Web Analytics Made Easy -
StatCounter
Europe
Menu
Is the moon an abandoned mining settlement?

Is the moon an abandoned mining set…

Strange structures Was...

Moon views of an armchair astronaut

Moon views of an armchair astronaut

  The present pho...

Missing: Where is Sergej Enns?

Missing: Where is Sergej Enns?

No news and listless Gree...

Snakes on Ceres?

Snakes on Ceres?

Snakes on Ceres? What ...

Wirecard Connection - what does the murder of Daphne Caruana Galizia have to do with Wirecard?

Wirecard Connection - what does the…

Long, long ago -The colla...

The enduring mystery of the Kambo Mannen- some news

The enduring mystery of the Kambo M…

Nearly 34 years... Aft...

Silence upon the heather

Silence upon the heather

(The links and the films ...

What do whales have to do with the 'Ndrangheta?

What do whales have to do with the …

Strong contrasts Wonde...

Rama X. - a problem king!

Rama X. - a problem king!

    Rama ...

Trump's million march seems more like a two-bit frolic

Trump's million march seems more li…

Trump leaves behind a s...

Prev Next

Snakes on Ceres?

Snakes on Ceres?

What is it? 

Like giant "snakes" attracted to the spot on the dwarf planet Ceres. It's probably an entrance to a subterranean ocean on Ceres. 

An ocean is thought to exist beneath the surface of Ceres, and at one of the apparent exit points in the eternal ice are these snake-like objects. The images come from NASA's Dawn probe, which passed by the dwarf planet in 2015.  One can only marvel. Especially since Ceres otherwise has a dusty but not particularly rocky environment that fades into ice below the surface. 


The freshwater reserves on the dwarf planet are probably six times those on Earth. At least that's what a study says, based on findings from the Herschel space telescope. 

These "objects" only occur at the outlet. 

 

Occator crater in perspective Image credits: NASA / JPL-Caltech / UCLA / MPS / DLR / IDA

 

Read more...

Wirecard Connection - what does the murder of Daphne Caruana Galizia have to do with Wirecard?

Long, long ago -The collapse of an ailing system - New Economy Market 

 

Back then, shortly before the beginning of the millennium, anything was possible despite the collapse of the New Economy market. The so-called 4 D printer was already on offer at that time - at this investment blossom the then already attentive observer could only marvel.

Here stood Captain Janeway and the Voyager godfathers.

Anything was possible and organized crime was on the rise. They could place millions in former East Germany, acquire land and buildings after money had been laundered. This required a bank that promised high profits and systematic concealment.

Even the rumour of a digital currency, almost unthinkable at the time, was served.

At the time, infeasible visions of the future were sold as a means of investment.

 

However, Wirecard was a deliberate washing plant for all money from porn, betting and gambling, due to the entanglement between organized crime and politics.

Anyone who asked stupid questions as an investor in those days that were not conducive to the grey eminences who had orchestrated Wirecard as precisely this later excellently functioning concept of various Mafia groups was quickly silenced. Neither by slander nor by threats. Everyone who had experienced this knew there was something fishy about it.

Only no one dared to say anything against the hyper-dynamic Jan Marsalek. It would have been the end of existence.

Later, the connection to the 'Ndrangheta turned out to be more and more obvious, who had collected money all over Europe on the New Economy market - the war chest with various investment firms.

It was not until 2017 that the Italian police intervened when they arrested Francesco Martiradonna, the alleged owner of Centurionbet. Malta suspended Centurionbet's gambling licence. But Centurionbet was just one of the many mailboxes served by Jan Marsalek's system, not Wirecard Bank's. 

Whether it was later Benedetto Bacchi, the head of Phoenix International Ltd, who was arrested in the Palermo region as part of the 2018 "Game Over" anti-mafia operation, Wirecard set up numerous "dead letter boxes" in Gibraltar to provide them for money laundering. For online roulette and poker, companies were set up, located in Main Street or Marinas Bay, shops, consignors and others.

Neither Finance Control nor the later responsible Minister Olaf Scholz can have been unaware of these circumstances. When Gibraltar was no longer sufficient, they turned to other places, the powers-that-be did not want to make it so obvious after all. The letterbox batteries in the British community of Consett and the resulting letterbox companies were part of the concept of Marsalek, who was not too dirty for anything. "Brinken Merchant Incorporation" was just one of dozens of style flowers of the time.

From Gibraltar to Malta- what does the murder of Daphne Caruana Galizia have to do with Wirecard?

More than 20 years ago, the trail already led back from Gibraltar to the tax haven Malta, where it was easy to launder the profits from poker rounds on the Internet and disgusting porn for good. Whether the Mafia had something to do with the later assassination of the journalist Daphne Caruana Galizia because the initiators were swamped with cases, was never to be clarified.

 

The journalist was on her way to describe money laundering in Malta for the Mafia, which could not please Marsalek's backers. By the time the blogger died in a car bomb attack, Marsalek was already steering the fortunes of the corrupt Wirecard money laundering operation through Dubai. Police in Malta arrested a businessman named Yorgen Fenech, who was involved with the Dubai Wirecard empire of gamblers through various channels, as a person of interest in the murder of the journalist.  In the whole list of Marsalek's pseudo-secret activities, silencing opponents also fitted in. 

With lax oversight in Malta and Germany, the trail leads directly to alleged frauds such as Wirecard and Paytah respectively. Like Wirecard Paytah, a brand of MFSA-regulated Phoenix Payments Ltd enabled the fraud in the first place, which involved hundreds if not thousands of EU consumers. Onisac was another example of money laundering. Coincidentally, also in Dubai again.

 

Another Poker round with the Mafia

2001 - In La Línea de la Concepción, the sparrows were whistling from the rooftops. The abandoned casino in Gibraltar had been given a worthy successor in the form of a simple letterbox and a trustee, who made considerably more turnover than the honourable casino in Europa Road. The casino was simply rusting away.

Casino Gibraltar, 2000,kasaan media, 2021

 

There was a rumour going through the offices of the Gibraltar Trustees that was hard to believe when you first heard it. A certain Jan Marsalek had made a deal with Russians and other Mafioso half a year after hiring Wirecard, which was supposed to bring porn and illegal gambling on the internet to the forefront. The money was simply to be laundered through various stations.

