Web Analytics Made Easy -
StatCounter
January 2021
Menu
Moon views of an armchair astronaut

Moon views of an armchair astronaut

  The present pho...

Missing: Where is Sergej Enns?

Missing: Where is Sergej Enns?

No news and listless Gree...

Snakes on Ceres?

Snakes on Ceres?

Snakes on Ceres? What ...

Wirecard Connection - what does the murder of Daphne Caruana Galizia have to do with Wirecard?

Wirecard Connection - what does the…

Long, long ago -The colla...

The enduring mystery of the Kambo Mannen- some news

The enduring mystery of the Kambo M…

Nearly 34 years... Aft...

Silence upon the heather

Silence upon the heather

(The links and the films ...

What do whales have to do with the 'Ndrangheta?

What do whales have to do with the …

Strong contrasts Wonde...

Rama X. - a problem king!

Rama X. - a problem king!

    Rama ...

Trump's million march seems more like a two-bit frolic

Trump's million march seems more li…

Trump leaves behind a s...

The Patch is the Attack

The Patch is the Attack

The Patch is the Attack ...

Prev Next

January 2021

Rama X. - a problem king!

 

 

Rama X., the Thai problem king, is back on the international scene. One is not surprised to hear bizarre news from Bangkok, where Her Serene Highness is now staying. How long, nobody knows. Rama disliked the criticism from his Bavarian "brothel exile". 

Omnipotent king from the Middle Ages


Rama disappeared from Bavaria when German Foreign Minister Heiko Maas took notice of the sociopath who had gone astray.

Rama, who likes to cycle through Bavaria in skimpy knickers, disregarding diplomatic etiquette, steered his brutal empire out of Germany. This is and was forbidden. Not that he forgot to pay inheritance tax in Germany on some 30 billion euros he received in 2016. That was the least of his problems, the immoral aristocrat is a big fan of torture, military junta and suppression of any opposition and kind. It was obvious that the cowardly blue blood had his people beaten up from Germany. Still the democracy movement and its protagonists are perceived by Rama as an insult to his majesty.

 

Torture jack

Sometimes the critics are sentenced to 40 years in prison, as was the case this week for a woman who expressed only mild criticism of the palace insanity. She has to serve 43 years. According to observers, she spoke her mind freely about the blue-blooded high-flyer in the skimpy blue partner jacket. But Rama has also been in trouble in the family circle in recent weeks, when he wanted to install two concubines in addition to his wife and queen. In the process, he got into an argument with his sister, who then had to go to hospital with broken bones. 

 


Now he has appointed Koi as his second queen. It has been a hectic week for the monarch from another world. 

The question is, can the world still afford such obvious autocratic sociopaths or is the king model a discontinued and superfluous model. 

 

 

Historical freedom of jesters in Bavaria

 

Rama X, the Thai monarch, gradually becomes a nuisance in the Federal Republic of Germany. While everyone kept to the first restrictions imposed by the government, the king flew back and forth. Once to fly to Thailand for festivities.

Then again, he headed for various airports in the Federal Republic and practised the pilot manoeuvre touch and go with his passenger plane to satisfy his urge to renew his flying licence instead of taking a walk in semi-domestic Bavaria. But that wasn't all, the comical king, who had a Boeing converted into a flying luxury palace for himself, quickly obtained a special permit from the city of Garmisch-Partenkirchen when the curfew was imposed. This allowed him to stay at the Hotel Sonnenbichl, despite having his residence in Bavaria.

Why, was not clear even to the Court rapporteurs, who reported on His Majesty's frequent absences.


Not only since yesterday has the bustling monarch from Bangkok become a problem. We remember that his Boeing was once chained to a pledge seal at Erding airport in connection with unpaid debts until the Serene Highness loosened more than EUR 30 million. Maha Vajiralongkorn was then still a prince and had been living for years in a villa in Tutzing on Lake Starnberg.

He recently took a tight belly top off the parade of his followers at Munich's Erding airport. Rumour has it that he had conveniently gotten rid of his tired girlfriend from the private sphere by merely having her arrested and giving her a whimsical story about an acid attack as a reason. Before that, the man, who simultaneously had been crowned king in gold panties, had dumped his three wives.

