66-1 - Letter From SCO To Sussmann Atty 3-30-22
66-1 - Letter From SCO To Sussmann Atty 3-30-22
66-1 - Letter From SCO To Sussmann Atty 3-30-22
EXHIBIT A
Case 1:21-cr-00582-CRC Document 66-1 Filed 04/08/22 Page 2 of 9
Special Counsel
Dear Counsel:
The government also provides attached hereto a copy of UC Martin’s curriculum vitae.
As set forth in the Indictment, the data underlying the allegations that the defendant
provided to the FBI and Agency-2 was purported DNS data. The primary purpose of UC
Martin’s testimony will be to describe for the jury the basic mechanics, architecture, and
terminology of the DNS system and DNS data so that they can understand various technical
concepts that appear in documents and other evidence that the Government will offer at trial.
UC Martin’s testimony will explain, for example, that DNS is a naming system for devices
connected to the Internet that translates recognizable domain names, e.g.,
http://www.google.com, to numerical IP addresses, e.g., 123.456.7.89. He will further explain
that a DNS “lookup” refers to an electronic request by a particular computer or device from
another device or server. UC Martin will also describe how DNS lookups are initiated and
processed, and how various DNS data and records are maintained on electronic servers and
systems associated with DNS.
As part of his testimony, UC Martin will describe how certain private companies and
entities maintain DNS “resolvers” and, in some cases, offer “DNS resolution services” to their
customers. In explaining these concepts, he will also explain how DNS data is typically
processed and stored by these and other entities. He will further describe how certain private
parties can and do gain access to DNS data, and how certain companies collect and
commercialize DNS data, including what is referred to as “passive DNS data.”
Case 1:21-cr-00582-CRC Document 66-1 Filed 04/08/22 Page 3 of 9
UC Martin will also provide the jury with specific examples of DNS data in order to
describe the interpretation and meaning of such data, including particular fields that appear
within the data. He will further testify concerning the nature and types of conclusions that can
– and cannot – be drawn about persons’ or entities’ online activities based on a review of DNS
data. He will also testify about the analytic significance and conclusions that can be drawn
based on the provenance and origins (e.g., collection source) of DNS data.
II. TOR
As part of his testimony, UC Martin will also explain the Onion Router (“TOR”), which
is a free and open-source software for enabling anonymous communications. He will describe
common terms used in connection with TOR, including the concept of a “TOR exit node.”
(As you are aware, a white paper that the defendant submitted to FBI General Counsel Baker
contained assertions about the purported use of a TOR exit node by the Trump Organization
and Alfa Bank.) UC Martin will explain common uses of TOR, as well as investigative steps
and methods for analyzing online activities involving TOR.
You have indicated in recent discussions that you may seek to limit the testimony and
evidence at trial concerning the purported DNS data solely to that which reflects the
defendant’s state of mind and subjective understanding of the purported DNS data at issue in
this case. We therefore understand that you are not currently inclined to offer evidence, or
engage in questioning, that would imply, assert, or seek to prove the authenticity of the relevant
DNS data or the actual truth of the allegations at issue concerning a secret channel of
communications between the Trump Organization and Alfa Bank. If the defense, however,
does cross examine Government witnesses or calls its own witnesses to testify in a manner that
seeks to establish or encourage particular conclusions in this regard, then the Government
reserves the right to have UC Martin testify concerning:
the authenticity vel non of the purported data supporting the allegations provided
to the FBI and Agency-2;
the possibility that such purported data was fabricated, altered, manipulated,
spoofed, or intentionally generated for the purpose of creating the false
appearance of communications;
whether the DNS data that the defendant provided to the FBI and Agency-2
supports the conclusion that a secret communications channel existed between
and/or among the Trump Organization, Alfa Bank, and/or Spectrum Health;
whether DNS data provided to Agency-2 supports the conclusion that Donald
Trump and/or his associates used one or more Russian-made phones in the
2
Case 1:21-cr-00582-CRC Document 66-1 Filed 04/08/22 Page 4 of 9
the validity and plausibility of the other assertions and conclusions set forth in
the various white papers that the defendant provided to the FBI and Agency-2;
* * *
The government reserves the right to call additional expert witnesses and/or substitute
expert witnesses. The government will comply with its obligations under Federal Rule of
Criminal Procedure 16(a)(1)(G) and Federal Rules of Evidence 702, 703, and 705. The
government will notify you in a timely fashion of any additional or substitute experts that the
government intends to call at trial and provide you with a summary of the experts’ opinions.
The Government will supplement this notice as appropriate and as more information becomes
available.
Finally, the government renews its request for reciprocal discovery, including any and
all expert disclosures.