Gibraltar was the El Dorado of tax havens in Europe these days. Those who did not ask any questions could go to one of the trusts and have the money laundered there, which they were now supposed to legally reintroduce into the economic cycle. The diversions followed a certain pattern, ending in the enclave in front of locked doors or cleared out abandoned offices.

Trustee of the Wirecard, 2002,kasaan media, 2021

But that's not all - traces from Marbella, neighbouring Gibraltar, already led to the South of France at the beginning of the millennium and would have made the Wirecard scandal impossible if those responsible had taken an interest. But nobody really wanted that, the natural antipodes of organized crime and politics were too intertwined.

 

Marsalek's invisible trail

Read more...

The enduring mystery of the Kambo Mannen- some news

Nearly 34 years...

After more than 33 years the Kambo Mannen is not identified.

What happened in this September days 1987, when a conductor found the human remains of the later so-called Kambo Mannen besides the former train line between Kambo and Moss?

Whom the unknown stranger met before he was deadly injured by a train?

Two of his limbs had been severed, an arm and a foot. He had not been drinking alcohol prior his death and was killed by the train. 

Who took his identification card, his papers, his passport?  And his funds?

It was not clear for the train operator who saw something at first he thought it was a plastic bag on the rails, to see a human remains in front of his traction engine. 

Today the train line it’s a pass for tracking and the trains are running through a tunnel which was built a few years ago. Long after the incidents with the Kambo Mannen. In all these years the mystery grew even bigger about the unknown alien. 

Some newer information were revealed after a recent newspaper article in 2017 by the Norwegian tv2 nyheter in Oslo. But nobody could reveal what the person wanted in this specific area close to a radar station in the Cold War against the former Soviet Union. He had no camera with him or other tools for espionage.  Maybe the Kambo Mannen was one of the spies of the military intelligence of the existing so-called Warsaw Treaty Organization. But this reason is unlikely.

The Warsaw Pact states sent plenty of secret scouts to the scene with foreign number plated cars in this specific area.

Yes, and there were many suicides in these days along train lines in Norway. But this is even more unreal with the Kambo Mannen. 

What seems today some sort of bizarre game- were in those days in the two systems a common method to find needed information. In 2017, it revealed that the police forbid foreign number plates in the area close to the Gylderåsen station in Våler of the NATO Nike system of the Norwegian army.

If he had been a spy, at least a vehicle would have been found nearby. Keys that would have pointed to the vehicle. The Norwegian police these days experienced in these particular cases would have checked the circumstance and surroundings. 

But it but this was not the only case of mystery and unidentified people in Norway in the last 50 years. It started with the most mystery case of the unknown stranger from the Isdal, who used multiple identities while she was in Norway, 1970.

Last traces led to former Tito Yugoslavia

The woman with the strange code was mystified and certainly the target of the military intelligence of the Norwegian government. They had all reason to look for her luggage which was discovered by police in the train station in Bergen a few days after her death.

Exotic Circumstances

They were around about 15 people in  Norway which could be identified and  three cases led to Germany and the former East German hemisphere. 

The last one to leave a strange mystery was the dead woman in the Plaza Hotel in Oslo in 1995. Jennifer Fergate.

But the Kambo Mannen came under different circumstances, which showed that he was searched before his death. 

Someone could, of course, claim that the unknown person somehow came to Norway like a stowaway, then decided to commit suicide at short notice next to the railway line and buried his belongings somewhere along the way. Anyone reading this already knows that it does not sound realistic. 

The trail of the later investigation to the German vessel- the MS Edelgard- was just a manoeuvre to mislead the real investigations which ended again on this railroad in autumn 1987. 

Well, there were large smuggling rings that brought goods into Norway and shipped them into the country at previously spotted points. Alcohol and art smuggling were big business there. This sounds more realistic. First part of Kambo Mannen

Kambo Mannen's traces

His cloth could have been from a German second hand delivery to East Germany- different finds and numbers could not be explained and files about how it was delivered and to whom it was delivered would be destroyed by now. Second hand shops in the FRG were not so common and so popular.

Plenty of files of the East German former state security are destroyed or brought to a place where the government cannot gain any information any more.  Funny enough files were found in a mine tunnel shortly after reunification. 

Other files are still shredded pieces of the former East German State security HVA. It will take years to put them together again in painstaking detail, like a puzzle.

The Kambo Mannen did not reveal where he received the packet of Camel filter cigarettes which were solely produced with this specific tobacco for the Eastern Block market. 

This leaves only the clothing, which has posed even more mysteries since the first day of the investigation than these exhibits have revealed.

The 55-60 year old man was wearing the following when he was found dead on the train line: 

We have explained long before the Norwegians in tv2 in our first article the connection to some clothes. We refer to the first part.

A grey blouse jacket / military jacket -so called "Schimanski jacket". An item of clothing made famous by the television series Schimanski, the Duisburg fictional(!) "Crime scene", which was very fashionable at the time and was worn by the actor Götz George in each of these episodes. 
One pair of blue jeans
A white shirt with dark, thin stripes
Two medical stockings with three blue stripes on top and open toe.
A yellow machine knitted jumper with a square pattern.
One white vest
One pair of Elan Body panties
A handkerchief with brown stripes in a square pattern.
A black belt made of artificial material.
A red Victorinox Swiss Army pocket knife of the model "Climber".
A soft pack of Camel cigarettes. Produced in the West for the Eastern European market.
 

Sources: Kripos  Norge

It was common practice at the time to ship clothes collected by aid organizations in West Germany to the East. That meant to Poland or the former GDR. It was also customary for the German Red Cross, for example, to provide clothing to late settlers arriving from the East. This also applied to special prisoner from East Germany from the former GDR, which are little known in the world. Also, not in Norway. 

These clothes were compulsorily catalogued.

Most of the labels were also cut out of them and, for example, plasters with numbers were affixed to shoes. This explains the discovery of the plaster in the shoe only now because at that time in the clothing depots one had to be able to match the shoes to each other in large quantity. 

Another aspect is the sole insert, which was only studied a few years ago. This indicates that the sole was subsequently adapted to the shoe because it does not belong to the shoe and this in turn explains the second-hand clothes thesis.

Did the man come with an order from the GDR via the main access camp Friedland?