 

But the Free State of Bavaria has experience with blue-blooded troublemakers, as one can guess from the story with Ludwig II.


Now, however, the comical king residing in Bavaria with his court, i.e. courtiers, lackeys and concubines, who until now could only be described as a little strange, mutates into a skilled torturer in diplomatic status.  This, however, only behind closed doors because the blue-blooded man has everyone mercilessly persecuted who has something to criticize about him and his white royal uniform jacket.

 

As one could gather from numerous well-informed circles, the strange king had multiple persons from his entourage flogged and beaten on the territory of the Federal Republic of Germany. This is said to have happened on the fourth floor of the picturesquely located Hotel Sonnenbichl.

Torture is forbidden even for kings in Bavaria!

What sounds like a horror fairytale became a reality during the Corona crisis in Germany. The brutal monarch with a penchant for eccentricity in a protected status is to watch the films of courtly punishment for his pleasure later on. But that is not all. According to a report by the British journalist Andrew Gregor Mc Marshall, the aristocrat who has fallen out of his role maintains a kind of torture prison in Thailand. Where he has unpleasant characters tortured for a long time and then has the films shown in a variety of "best of" when he lives in his villa on his native Starnberg Lake.

 

All the circumstances of the monarch now call numerous human rights activists to the scene because Rama drives his royal omnipotence fantasies too far. It seems that Rama maintains the Thai torture prison because of his palace in Bangkok, as new investigations now reveal.  Here the belly-free monarch is said to take particular pleasure in the suffering of the arbitrarily imprisoned prisoners. They have to drink urine, suffer from sleep deprivation and have to eat worms. While Rama appreciates the hearty Bavarian cuisine, countless prisoners are gnawing at the hunger cloth.

 

Rama X. is certainly not as easy to stroke as Rama's name, and in recent years there have been increasing reports of royalty's failures in apparent exile. Rama is not fussy with critics of his decadent courtly excesses. The man with the name Maha Vajiralongkorn, unpronounceable for Europeans, followed his father Bhumibol, who was very popular with the Thais, on the throne in a kind of fantasy costume garnished by a crown on his head. Otherwise, it is known about the bon vivant at the gates of Munich that he married his former bodyguard some time ago. Your Majesty will be ruthless, as his Master of Ceremonies recently threatened in the social media if criticism of the ruler is made. A journalist was arrested when the monarch came back to Zurich from a trip to his old homeland.

 


The question is, what can be done about the king?

 


 Sources:  Thailand opposition, German agencies

 

Read more...

Trump's million march seems more like a two-bit frolic

Trump leaves behind a shambles that once called itself the USA

Now, Trump has completely blown it in Georgia too.

He can hound, lie and declare the election absurd.

Trump is the worst example of a demagogue in office.

It is clear from his statements in recent days that he will never give up doubting the Democrats' victory.

His milkmaid calculation will end abruptly today.

The winner of the election is Joe Biden. Even Vice-President Pence has to admit that, albeit probably meekly. If the result is confirmed today in Washington.  

Meanwhile, left and right supporters are brawling in the streets of Washington. 

 

 

 

 

Read more...

The Patch is the Attack

The Patch is the Attack

A current assessment of the SolarWinds hack

Hartmut Pohl[1]

 

 

The attack was first detected by the affected IT security company FireEye[2] around December 8, 2020; FireEye warned against the use of its security products, but denied that stored, unpublished vulnerabilities (zero-day vulnerabilities) had been read. The perpetrators manipulated an update of the network monitoring platform Orion of SolarWinds Inc. in such a way that a backdoor (currently two have already been published – may be more next week) was installed in the approx. 18,000 of the approx. 300,000 customer systems (supply chain attack). Customers are the public sector in the USA, Great Britain and the world's largest companies in all sectors (defense companies, technology companies, banks, consulting, pharmaceutical/chemical, telecommunications and raw materials companies) in North America, Europe, Asia, the Middle East and in Germany[3] too like all the states of the European Union.

Given the immense impact of the attack (copying of data and programs and manipulation of programs), the attack is likely to continue to be studied in detail[4] - and also imitated, and attack documentation (despite an expected very high price) will be sold like hot cakes to criminals and interested security agencies. Companies and authorities should therefore prepare themselves by taking preventive measures. The probability of occurrence is rated internationally as very high.

