no one is reporting this.


Again the intent of this article was to present to you a much factual documentation that I could and in a very sequacious way show you how Defendant Sussman might be able to argue Selective Prosecution. But something you should know about the “selective prosecution” defense, it can be unduly burdensome for the Defendant to prove. Thereby the ratio of success can be wildly different, not unexpected because each criminal case is unique…

However Selective prosecution is considered a violation of the constitutional guarantee of equal protection for all persons under the law.

Recently the Supreme Court has held;

…that selective prosecution exists where the enforcement or prosecution of a Criminal Law is "directed so exclusively againsta particular class of persons … with a mind so unequal and oppressive" that the administration of the criminal law amounts toa practical denial of Equal Protection of the law (United States v. Armstrong, 517 U.S. 456, 116 S. Ct. 1480, 134 L. Ed. 2d687 [1996], quoting yick wo v. hopkins, 118 U.S. 356, 6 S. Ct. 1064, 30 L. Ed. 220 [1886]). Specifically, police and prosecutors may not base the decision to arrest a person for, or charge a person with, a criminal offense based on "an unjustifiablestandard such as race, religion, or other arbitrary classification" (United States v. Armstrong, quoting Oyler v. Boles, 368 U.S.448, 82 S. Ct. 501, 7 L. Ed. 2d 446 [1962]).

I am pretty confident that Sussman and his Defense team are well aware that the requirement of equal protection is contained in the due process clause of the Fifth Amendment of our Constitution. The Equal Protection Clause of the Fourteenth Amendmentextends the prohibition on selective prosecution to the states”.

In short the “ equal protection doctrine requires that persons in similar circumstances must receive similar treatment under the law”

So for now I think you have as much factual information that I could curate and apologies I know that some of you expect that I’m always on top of things. As it relates to Sussman -I needed the extra time to chase down a bunch of documents that I felt my readers need to make sense of facts versus disinformation…



March 2017 Letter to Kirkland Ellis -Mandiant's (on behalf of their client) Alfa Bank with “These stories were published after select media outlets received highly confidential and highly private Domain Name Server (DNS) logsimproper manner by an individual known only as “Tea Leaves”—that allegedly showed between a server belonging to a Trump-affiliated marketing company and a server affiliated with Alfa Bank…”


ODNI - Publication of YARED TAMENE WOLDE-YOHANNES - https://www.dni.gov/files/HPSCI_Transcripts/Yareda_Tamene-MTR_Redacted.pdf


Alfa Bank June 2020 Civil Complaint Lancaster County PA https://www.scribd.com/document/528406515/Alfa-v-Doe-June-2020-Lancaster