Bundesarchiv B 145 Bild-F079036-0029, Lager Friedland, Straße mit Unterkünften.jpg
Von Bundesarchiv, B 145 Bild-F079036-0029 / CC-BY-SA 3.0, CC BY-SA 3.0 de, Link

 

Are there any documents about the dead man still to be found here?

The former GDR smuggled its snitches to the West directly. In any case, the number is not a secret code, but comes from a clothing store. 

More to read in the second part in March 2021

 

 

 

 

 

Read more...

Silence upon the heather

(The links and the films are in German language)

Very silent

What became of the Kurt-Werner Wichmann case and the pieces of evidence that the Lunenburg police (Lower Saxon) presented to the completely shocked public worldwide more than a year ago?

Among them personal objects of people that Wichmann had buried before his suicide. From which years do the curiosities that Wichmann buried, along with an almost new Ford Probe, date? 

What became of the case? The sensational cases?

Ilse Gerkens and the Ulrike Burmester case?

The Gerkens case has been open since April 11, 1968. Although Wichmann was only 18 years old at the time, he is associated with what happened.

The mother of an eleven-year-old daughter was shot off her bicycle with four bullets virtually after shopping. 

The Ulrike Burmester case took place on May 14, 1969, when the 14-year-old schoolgirl from Lunenburg was reported missing by her relatives.

Her body was recovered from the Elbe River at the end of May 1969.

She had probably been sexually abused and then strangled. She had been dumped in the Elbe with a stone.

It is interesting that the accomplices are still at large and that the situation in which Ulrike Burmester was found is almost similar to that of the Schulze couple case and their daughter. The father died under the most mysterious circumstances, nearly on the same place as Mario Schulze dumped with a stone. After the last report, Schulze dumped himself.  

Mother and daughter have not been found to date.

The tracks of the mother and daughter Schulze end at a lake a few kilometres away and only those of the father led away. However, no one can explain where the bodies of the mother and daughter are supposed to be. The police searched the entire area with a large contingent, including man trailer dogs. 

Until now, it was assumed that this was an extended suicide. Incredibly, this suicide took place where Wichmann and his henchmen presumably committed the deeds. 

What is clear, however, is that Wichmann acted not alone. A disturbing conclusion after many years. 

 

Years later, the couple Ursula and Peter Reinhold from Hamburg-Bergedorf were found in the Goehrde forest after six weeks. On July 12, 1989, hikers found the badly decomposed and stripped bodies. Most of the Reinholds had already been skeletonized by animals and decomposition.

The cause of death could never be determined. Curiously, the couple's car was found at the railway station in nearby Winsen at Luhe.

 

Ever since lead investigator Juergen Schubbert was retired and also failed in court with his suit for continued employment beyond retirement age, many observers have been wondering whether the case should go to rest altogether.

Then, a few weeks ago, German media heard that the investigators would also pursue the trail of a paid killer, Wichmann. It may well be that the passionate cemetery gardener also received money for his misdeeds. 

The Goehrde murders and the murder of the sister Birgit Meier of the then LKA (State Criminal Investigation Office)  chief Wolfgang Sielaff were staged in a sensational film documentary.

 

After years of searching for his missing sister, the latter succeeded in discovering the mortal remains in an assembly pit in the former home of Wichmann, who took his life in 1993 in a different custodial context.

Up to the time Sielaff found his sister's remains, the ex-husband of those killed was the target of the investigation, although the prosecution knew he was innocent, they continued to investigate and never apologized. 

 

Germany was flabbergasted. 


But what was behind Wichmann's connections to the right-wing extremist scene in the Lunenburg Heath? 


Not far away, a gigantic weapons depot was dug up after the attack on the Munich Oktoberfest in 1980. This weapons depot was attributed to the alleged NATO Stay Behind Network Gladio undertaken by a Forrester.

But is it true that this is where Wichmann obtained the weapons for his deeds?

Is it simply the time for heather to grow over the case?


 

Read more...

Trump's million march seems more like a two-bit frolic

Trump leaves behind a shambles that once called itself the USA

Now, Trump has completely blown it in Georgia too.

He can hound, lie and declare the election absurd.

Trump is the worst example of a demagogue in office.

It is clear from his statements in recent days that he will never give up doubting the Democrats' victory.

His milkmaid calculation will end abruptly today.

The winner of the election is Joe Biden. Even Vice-President Pence has to admit that, albeit probably meekly. If the result is confirmed today in Washington.  

Meanwhile, left and right supporters are brawling in the streets of Washington. 

 

 

 

 

Read more...

The Patch is the Attack

The Patch is the Attack

A current assessment of the SolarWinds hack

Hartmut Pohl[1]

 

 

The attack was first detected by the affected IT security company FireEye[2] around December 8, 2020; FireEye warned against the use of its security products, but denied that stored, unpublished vulnerabilities (zero-day vulnerabilities) had been read. The perpetrators manipulated an update of the network monitoring platform Orion of SolarWinds Inc. in such a way that a backdoor (currently two have already been published – may be more next week) was installed in the approx. 18,000 of the approx. 300,000 customer systems (supply chain attack). Customers are the public sector in the USA, Great Britain and the world's largest companies in all sectors (defense companies, technology companies, banks, consulting, pharmaceutical/chemical, telecommunications and raw materials companies) in North America, Europe, Asia, the Middle East and in Germany[3] too like all the states of the European Union.

Given the immense impact of the attack (copying of data and programs and manipulation of programs), the attack is likely to continue to be studied in detail[4] - and also imitated, and attack documentation (despite an expected very high price) will be sold like hot cakes to criminals and interested security agencies. Companies and authorities should therefore prepare themselves by taking preventive measures. The probability of occurrence is rated internationally as very high.

U.S. federal agency systems were also compromised in the attack, with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issuing an emergency directive instructing all federal agencies to immediately shut down affected Orion products.

The SolarWinds cyberattack is not an isolated incident. Microsoft[5] alone has sent more than 13,000 warnings to customers in the last two years. The aim of the backdoor installation is to remotely control systems globally at this manufacturer's customers. At present, the perpetrators seem to be only partially concerned with financial success (extortion). This also applies to attacks in the healthcare sector; they are currently not (yet?) targeted specifically at individual patients.