U.S. federal agency systems were also compromised in the attack, with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issuing an emergency directive instructing all federal agencies to immediately shut down affected Orion products.

The SolarWinds cyberattack is not an isolated incident. Microsoft[5] alone has sent more than 13,000 warnings to customers in the last two years. The aim of the backdoor installation is to remotely control systems globally at this manufacturer's customers. At present, the perpetrators seem to be only partially concerned with financial success (extortion). This also applies to attacks in the healthcare sector; they are currently not (yet?) targeted specifically at individual patients.

The methods used by perpetrators are consistently at a very high technical level and demonstrate years of experience. Such specialists can be found not only in all industrialized countries, but also in so-called developing countries. However, such attack techniques are not researched and taught at public universities. The first criminal attempts date back to the beginning of the 1970s in Germany.

Summary and ideas

Attacks on IT systems are increasingly being carried out by companies specializing in them.

By escalating to the many victims of an attack (here approx. 18,000) the expenditure for the attack preparation sinks to about 500 K$ with an expected revenue of currently 500 - 10,000 K$... in each case per victim. Prefinancing is possible by organized crime or intelligence agencies. Further such technically well-crafted attacks can therefore be expected.

The attackers planned and implemented the attack over about 3 years. Between the first unauthorized access and the spying out of data and programs alone, about 6 - 18 months pass; this has already been pointed out by international studies (also in German-speaking countries).

An illusion is the frequently encountered opinion that once IT production is up and running again, the attack has been averted. In any case, restarting is not a sign of averted attacks. Unless at least the exploited attack points such as undetected security vulnerabilities (zero-day vulnerabilities), backdoors, covert channels and the like have been eliminated, renewed attacks must be expected. This is likely given the market power (technical capabilities, core personnel) of commercial hacking companies. The powerlessness in the face of the hacking companies also shows the helplessness of the affected U.S. government agencies.

Theoretically, only companies whose financial creditworthiness was considered sufficiently good by the perpetrators were attacked. The perpetrators attacked repeatedly (when the opportunity arose).

1. Current situation on the Internet

Politicians and also decision-makers largely lack an understanding of the risks of attacks on (their own) IT. Accordingly, the IT manager is asked whether everything is safe. Therefore, independent advice from 'outside' is not sought at all. Especially since the attackers usually proceed cautiously to conceal the attack from the victim for up to several years.

2. Perpetrators

Of course, it was the Russians (Pompeo knows); but it was the Chinese (Trump guesses). Much speaks for Korea - but only because a Korean word was 'found' in the source code (maybe rather North Korea)? If you can't think of anything else, the hackers were at least 'close to the state'. All this is nothing more than the usual political propaganda of politicians (cf. the 'rogue states'), which can only be clarified in a technically extremely complex way.

Basically, a typification of perpetrators according to script kiddies, freaks, hackers, crackers, etc. seems outdated. The diverse and complex attack possibilities require competencies and personnel in all areas of cybersecurity that cannot be provided by individual companies, municipal administrations or private individuals[6].

In the last 5 years, companies have developed internationally that carry out new attack procedures developed worldwide according to the motto 'Crime as a Service (CaaS)’[7] against payment for clients.

A distinction between perpetrator groups[8] such as script kiddies, insiders, hackers, hacktivists, cybercriminals, state-sponsored groups, 'intelligence agencies' (government institutions such as security agencies) are a thing of the past: Increasingly, hacking groups are commercialized - i.e., attacks are carried out by specialized companies under contract for a fixed fee or a revenue share of, say, 30% (ransomware). A corporate structure with minimal departments such as personal, marketing, accounting and production etc. is in place. Thus, it is carefully analyzed whether and how the company intended as a victim is actually liquid to the desired extent (profit orientation). The personnel strength of attack companies is up to 20 employees - with up to 15 IT specialists; free-lancers are brought in for special tasks.

3. Affected parties

Many U.S. federal ministries and companies have come forward or been published. The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik BSI) has informed affected German companies. In fact, probably 18 - 35 thousand SolarWinds customers[9] are affected, with a total of more than 300,000 worldwide.