JOHN H. DURHAM
Special Counsel
3
Case 1:21-cr-00582-CRC Document 66-1 Filed 04/08/22 Page 5 of 9
David M. Martin
Page 1 of 5
CURRICULUM VITAE
David M. Martin, GSE
Unit Chief
Federal Bureau of Investigation
Cyber Technical Analysis Unit
PHONE: 703-633-6932
dmmartin@fbi.gov
PROFESSIONAL EXPERIENCE
Lead a team of over 50 FBI employees and contractors responsible for the FBI
Cyber Division’s Advanced Digital Forensics, Malware Automation, Data and
Network Analysis, and New and Emerging Technology programs. Responsible
for establishing unified ingest and processing system for all FBI Cyber technical
data, establishing best practices and performing technical review of all reporting
produced by CTAU.
Nov 2021 – Feb 2022 Supervisory Special Agent / Acting Unit Chief
FBI Cyber Division
Cyber Technical Analysis Unit
Chantilly, VA
Program manager for the Advanced Digital Forensics program, which provides
digital forensics and malware reverse-engineering services for the most complex
computer intrusion cases across all FBI field offices and conducts technical
review of Cyber intelligence products. Managed personnel, prioritized cases,
and reviewed reports for accuracy, completeness, and investigative value.
Established the vision and direction for CAT while directing all operations and
deployments. Managed the selection, training and readiness of CAT personnel
and the procurement, development and maintenance of a wide range of
specialized equipment and software needed to accomplish the team's mission.
Case 1:21-cr-00582-CRC Document 66-1 Filed 04/08/22 Page 6 of 9
David M. Martin
Page 2 of 5
EDUCATION
David M. Martin
Page 3 of 5
Sept 1998 – June 2002 University of Denver
Denver, CO
Bachelor of Science in Computer Science and Psychology
Minors in Math and Business Administration
PROFESSIONAL TRAINING
Oct 2016 SEC 566 – Implementing and Auditing the Critical Security Controls
SANS Institute, Online (36 hours)
Aug 2014 SEC 504 - Hacker Techniques, Exploits and Incident Handling
SANS Institute, Boston, MA (48 hours)
July 2014 FOR 610 - Reverse Engineering Malware: Malware Analysis Tools and Techniques
SANS Institute, Online (48 Hours)
Feb 2014 FOR 508 - Advanced Computer Forensic Analysis and Incident Response
SANS Institute, Online (48 Hours)
David M. Martin
Page 4 of 5
July 2019 Countering Technical and Cyber Threats Award - National Counterintelligence and
Security Center
Oct 2018 US Attorney’s Award – United States Attorney’s Office, Eastern District of Michigan
Oct 2017 Attorney General’s Award for Excellence in Information Technology – US Department of
Justice
May 2017 GIAC Security Expert (GSE) - Global Information Assurance Certification
Nov 2016 GIAC Critical Controls Certification (GCCC) - Global Information Assurance Certification
Aug 2016 GIAC Certified Project Manager (GCPM) - Global Information Assurance Certification
Case 1:21-cr-00582-CRC Document 66-1 Filed 04/08/22 Page 9 of 9
David M. Martin
Page 5 of 5
Sept 2014 GIAC Certified Incident Handler (GCIH) - Global Information Assurance Certification
July 2014 GIAC Reverse Engineering Malware (GREM) – Global Information Assurance
Certification
May 2014 US Attorney’s Award – United States Attorney’s Office, Eastern District of Michigan
Feb 2104 GIAC Certified Forensic Analyst - GOLD (GCFA) - Global Information Assurance
Certification
Aug 2013 GIAC Certified Forensic Examiner (GCFE) - Global Information Assurance Certification
April 2012 GIAC Certified Intrusion Analyst – GOLD (GCIA) - Global Information Assurance
Certification
April 2011 GIAC Security Essentials Certification – GOLD (GSEC) - Global Information Assurance
Certification
Oct 2019 Speaker: “Already Pwn3d: Deep Dive into Incident Response and Forensics Data,”
Splunk .conf 2019, Las Vegas NV
Feb 2017 Peer-reviewed research paper: “OS X as a Forensic Platform,” SANS Institute
Dec 2016 Speaker: “Gh0st in the Dshell: Decoding Undocumented Protocols,” SANS Cyber
Defense Institute 2016, Washington DC.
June 2016 Peer-reviewed research paper: “Gh0st in the Dshell: Decoding Undocumented
Protocols,” SANS Institute
April 2016 Speaker: “Tracing the Lineage of DarkSeoul,” SANS Northern Virginia 2016, Reston VA
March 2016 Peer-reviewed research paper: “Tracing the Lineage of DarkSeoul.” SANS Institute