The methods used by perpetrators are consistently at a very high technical level and demonstrate years of experience. Such specialists can be found not only in all industrialized countries, but also in so-called developing countries. However, such attack techniques are not researched and taught at public universities. The first criminal attempts date back to the beginning of the 1970s in Germany.

Summary and ideas

Attacks on IT systems are increasingly being carried out by companies specializing in them.

By escalating to the many victims of an attack (here approx. 18,000) the expenditure for the attack preparation sinks to about 500 K$ with an expected revenue of currently 500 - 10,000 K$... in each case per victim. Prefinancing is possible by organized crime or intelligence agencies. Further such technically well-crafted attacks can therefore be expected.

The attackers planned and implemented the attack over about 3 years. Between the first unauthorized access and the spying out of data and programs alone, about 6 - 18 months pass; this has already been pointed out by international studies (also in German-speaking countries).

An illusion is the frequently encountered opinion that once IT production is up and running again, the attack has been averted. In any case, restarting is not a sign of averted attacks. Unless at least the exploited attack points such as undetected security vulnerabilities (zero-day vulnerabilities), backdoors, covert channels and the like have been eliminated, renewed attacks must be expected. This is likely given the market power (technical capabilities, core personnel) of commercial hacking companies. The powerlessness in the face of the hacking companies also shows the helplessness of the affected U.S. government agencies.

Theoretically, only companies whose financial creditworthiness was considered sufficiently good by the perpetrators were attacked. The perpetrators attacked repeatedly (when the opportunity arose).

1. Current situation on the Internet

Politicians and also decision-makers largely lack an understanding of the risks of attacks on (their own) IT. Accordingly, the IT manager is asked whether everything is safe. Therefore, independent advice from 'outside' is not sought at all. Especially since the attackers usually proceed cautiously to conceal the attack from the victim for up to several years.

2. Perpetrators

Of course, it was the Russians (Pompeo knows); but it was the Chinese (Trump guesses). Much speaks for Korea - but only because a Korean word was 'found' in the source code (maybe rather North Korea)? If you can't think of anything else, the hackers were at least 'close to the state'. All this is nothing more than the usual political propaganda of politicians (cf. the 'rogue states'), which can only be clarified in a technically extremely complex way.

Basically, a typification of perpetrators according to script kiddies, freaks, hackers, crackers, etc. seems outdated. The diverse and complex attack possibilities require competencies and personnel in all areas of cybersecurity that cannot be provided by individual companies, municipal administrations or private individuals[6].

In the last 5 years, companies have developed internationally that carry out new attack procedures developed worldwide according to the motto 'Crime as a Service (CaaS)’[7] against payment for clients.

A distinction between perpetrator groups[8] such as script kiddies, insiders, hackers, hacktivists, cybercriminals, state-sponsored groups, 'intelligence agencies' (government institutions such as security agencies) are a thing of the past: Increasingly, hacking groups are commercialized - i.e., attacks are carried out by specialized companies under contract for a fixed fee or a revenue share of, say, 30% (ransomware). A corporate structure with minimal departments such as personal, marketing, accounting and production etc. is in place. Thus, it is carefully analyzed whether and how the company intended as a victim is actually liquid to the desired extent (profit orientation). The personnel strength of attack companies is up to 20 employees - with up to 15 IT specialists; free-lancers are brought in for special tasks.

3. Affected parties

Many U.S. federal ministries and companies have come forward or been published. The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik BSI) has informed affected German companies. In fact, probably 18 - 35 thousand SolarWinds customers[9] are affected, with a total of more than 300,000 worldwide.

4. Attack targets

The reports about reached attack targets are diffuse. Apart from marketing statements, it must therefore be assumed that valuable company data were spied out (security tools, exploits, medical devices) and that manipulations were also carried out on control data of production processes (IoT[10]) for vaccine production[11] and for the production of chemicals and medicines: Sabotage. Use for terrorist purposes cannot be ruled out - but has not yet been proven. One of the targets is likely to be data in (private and public) clouds (e.g. Microsoft Office 365 accounts).

5. Attack sequence

Overall, this hack seems to have a technical significance comparable to the ongoing (!) hack on the German Bundestag[12], Stuxnet[13] or NSA[14]. These attacks together show used techniques of the state of the world attack technology; here only the SolarWinds hack is referred to:

A. The first evidence[15] of unauthorized manipulation of Orion updates dates from October 2019 - also about 14 months before the attack detection.

B. The exploited attack points of SolarWinds systems are as yet undisclosed or even unidentified. The only possible attack points are unpatched, unpublished, or even undiscovered vulnerabilities. Experience shows that unpublished (zero-day vulnerabilities) - at least vulnerabilities not known to SolarWinds or at least not patched - are exploited for this purpose (initialization of the attack: March to June 2020). As long as this entry point is not identified and patched, the following steps can be repeated at will by the attackers.

C. The two (or more) groups of attackers make themselves independent of this vulnerability by installing (at least) two backdoors in the SolarWinds system. These backdoors are not published or identified by SolarWinds.

D. To make the tampered update appear authentic, the update is correctly digitally signed[16]. Code signing is one of the most important security measures of global software companies. If the signature can be forged, it opens the door to any abuse of authentication and integrity checking in the first place.

E. In the source code of the update, the malicious code is obfuscated (steganography); in operation, the runtime environment is checked to see if it is a corporate network or, say, an analyst's workstation.

F. With an update for the SolarWinds Orion Business Software manipulated with almost 4,000 lines of code[17], a backdoor was installed in the customer system (Orion Monitoring Software) for the first time[18]. As long as a backdoor is not identified and closed, the following attack steps can be repeated at will.[19] This applies analogously to the second backdoor that has been published meanwhile[20], as well as to any further backdoors.

G. Further backdoors are realistic. As long as not all backdoors are identified and patched, further similar attacks must be expected.

Through the backdoor, further - possibly also updated - code from a command&control server is infiltrated or a (also permanent) connection between attackers and the target system is generally established. Thus, files are transferred, executed, the system is parameterized, system services are activated and deactivated, and computers are rebooted. The transport protocol is similar to the SolarWinds protocol.