4. Attack targets

The reports about reached attack targets are diffuse. Apart from marketing statements, it must therefore be assumed that valuable company data were spied out (security tools, exploits, medical devices) and that manipulations were also carried out on control data of production processes (IoT[10]) for vaccine production[11] and for the production of chemicals and medicines: Sabotage. Use for terrorist purposes cannot be ruled out - but has not yet been proven. One of the targets is likely to be data in (private and public) clouds (e.g. Microsoft Office 365 accounts).

5. Attack sequence

Overall, this hack seems to have a technical significance comparable to the ongoing (!) hack on the German Bundestag[12], Stuxnet[13] or NSA[14]. These attacks together show used techniques of the state of the world attack technology; here only the SolarWinds hack is referred to:

A. The first evidence[15] of unauthorized manipulation of Orion updates dates from October 2019 - also about 14 months before the attack detection.

B. The exploited attack points of SolarWinds systems are as yet undisclosed or even unidentified. The only possible attack points are unpatched, unpublished, or even undiscovered vulnerabilities. Experience shows that unpublished (zero-day vulnerabilities) - at least vulnerabilities not known to SolarWinds or at least not patched - are exploited for this purpose (initialization of the attack: March to June 2020). As long as this entry point is not identified and patched, the following steps can be repeated at will by the attackers.

C. The two (or more) groups of attackers make themselves independent of this vulnerability by installing (at least) two backdoors in the SolarWinds system. These backdoors are not published or identified by SolarWinds.

D. To make the tampered update appear authentic, the update is correctly digitally signed[16]. Code signing is one of the most important security measures of global software companies. If the signature can be forged, it opens the door to any abuse of authentication and integrity checking in the first place.

E. In the source code of the update, the malicious code is obfuscated (steganography); in operation, the runtime environment is checked to see if it is a corporate network or, say, an analyst's workstation.

F. With an update for the SolarWinds Orion Business Software manipulated with almost 4,000 lines of code[17], a backdoor was installed in the customer system (Orion Monitoring Software) for the first time[18]. As long as a backdoor is not identified and closed, the following attack steps can be repeated at will.[19] This applies analogously to the second backdoor that has been published meanwhile[20], as well as to any further backdoors.

G. Further backdoors are realistic. As long as not all backdoors are identified and patched, further similar attacks must be expected.

Through the backdoor, further - possibly also updated - code from a command&control server is infiltrated or a (also permanent) connection between attackers and the target system is generally established. Thus, files are transferred, executed, the system is parameterized, system services are activated and deactivated, and computers are rebooted. The transport protocol is similar to the SolarWinds protocol.

H. The backdoor is conveniently embedded in one of the SolarWinds modules installed in the target system. If the attackers know of other software (such as standard software from vendors like Microsoft) in the target system, the backdoor can be installed there as well. An attack lasts as long as the backdoor can be exploited. In other words, the built-in backdoor is the linchpin. Attackers build in several backdoors for resilience reasons; after identifying a (first) backdoor, the victim often believes that the attack has been repelled and is therefore over. In some cases, they even ask for 'proof' why they are still looking for further backdoors. 

Of course, further steps by the attackers are possible, such as copying and deleting (all) data of the attack victim and encrypting (ransomware). Copying of security information is especially relevant when unpublished security holes are collected - e.g. for law enforcement purposes. Even before the investigation was completed, such theft was denied by FireEye.

I. After this attack was discovered, the backdoor was identified by the manufacturer and closed with a (signed patch); it can be assumed that the attackers do not use the (closed) back-door anymore. At this time we can only speculate about the use of other backdoors.

J. There is often more than half a year between the installation of the backdoors and their exploitation - the period can also last up to 18 months. The decisive factor for this duration is that the attackers want to be sure that the victim does not notice their attack.

Basically, it cannot be proven that a system is backdoor-free. This means for the mentioned hacking cases like NSA, Bundestag a proof cannot be provided. And it also does not mean that the cases are actually closed. However, the attackers will move cautiously not to give any hint of their activities.

6. Damage and amount of damage

No serious damage assessment can be made because of the person-year effort. Official estimates are likely to remain secret.

