Skip to content

A Quick, Easy Case-Study on Open Source Intelligence – The Trump Campaign Indictments

Written by

Viking Sec
The Indictment via US DoJ


I’ve started a weekly newsletter! If you want updates on this blog or my research, or just a weekly dose of the going’s on in information security and threat intelligence, you can subscribe here.

I was digging through the recent indictment of political operatives Jesse Benton and Doug Wead today on my lunch break, as one does on a Friday with the ever-rare perfect Mississippi weather, and grew increasingly annoyed at the objects that were frequently censored by DoJ indictments. Like, I know there’s a legal reason they have to do things this way, but filling a public indictment with Company A, Company B, Company C, Political Committee A, Political Committee B, Political Committee C… it’s exhausting. Just give me the facts, dammit!

The obviously juicy bit of information is “who is Foreign National 1?” Who is the person who contributed $100,000 to Benton and Wead, just for $25,000 of it to make it into the 2016 campaign and the rest to be pocketed by the perps? Honestly, I set out to find that information, but I had one lunch break to go at it before I had to get back to work, so I opened up Google and got to working.

Base Facts

Foreign National 1 (we’re just going to call him The Russian) wired money from his bank account in Vienna, Austria to a company owned by Jesse Benton, who made the contributions to Political Committee C (PC-C) via a fundraising event in Philly on September 22, 2016. Evidently, there was some delay in the money making it to PC-C, and Benton ended up just paying on his credit card (wow, to have a limit high enough to say “eh, screw it, I’ll just put this $25,000 contribution on a credit card”) and the funds were received on or around October 10, 2016. Also, oddly, there was a typo that lead to the contribution being made by “Jesse Bentor” which… is kind of random.

So, we have The Event in Philly, a $25,000 contribution made around October 10 to PC-C via a Jesse Bentor, and one Doug Wead, who apparently is some sort of business associate with The Russian. The money made it to Benton via a wire to Benton’s business from an account in Vienna, Austria.

Now to Google we go!

Enumerating Starting Points

As mentioned by the indictment, the FEC has to publicize all donations made to federal political campaigns. So, we can pop right over to the FEC website and search for contributions made during the 2015-2016 time period by a Jesse Benton OR Jesse Bentor. Hit search and… We’ve got the name of PC-C, the well-known Trump Victory fundraising committee.

You can view the same results using this link

The transaction is dated October 27, 2016, which roughly fits the timeline that we’re working with since the contributions were delayed.

Now, we pop on over to the Trump Victory website to confirm some stuff. The indictment left some information in about the fine print that you see when you contribute.

From the text of the indictment

“Contributions to [Political Committee C] are not tax deductible and will be used in connection with federal elections. Federal law requires us to use best efforts to collect and report contributors’ names, mailing addresses, occupations and employers…Contributions from individuals (multicandidate PACs in parentheses) shall be allocated sequentially to the following formula: $2,700 ($5,000) to [Political Committee A]; $33,400 ($15,000) to [Political Committee B].”

Now, why does this matter? Well, we’ve found PC-C. If we can locate the quoted text, we might be able to unveil Political Committee A (PC-A) and Political Committee B (PC-B). Sure enough, pop on over to the Trump Victory website, and you’ll find the fine text with at least very similar amounts:

“Contributions from individuals (multicandidate PACs in parentheses) will be allocated sequentially according to the following formula: (i) $2,800 ($5,000) to DJTP primary election account; (ii) $2,800 ($5,000) to DJTP general election account; (iii) $35,500 ($15,000) to the RNC Operating account; (iv) $106,500 ($45,000) to the RNC Headquarters account; (v) $106,500 ($45,000) to the RNC Legal Proceedings account; (vi) $10,000 ($5,000) to Ohio Republican Party State Central & Executive Committee; (vii) $10,000 ($5,000) to Republican Party of Florida; (viii) $10,000 ($5,000)”

Trump Victory website found here

By observing the similar amounts, we can ascertain that PC-A is either the DJPT general or DJPT primary election committee and PC-B is the RNC.

Now, in the indictment, we find that The Russian wanted to attend a certain political fundraising event in Philly on September 22, 2016. Luckily, or perhaps unluckily, the media had a conniption every time Trump so much as sneezed, so his travel record was well recorded. On this site we find that Trump had three events on that day in Philly: a speaking event, a fundraising event, and a rally. The fundraising event is the likely event of interest: it was held in an upscale club called the Duquesne Club in Philly. Notably, this particular event was very heavily protested. Now, this seemed to be a more or less closed door event, and most of the media attention was paid to the protests outside of the event, so I couldn’t find footage or pictures of the goings on on the inside… but this is likely where an unknown Russian national got a photo op with soon-to-be president Donald Trump after using American political operatives to illegally donate to his campaign and gain access to his presence on that day.

So, just by some simple Google searching, we’ve found all three of the censored political committees from the indictment, as well as the likely event The Russian attended. These can serve as incredibly valuable jumping off points for further research. What else can we find?

Well, by searching for businesses owned or operated by Doug Wead, we find that a company that he is the president of, and likely the Company B from the indictment, is Wead Enterprises, Ltd. The indictment mentions that The Russian is a business associate of Wead’s:

so chances are, he had some sort of formal or informal relationship with this business.

Scarily, we can also find Doug Wead’s home address in public business filings. I won’t post the location of the home, because that just sounds like trouble, but it sold last month for just over $1.1M and is a whopping 8300 square feet… sheesh.

In Conclusion… OSINT is Rad.

We didn’t find the identity of The Russian, listed as Foreign National 1 in the indictment. We found a series of solid jumping off points, including the fundraising event that The Russian attended to get a photo op with Trump, the company The Russian is likely associated with, and the political committee that Benton et al. donated to. This was genuinely all done over a lunch break in my back yard with some Google searching and my dumb brain.

I didn’t have special access and I didn’t have to reach out to anybody. As people working for Bellingcat have shown, time and time again, some brainpower and Google searching can do some incredible things. So, if your mind is itching to know more details, go out and search yourself.


I’m not active on Twitter anymore, for reasons I talk about in this blog post, but you can follow me on my Twitter page for new blog posts and announcements.

Previous article

Empathy for the Attacker

Next article

Obsidian: A Productivity App from the Threat Intelligence Gods

Read the discussion