H. The backdoor is conveniently embedded in one of the SolarWinds modules installed in the target system. If the attackers know of other software (such as standard software from vendors like Microsoft) in the target system, the backdoor can be installed there as well. An attack lasts as long as the backdoor can be exploited. In other words, the built-in backdoor is the linchpin. Attackers build in several backdoors for resilience reasons; after identifying a (first) backdoor, the victim often believes that the attack has been repelled and is therefore over. In some cases, they even ask for 'proof' why they are still looking for further backdoors. 

Of course, further steps by the attackers are possible, such as copying and deleting (all) data of the attack victim and encrypting (ransomware). Copying of security information is especially relevant when unpublished security holes are collected - e.g. for law enforcement purposes. Even before the investigation was completed, such theft was denied by FireEye.

I. After this attack was discovered, the backdoor was identified by the manufacturer and closed with a (signed patch); it can be assumed that the attackers do not use the (closed) back-door anymore. At this time we can only speculate about the use of other backdoors.

J. There is often more than half a year between the installation of the backdoors and their exploitation - the period can also last up to 18 months. The decisive factor for this duration is that the attackers want to be sure that the victim does not notice their attack.

Basically, it cannot be proven that a system is backdoor-free. This means for the mentioned hacking cases like NSA, Bundestag a proof cannot be provided. And it also does not mean that the cases are actually closed. However, the attackers will move cautiously not to give any hint of their activities.

6. Damage and amount of damage

No serious damage assessment can be made because of the person-year effort. Official estimates are likely to remain secret.

The attackers also used novel malicious code that was not (yet) stored in the Department of Homeland Security's (DHS) multi-billion dollar intrusion detection system 'Einstein'.

A cleanup of the known manipulations is expected to take far more than 6 months.

However, the USA also attacks other states in this form[21].

7. Protective measures after attack detection

The manufacturer recommends updating to the latest Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure the security of the environment. However, it is doubtful whether a simple update of the Orion Platform is sufficient to eliminate an infection, given the complexities involved. Anyone who has used the compromised software builds has no choice but to check and forensically analyze the affected systems. The signatures of the two published backdoors are available for this purpose.

Identifying backdoors is easy if they are at least partially known, as in this case. It is more difficult to identify more backdoors, especially those that have not yet been detected or have not yet been published. The latter requires a sophisticated methodology. It is easier to identify backdoors that misuse documented input or output interfaces.

The scope of recovery measures depends on the value of the processed data and controlled processes (risk analysis) and ranges from a simple update of the Orion software to immediate disconnection from the Internet, installation of new devices and software, and a check of all stored data; after all, attack software can be stored anywhere - in (standard) software, in firmware and microcode of devices and controls, and also in data. Only after a new really comprehensive check can the system be put back into operation.

Simply attempting to restart without further action can be negligent. Anti-virus programs and installing the latest updates etc. can also help against this particular attack[22]. However, these measures are unlikely to detect modifications to the attack. Affected parties should carefully consider whether the successful attack should be made public.

8. Preventive measures

Commercial and government intrusion detection systems are of little use if they fail to detect documented attacks. Legal measures[23] such as the requirement to report attacks within 60 calendar days fall completely flat in the face of detection of attacks only after at least 6 months up to 18 months - 13 months in the SolarWinds case. The impression is created that the U.S. authorities are developing excellent attacks, but are not in a position to adequately protect themselves against attacks by third parties.

In Germany, great emphasis is placed on surveillance (decryption of all communications) of citizens - monitoring Internet traffic and protection against criminals seems neglected. The recurring crypto debate can therefore be described as a distraction of citizens from the real risks of the Internet.

Politicians must ask themselves how they intend to guarantee the fundamental right to physical integrity[24] - for example, in hospital cases and in the supply of vaccines[25]. Attacks such as the SolarWinds case discussed here can no longer be detected, investigated or even repelled, even by well-funded companies.

The aim of politics must be to identify attacks and warn companies and authorities in good time by pointing out previously unpublished security loopholes, backdoors and covert channels. Such an initiative belongs in the IT security law.

Two basic techniques for identifying backdoors and covert channels[26] are the analysis of a system's resources and a thorough static source code analysis. Experience shows that only 30% of covert channels can be detected thanks to tools.

Not very helpful is the Microsoft suggestion[27] to create a signature about the attack practiced in SolarWinds and compare it with current data streams - comparable to anti-virus programs. This may detect the SolarWinds hack, but hardly any other.

A constructive approach to the topic is the 'Internet Governance Forum' (IGF)[28] of the United Nations and the 'Council to Secure the Digital Economy' (CSDE) of the IT and telecom industry.

9. Final assessment

The total damage can only be estimated by those affected (companies and authorities) with great effort - and only if logs have been created automatically at various levels.

Further, attack vectors - beyond the 2 published backdoors - are still likely to be identified - possibly not even using the Orion software; in any case, all statements such as "was not spied on, not sabotaged" are not technically justified. In addition, the 'usual' security errors can be seen, such as publication of passwords, too long reaction times after malware detection.

If the impression is given here that this case is one of the few exceptional ones, the impression is wrong. Comparable attacks - perhaps not with this scope - are commonplace. Accordingly, 5 days after the case was published, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive asking U.S. agencies using SolarWinds products to forensically analyze the case and block network traffic to addresses outside the organization. Agencies without the appropriate expertise should immediately shut down the products due to possible compromise.

 

 

This paper represents the released executive summary of a confidential audit report security testing a German company.

 

 

[1] Prof. Dr. Hartmut Pohl, Geschäftsführer der IT-Sicherheitsberatung softScheck GmbH Köln – Sankt Augustin
https;//www.softScheck.com Hartmut.Pohl@softScheck.com

[2] https://bit.ly/35gbyb5

[3]  For example, the source code base of Windows (Microsoft) was successfully accessed (https://bit.ly/2JA91AC); so far unconfirmed (but probable) are accesses to the supply chain, which - as with the access to the SolarWinds supply chain - enabled backdoors in over 85% of all computers in the world. The political and economic consequences were studied decades ago (https://bit.ly/3rK8ZHN), but were not understood: Worldwide, almost all computers and thus the Internet can be shut down by attackers within a few days or even abruptly. Terrorist interests (sabotage) cannot be ruled out.