The attackers also used novel malicious code that was not (yet) stored in the Department of Homeland Security's (DHS) multi-billion dollar intrusion detection system 'Einstein'.

A cleanup of the known manipulations is expected to take far more than 6 months.

However, the USA also attacks other states in this form[21].

7. Protective measures after attack detection

The manufacturer recommends updating to the latest Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure the security of the environment. However, it is doubtful whether a simple update of the Orion Platform is sufficient to eliminate an infection, given the complexities involved. Anyone who has used the compromised software builds has no choice but to check and forensically analyze the affected systems. The signatures of the two published backdoors are available for this purpose.

Identifying backdoors is easy if they are at least partially known, as in this case. It is more difficult to identify more backdoors, especially those that have not yet been detected or have not yet been published. The latter requires a sophisticated methodology. It is easier to identify backdoors that misuse documented input or output interfaces.

The scope of recovery measures depends on the value of the processed data and controlled processes (risk analysis) and ranges from a simple update of the Orion software to immediate disconnection from the Internet, installation of new devices and software, and a check of all stored data; after all, attack software can be stored anywhere - in (standard) software, in firmware and microcode of devices and controls, and also in data. Only after a new really comprehensive check can the system be put back into operation.

Simply attempting to restart without further action can be negligent. Anti-virus programs and installing the latest updates etc. can also help against this particular attack[22]. However, these measures are unlikely to detect modifications to the attack. Affected parties should carefully consider whether the successful attack should be made public.

8. Preventive measures

Commercial and government intrusion detection systems are of little use if they fail to detect documented attacks. Legal measures[23] such as the requirement to report attacks within 60 calendar days fall completely flat in the face of detection of attacks only after at least 6 months up to 18 months - 13 months in the SolarWinds case. The impression is created that the U.S. authorities are developing excellent attacks, but are not in a position to adequately protect themselves against attacks by third parties.

In Germany, great emphasis is placed on surveillance (decryption of all communications) of citizens - monitoring Internet traffic and protection against criminals seems neglected. The recurring crypto debate can therefore be described as a distraction of citizens from the real risks of the Internet.

Politicians must ask themselves how they intend to guarantee the fundamental right to physical integrity[24] - for example, in hospital cases and in the supply of vaccines[25]. Attacks such as the SolarWinds case discussed here can no longer be detected, investigated or even repelled, even by well-funded companies.

The aim of politics must be to identify attacks and warn companies and authorities in good time by pointing out previously unpublished security loopholes, backdoors and covert channels. Such an initiative belongs in the IT security law.

Two basic techniques for identifying backdoors and covert channels[26] are the analysis of a system's resources and a thorough static source code analysis. Experience shows that only 30% of covert channels can be detected thanks to tools.

Not very helpful is the Microsoft suggestion[27] to create a signature about the attack practiced in SolarWinds and compare it with current data streams - comparable to anti-virus programs. This may detect the SolarWinds hack, but hardly any other.

A constructive approach to the topic is the 'Internet Governance Forum' (IGF)[28] of the United Nations and the 'Council to Secure the Digital Economy' (CSDE) of the IT and telecom industry.

9. Final assessment

The total damage can only be estimated by those affected (companies and authorities) with great effort - and only if logs have been created automatically at various levels.

Further, attack vectors - beyond the 2 published backdoors - are still likely to be identified - possibly not even using the Orion software; in any case, all statements such as "was not spied on, not sabotaged" are not technically justified. In addition, the 'usual' security errors can be seen, such as publication of passwords, too long reaction times after malware detection.

If the impression is given here that this case is one of the few exceptional ones, the impression is wrong. Comparable attacks - perhaps not with this scope - are commonplace. Accordingly, 5 days after the case was published, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive asking U.S. agencies using SolarWinds products to forensically analyze the case and block network traffic to addresses outside the organization. Agencies without the appropriate expertise should immediately shut down the products due to possible compromise.

 

 

This paper represents the released executive summary of a confidential audit report security testing a German company.