[4] https://bit.ly/38NCIH1

[5]  https://bit.ly/34YHuQP

[6]  https://bit.ly/3o2ZO2Y

[7]  https://bit.ly/2WW1jE2

[8]  https://bit.ly/353iecp

[9]  A rough (unconfirmed) overview of CISA can be found on the Internet (https://adobe.ly/386Cvj1): Belkin, Cisco, CrowdStrike, Deloitte (since June 20019), FireEye (with CIA involvement), Intel, Nvidia, Siemens, VMware. A number of US government agencies were also compromised by the malicious software. For example, the hackers reportedly managed to penetrate the Department of Homeland Security, the Department of Treasury, the Department of Commerce and the Department of Energy, and the systems of the U.S. Atomic Weapons Agency, airport networks such as Austin, the NSA, ... Thus, the sectors affected are telecommunications, aerospace, and defense and health care. Furthermore, companies in Great Britain and Turkey are mentioned, as well as cloud/hosting providers in particular, such as Amazon, DigitalOcean, Microsoft Azure. Also, the UK National Health Service, the European Parliament and NATO.

Classic ransomware attacks, on the other hand, seem to be those on Aida, Funke, Hetzner, Symrise, etc. The German government stated that there were no accesses to its systems.

Simultaneously, Microsoft has also admitted to a successful attack - although it has not published how long the attackers have been active in Microsoft networks. (https://reut.rs/352s1PQ)!

Since the attack took place months ago, some companies no longer have the forensic data that is essential for a full investigation.

[10] https://bit.ly/382txUb

[11] https://bit.ly/382Sq1Y

[12] https://bit.ly/3pHJl4n

[13] https://bit.ly/2L7igZy

[14] https://bit.ly/38QBUB4

[15] https://bit.ly/38Prwd3, https://on.wsj.com/3hIujZG

[16] For reasons of practicality, the message (in this case the update) is first hashed and this hash value is encrypted into a check digit using a (strictly secret) private key from SolarWinds. Only with the corresponding public key the check digit can be decrypted again, so that the update appears authentic from SolarWinds and unchanged. The unauthorized use of the signature method therefore requires that the attackers could read and use the private key without authorization!

[17] https://bit.ly/38Prwd3

[18] Backdoor or trapdoor. Concealed (undocumented) sequence of instructions (programs, program parts in hardware, firmware, microcode and/or software) that enables access to an IT system by bypassing the security system (access control system).

[19] Therefore, a kill switch was installed on the associated command & control server, which automatically deletes the back-door when called by the manipulated software. https://bit.ly/350NqZQ

[20] Web shell 'Supernova' embedded in Orion code by another attacker.

[21] In June 2019, The New York Times reported that U.S. Cyber Command had penetrated Russian electric utilities deeper than ever before and deployed malware. https://bit.ly/38MwOG3

[22] https://bit.ly/34ZsUZh

[23] https://bit.ly/2MoRjBl

[24] https://bit.ly/2MoRjBl

[25] https://bit.ly/3aVA84z

[26] Covert channel. Logical channel that is not intended for information transmission - nevertheless enables unauthorized and covert (non-documented) transmission, i.e. exchange of information and thus violates the security policy of the IT system. Two classes of covert channels are distinguished covert storage channels and covert timing channels. A covert channel is a channel that allows information to flow between at least two cooperating entities in a manner that is contrary to the security objectives - without being controllable by access control, i.e. it violates the security policy.

[27] https://bit.ly/3834v76

[28] https://bit.ly/3o3kPKK

Read more...

According to soothsayers, the world faces the beginning of the apocalypse in 2021

Apocalypse now

Surely humanity is used to a lot from psychics, fortune-tellers and prophets who emerge from the historical mothballs every year again to deliver the spooky predictions for the next twelve months.

This time, however, it seems different.

The seer from the Balkans, called Baba Vanga, accurately foresaw the events of the past twelve months almost 30 years ago. It should be noted that Baba Vanga has been dead for three decades. 

She predicted Corona or COVID-19. Many of her predictions did not come true in the predicted years, but they did come true later, such as the September 11, 2001, attack on the World Trade Center, the 2004 tsunami disaster in Thailand, and other events that instilled great fear in humanity. 

2021

Unfortunately, the seer from the Balkans has nothing good to report for the year 2021. Strange events that will cause Vladimir Putin to fall victim to an attack to be carried out by an employee of his bodyguard.

She has no good news for Donald Trump either, the American autocrat will suffer from a mysterious disease. This disease disintegrates his brain, as the woman put it when she was alive, leaving him a deaf, disoriented man.

Unfortunately, things don't look good for humanity either. In the year 2021, when the Earth's orbit is also supposed to shift due to a strong solar flare, there are violent floods everywhere and fights for living space.

Further trouble threatens humanity, especially in Europe, from invading marauders who are gradually depopulating Europe with chemical weapons and then taking it over. There are to be fierce terrorist attacks on the continent. These acts of war are to continue until 2025, leaving the continent of Europe simply deserted. Allegedly, three dragons will unite into one and wipe out humanity. There has also been speculation about whether biological weapons will be used to fight in Europe.  

After these changes, Europe's economy is said to collapse completely.

There is to be famine and constant warfare.

In addition, it is reported by Baba Vanga that the first mission of humans to Venus is being prepared. However, this is being done secretly and behind closed doors.

However, she had one piece of good news for the year 2021, that a cure for cancer will be found, literally this disease will be locked up with iron. As she put it.

The seer from the Balkans had the same visions about the year 2021 as the seer Alois Irlmaier and the prophet and doctor Michel Nostradamus had already had in the Middle Ages. All three prophesied a year of catastrophes for 2021. We know from Baba Vanga that she had a hit rate of about 85% in her predictions. We can only hope that she was wrong in 2021 and that none of the bad events will actually happen.

Read more...

North Korea's propaganda channel portrays the country as an outpost of the Garden of Eden

Strange propaganda channel

For those who didn't know, North Korea has found an instrument of international self-promotion. In YouTube.

The unknown beauty from the channel, depicting the horribly distorted life in North Korea, portrays the country like a branch of paradise. 

None of the insane video shoots correspond to the lived truth in Kim's socialism and the sectarian structure of the Juche, the state doctrine in North Korea. 

Of course, this channel completely misses the realities and does not show the concentration camps, the hunger, the oppression, but simply the delusion of the regime in Pyongyang. Human rights are trampled on in the country just to ensure the possibility of survival for the Juche and its vile officials. 
 

Here are some of the Echo of Truth videos that one can only marvel at. 

 

Read more...

Afghanistan

About the futility of war 

The adventures of a German female soldier in Afghanistan are the focus of the story. 

Afghanistan, a country of opposites, at war for decades without peace. The helplessness of the German armed forces, which ultimately only implements political decisions, but quickly realizes that the liberated people did not want to be liberated and cannot and do not want anything to do with Western-style democracy. In the end, what remains are destroyed ideals, a broken health and illusions of a better world that cannot exist because it is not wanted.

 

Afghanistan is set in the mountains of the Hindu Kush, in a German armed force military camp. It is about the ephemeral friendships, about the troubled relationship with the Americans, about enemy encounters and offers of peace.  About dead mercenaries and tattered peacemakers who have all gathered in the country to wage war and ultimately lose it. The young soldier's story is about the madness called war - of a non-commissioned officer who goes treasure hunting and slowly loses his mind. Death is like the friendly neighbor who goes his way between faith and money. In the end, everyone is left as a loser. Even at home that has long ceased to be one. 

From February 1, 2021, in our shop as an e-book.

Read more...

Die Stem van die Apartheid (2/1999) - Shadows of the Night- the Murder of Dr Robert Van Schalkwyk Smit

Die Oranje Vrystaat

The Vrystaat smells of spicy bushes, not Diesel like yesterday on the army truck, past ostriches and zebras, along with dull-faced SADF soldiers sitting on the back of the truck being carted to the front. Cannon fodder for a proxy war between the great powers. 


Ossewabrandwag


I have realized in the last few hours reading the newspaper cuttings, South Africa is ruled by a cult. Ossewabrandwag - my people, my God.
The eagle looks like one of the NSDAP.


Interestingly, this organization was founded in February 1939 and wanted to enter the war on the side of Germany. The Afrikaner Broederbond is recruited from this Afrikanerdoom environment, and it  formed the National Party of South Africa (NP). The sect party provides the prime minister, in this case the obstinate and extremely dangerous P W Botha, called the Great Crocodile, even less flattering in Afrikaans: Die Groot Krokodil . He was born in Paul Roux, just over 100 km from here. He is a concrete-headed racist and capitalist. Botha will not release Mandela from prison in his lifetime. Nazis survived here in other guises. Scary to think if Hitler had won the war. 

In the folder I received from the editor are also newspaper cuttings of a crime that, as one of The Star's journalists in Johannesburg lately wrote, was one of the most heinous in recent decades. That may be saying something if people are allowed to be tortured to death.  Just disappear in a bright blue Ford Granada or a yellow SUV on the loading bed. Or simply slaughtered at home, tortured to death in police stations. Etc.

The murder of Dr Robert Van Schalkwyk Smit - the trail leads to Germany


One of the great mysteries is the death of Dr Robert Van Schalkwyk Smit and his wife Jeanne-Cora. The case is still fermenting in the collective popular soul of the Boers here. Since this regime in Pretoria can only be cracked from within, Smit became an absolute risk for the party. But this risk had a long history.


What had happened? 


Smit was one of the most successful South Africans who, although he also came from the political sect of those who rule this country harshly, also wanted to expose corruption. This was, of course, about "Muldergate" and also about other dirty tricks that the NP came up with for its internal opponents. 


There are countless rumors. 

The rumor that is probably closest to the truth is that of the two German murderers who, for whoever, were deliberately directed to the scene of the crime, committed the ugly deed and then disappeared again. 


The trace of the writing on the wall "RAU TEM" (Randse Afrikaanse Universiteit - Tegnies En Moord) "leads into the circles that remained of BOSS. Who knows who gave the order? Probably in their midst are also exiled Rhodesian's who just lost their homeland three years ago with the "Lancasterhouse Agreement".  
 

"RAU TEM" is said to be a group of the Boss (Bureau for State Security) (Buro vir Staatsveiligheid (BSV)) and there is nothing good to report about the terrorist group that has meanwhile been dissolved in the "Muldergate" affair. 


It is interesting to note that two years before the murder, when the South African embassy in Germany moved from Cologne to Bonn Auf dem Hostert 3, the secret nuclear papers disappeared without a trace under the eyes of the GSG 9 (!). The Bonn public prosecutor's office and the South African Secret Service (!), which was acting on German soil in this connection, jointly came to the conclusion after intensive investigations that the papers were gone.  

 

2013-08-20 Ehemalige Botschaft der Republik Südafrika, Auf der Hostert 3, Bonn, Ansicht aus Süd-West IMG 5087.jpg

Former South African Embassy in Bonn / Germany

Von Foto: Eckhard Henkel / Wikimedia Commons / CC BY-SA 3.0 DE, CC BY-SA 3.0 de, Link


It is also interesting to note that Foreign Minister Pik Botha and Van Schalkwyk Smit were neighbours in Washington when both were on equally diplomatic missions for the Republic. 

 

Pik Botha.jpg
By <a href="https://www.wikidata.org/wiki/Q41529430" class="extiw" title="d:Q41529430">William Fitz-Patrick</a> - <a rel="nofollow" class="external text" href="https://www.reaganlibrary.archives.gov/archives/audiovisual/contactsheets/1963.jpg">Photograph 1963-18A, White House Photographic Office: 1981-89 Collection</a> (see large PDF with description and link to photo contact sheet <a rel="nofollow" class="external text" href="https://reaganlibrary.archives.gov/archives/audiovisual/WHPHOTO1981.PDF">here</a>. From the <a rel="nofollow" class="external text" href="http://www.reagan.utexas.edu/">The Ronald Reagan Presidential Library and Museum</a>, Public Domain, Link


There was probably a nuclear axis between Bonn, Brasília and Pretoria. Smit, otherwise top of the class of the NP, was well-informed about the red threads of corruption. Perhaps he was blackmailing Dr Eschel Rhoodie, the propaganda chief of the NP. 


Van Schalkwyk Smit was, of course, no orphan. He ran the country's largest insurance company, Santam, and was certainly involved in countless actions of the apartheid regime in Pretoria as the head of it and as the representative of the International Monetary Fund.


Van Schalkwyk Smit is said to be the originator of the trick that is being carried out by the thousands in Mauritius, the Seychelles, Taiwan and Hong Kong through South African shell companies. 