 

 

[1] Prof. Dr. Hartmut Pohl, Geschäftsführer der IT-Sicherheitsberatung softScheck GmbH Köln – Sankt Augustin
https;//www.softScheck.com Hartmut.Pohl@softScheck.com

[2] https://bit.ly/35gbyb5

[3]  For example, the source code base of Windows (Microsoft) was successfully accessed (https://bit.ly/2JA91AC); so far unconfirmed (but probable) are accesses to the supply chain, which - as with the access to the SolarWinds supply chain - enabled backdoors in over 85% of all computers in the world. The political and economic consequences were studied decades ago (https://bit.ly/3rK8ZHN), but were not understood: Worldwide, almost all computers and thus the Internet can be shut down by attackers within a few days or even abruptly. Terrorist interests (sabotage) cannot be ruled out.

[4] https://bit.ly/38NCIH1

[5]  https://bit.ly/34YHuQP

[6]  https://bit.ly/3o2ZO2Y

[7]  https://bit.ly/2WW1jE2

[8]  https://bit.ly/353iecp

[9]  A rough (unconfirmed) overview of CISA can be found on the Internet (https://adobe.ly/386Cvj1): Belkin, Cisco, CrowdStrike, Deloitte (since June 20019), FireEye (with CIA involvement), Intel, Nvidia, Siemens, VMware. A number of US government agencies were also compromised by the malicious software. For example, the hackers reportedly managed to penetrate the Department of Homeland Security, the Department of Treasury, the Department of Commerce and the Department of Energy, and the systems of the U.S. Atomic Weapons Agency, airport networks such as Austin, the NSA, ... Thus, the sectors affected are telecommunications, aerospace, and defense and health care. Furthermore, companies in Great Britain and Turkey are mentioned, as well as cloud/hosting providers in particular, such as Amazon, DigitalOcean, Microsoft Azure. Also, the UK National Health Service, the European Parliament and NATO.

Classic ransomware attacks, on the other hand, seem to be those on Aida, Funke, Hetzner, Symrise, etc. The German government stated that there were no accesses to its systems.

Simultaneously, Microsoft has also admitted to a successful attack - although it has not published how long the attackers have been active in Microsoft networks. (https://reut.rs/352s1PQ)!

Since the attack took place months ago, some companies no longer have the forensic data that is essential for a full investigation.

[10] https://bit.ly/382txUb

[11] https://bit.ly/382Sq1Y

[12] https://bit.ly/3pHJl4n

[13] https://bit.ly/2L7igZy

[14] https://bit.ly/38QBUB4

[15] https://bit.ly/38Prwd3, https://on.wsj.com/3hIujZG

[16] For reasons of practicality, the message (in this case the update) is first hashed and this hash value is encrypted into a check digit using a (strictly secret) private key from SolarWinds. Only with the corresponding public key the check digit can be decrypted again, so that the update appears authentic from SolarWinds and unchanged. The unauthorized use of the signature method therefore requires that the attackers could read and use the private key without authorization!

[17] https://bit.ly/38Prwd3

[18] Backdoor or trapdoor. Concealed (undocumented) sequence of instructions (programs, program parts in hardware, firmware, microcode and/or software) that enables access to an IT system by bypassing the security system (access control system).

[19] Therefore, a kill switch was installed on the associated command & control server, which automatically deletes the back-door when called by the manipulated software. https://bit.ly/350NqZQ

[20] Web shell 'Supernova' embedded in Orion code by another attacker.

[21] In June 2019, The New York Times reported that U.S. Cyber Command had penetrated Russian electric utilities deeper than ever before and deployed malware. https://bit.ly/38MwOG3

[22] https://bit.ly/34ZsUZh

[23] https://bit.ly/2MoRjBl

[24] https://bit.ly/2MoRjBl

[25] https://bit.ly/3aVA84z

[26] Covert channel. Logical channel that is not intended for information transmission - nevertheless enables unauthorized and covert (non-documented) transmission, i.e. exchange of information and thus violates the security policy of the IT system. Two classes of covert channels are distinguished covert storage channels and covert timing channels. A covert channel is a channel that allows information to flow between at least two cooperating entities in a manner that is contrary to the security objectives - without being controllable by access control, i.e. it violates the security policy.

[27] https://bit.ly/3834v76

[28] https://bit.ly/3o3kPKK

Read more...