The goods subject to the embargo are simply exported to the respective countries and from there to South Africa. This is also how the sanction of the Federal Export Office in Eschborn near Frankfurt is to be circumvented. In addition, there are dozens of flats all over the world through which almost everything is sold and bought. 


What took place that evening in Springs in the Transvaal can only be conjectured. The police, when they do investigate, always investigate favoring the Botha government and its regime lackeys.
Allegedly, the perpetrators stayed for hours in the bungalow in Springs and literally tortured the victims there. Or even returned once because they had forgotten to take something with them.  It was probably about documents from the nuclear deals. The investigations are so watered down that no one knows anymore what Pretoria pretended to be in the case, what the result should be or was.  Dr Van Schalkwyk Smit came later home. 

By this time, his wife must have already been executed by countless knife wounds and targeted shots to the head, following a torture. Smit died shortly afterwards. Whether the perpetrators were looking for something or just had a targeted murder mission remained entirely open in the investigations of the South African police. The statements of the lead detective, a brawny Boer, range between Smit was dragged halfway down the lower floor and Smit was already dead when he tried to unlock the door in the hallway. 

A leaked report said that the flat, mainly the kitchen, had been searched. The perpetrators also left the inscription "RAU TEM" there.  It is unlikely that documents on South African government corruption were stored there. As Dr Eschel Rhoodie said in England last year, there are said to have been countless bank accounts in Switzerland, he was on the run via Ecuador to Great Britain and from there to France, where he was then arrested. 


Did Smit know before his death to report what was then exposed months later as the "Muldergate Affair" in 1977 in Pretoria?


Millions of South African rand, currently worth between US$ 1,20 and US$1,50 per Rand, which a high purchase value, had been embezzled to influence the press, to falsify the news in a way that was desirable for a dictatorship that wanted to stay in power for a long time. The Citizen or The Burger was chosen for this purpose. An idea that came from the head of BOSS, Hendrik van den Bergh. One of the most odious figures and guarantors of the South African dictatorship. 
Allegedly, according to an inquiry report, Balthazar Johannes "B. J." Vorster, Botha's shamed predecessor, was involved in the whole story. Now he lives in Cape Town. Isolated and reviled by the local Boer celebrities. 
The mastermind and string-puller for the government in Pretoria was Connie Mulder (Petrus Cornelius Mulder), an obscure character even for the brown henchmen in Pretoria.
They unceremoniously excluded him from the NP holy grail when things got too hot.

The Washington Post reported on the bad who-dunnit penned by the propaganda department a few years ago. And yet journalists here on the ground think that South Africa's only opposition paper, the Rand Daily Mail, has been completely undermined and the Boers are taking revenge on Helen Zille's article on the death of (Bantu) Stephen Biko

The only credible lead


Mad Mike Hoare and his gang of murders
No one has had any real interest so far, but perhaps that will change in the years to come. Through a statement to the Erasmus Commission, a former judge of the Transvaal Supreme Court came into action who knew a South African Airways pilot who gave a statement about two Germans who had come to South Africa from Lutton Airport (UK) for the £40,000 job to murder van Schalkwyk Smit and his wife. These two Germans were part of Mad Mike Hoare's Commando 5 in the Congo. There, daily murders with the leaving of graffiti was normal, as one can see from numerous pictures of the time. 
So, it is not surprising that the chief of the mercenaries in the Congo known as Mad Mike, whose most famous platoon leader was the unfortunately "legendary" Congo Muller, is also said to have been involved in the murder of the van Schalkwyk Smit couple. This, however, leads back to the influence of the South African government, which did not want to get its hands dirty with overseas mercenaries.


What the South African Airways pilot really knows only means that he has testified that two Germans accepted the order to murder the couple. This murder must have come from the "Muldergate scandal" with the accounts held in Switzerland and Germany. To make matters worse, evidence from Dr Eschel Rhoodie is said to be in a secure location, presumably in a Swiss bank vault.


This fact was reported by the New York Times, one of the absolute opponents of apartheid, as early as 1979, but unfortunately this lead, which is the most credible and the most likely, was not followed up. Mad Mike, the Irishman, had carried out similar actions in the Congo during the Katanga crisis. Countless of his comrades-in-arms were Germans who were better off fighting in the Congo in the 1960s than facing prosecution by the courts in Germany for crimes committed during the Nazi era. 


A staircase joke of history is that Matt Mike now lives in South Africa and not so far away from what happened in Springs, in the Johannesburg area. What Schalkwyk Smit and his wife could know, the perpetrators certainly took with them. Congo-Muller, however, who revealed his true soul in a pathetic interview, drove off to the next battle with a skull and crossbones on his bonnet whenever he was needed for a murder in Katanga.


It would have been a simple step to find out who Mad Mike's mercenaries were from Germany and compare them with the entry documents to the Boer Republic. The clarification of the heinous crime, however, was not wanted. The murder of Schalkwyk Smit and his wife was desired to deter the enemies within. 


Now that the shadow of night is settling over the Vrystaat, I am going to the takeaway and will eat a Boerewors and drink a Castle Lager. 

Read more...
Subscribe to this RSS feed

More News

Trump's million march seems more like a two-bit frolic

Trump's million march seems more like a two-bit fr…

06 January, 2021 | Hits:255

Trump leaves behind a shambles that once called itself the USA Now, Trump h...

Perhaps Trump sets the execution method for himself - The legacy of Donald Trump (1)

Perhaps Trump sets the execution method for himsel…

28 November, 2020 | Hits:437

Trump's whimsical legacy - that of a break clown   Accountant of deat...

Trump falsifies the presidential election in front of everyone

Trump falsifies the presidential election in front…

03 November, 2020 | Hits:421

Update  November 4th, 2020   LIVE: President Donald J Trump ht...

U.S.

Trump heralds the end of Twitter - a presidential order is in preparation

Trump heralds the end of Twitter - a presidential …

16 May, 2020 | Hits:1153

Update May 28, 2020 Twitter and Trump   With the social networ...

Sections

At the Scene

World News

  • Antarctica
  • Latinamerica
  • US and Canada
  • North Polar
  • Russia
  • Europe
  • Asia
  • Oceania
  • Australia and NZ

Tools

About Us

Follow Us