According to soothsayers, the world faces the beginning of the apocalypse in 2021

Apocalypse now

Surely humanity is used to a lot from psychics, fortune-tellers and prophets who emerge from the historical mothballs every year again to deliver the spooky predictions for the next twelve months.

This time, however, it seems different.

The seer from the Balkans, called Baba Vanga, accurately foresaw the events of the past twelve months almost 30 years ago. It should be noted that Baba Vanga has been dead for three decades. 

She predicted Corona or COVID-19. Many of her predictions did not come true in the predicted years, but they did come true later, such as the September 11, 2001, attack on the World Trade Center, the 2004 tsunami disaster in Thailand, and other events that instilled great fear in humanity. 

2021

Unfortunately, the seer from the Balkans has nothing good to report for the year 2021. Strange events that will cause Vladimir Putin to fall victim to an attack to be carried out by an employee of his bodyguard.

She has no good news for Donald Trump either, the American autocrat will suffer from a mysterious disease. This disease disintegrates his brain, as the woman put it when she was alive, leaving him a deaf, disoriented man.

Unfortunately, things don't look good for humanity either. In the year 2021, when the Earth's orbit is also supposed to shift due to a strong solar flare, there are violent floods everywhere and fights for living space.

Further trouble threatens humanity, especially in Europe, from invading marauders who are gradually depopulating Europe with chemical weapons and then taking it over. There are to be fierce terrorist attacks on the continent. These acts of war are to continue until 2025, leaving the continent of Europe simply deserted. Allegedly, three dragons will unite into one and wipe out humanity. There has also been speculation about whether biological weapons will be used to fight in Europe.  

After these changes, Europe's economy is said to collapse completely.

There is to be famine and constant warfare.

In addition, it is reported by Baba Vanga that the first mission of humans to Venus is being prepared. However, this is being done secretly and behind closed doors.

However, she had one piece of good news for the year 2021, that a cure for cancer will be found, literally this disease will be locked up with iron. As she put it.

The seer from the Balkans had the same visions about the year 2021 as the seer Alois Irlmaier and the prophet and doctor Michel Nostradamus had already had in the Middle Ages. All three prophesied a year of catastrophes for 2021. We know from Baba Vanga that she had a hit rate of about 85% in her predictions. We can only hope that she was wrong in 2021 and that none of the bad events will actually happen.

Read more...

North Korea's propaganda channel portrays the country as an outpost of the Garden of Eden

Strange propaganda channel

For those who didn't know, North Korea has found an instrument of international self-promotion. In YouTube.

The unknown beauty from the channel, depicting the horribly distorted life in North Korea, portrays the country like a branch of paradise. 

None of the insane video shoots correspond to the lived truth in Kim's socialism and the sectarian structure of the Juche, the state doctrine in North Korea. 

Of course, this channel completely misses the realities and does not show the concentration camps, the hunger, the oppression, but simply the delusion of the regime in Pyongyang. Human rights are trampled on in the country just to ensure the possibility of survival for the Juche and its vile officials. 
 

Here are some of the Echo of Truth videos that one can only marvel at. 

 

Read more...
Subscribe to this RSS feed

More News

Trump's million march seems more like a two-bit frolic

Trump's million march seems more like a two-bit fr…

06 January, 2021 | Hits:253

Trump leaves behind a shambles that once called itself the USA Now, Trump h...

Perhaps Trump sets the execution method for himself - The legacy of Donald Trump (1)

Perhaps Trump sets the execution method for himsel…

28 November, 2020 | Hits:435

Trump's whimsical legacy - that of a break clown   Accountant of deat...

Trump falsifies the presidential election in front of everyone

Trump falsifies the presidential election in front…

03 November, 2020 | Hits:421

Update  November 4th, 2020   LIVE: President Donald J Trump ht...

U.S.

Trump heralds the end of Twitter - a presidential order is in preparation

Trump heralds the end of Twitter - a presidential …

16 May, 2020 | Hits:1151

Update May 28, 2020 Twitter and Trump   With the social networ...

Sections

At the Scene

World News

  • Antarctica
  • Latinamerica
  • US and Canada
  • North Polar
  • Russia
  • Europe
  • Asia
  • Oceania
  • Australia and NZ

Tools

About Us

Follow Us