China, Trudeau and the balloons

First, a breakdown of Trudeau’s tough-talk presser on the balloon he pretended to order the USAF to shoot down. The host made a claim that Canadian jets cannot make that altitude. Unless we actually have F22s, he is right. The ceiling on an F18 is listed at 36,000 Ft at one link. 50,000 at another though.
But the real thing here is that Trudeau actively encourages breaches of our national and sovereign territory by anyone and everyone who will be a threat to Canada. Sometimes paying them 8 figures if they are enough of a threat.

At Roxham Rd. in Quebec, the RCMP have been turned into bellhops and they even built a special structure so that the public cannot see the masses coming across the border illegally. The idea was to stop reporters who aren’t under government payroll from photographing or videoing the deliberate destruction of Canada in this particular manner. So to hear Trudeau talk like this is just another form of contempt he has for Canada, and Canadians. Remember, with the left, the point is never the point. The revolution is always the point.

There is not a lot of substance in this first video. Watch at 1.75 speed. Once he starts on reading people’s tweets you can stop.

Richard Fadden has always been good. Which is probably why he isn’t head of CSIS anymore. One wonders what this interview was like before the censors at CTV got to it. Mr. Fadden was warning Canadians that China owns a lot of our politicians for over a decade.

CBC from before 2014. At this point there was a trace of information left in CBC’s operations and a touch of speaking truth for the purpose of keeping power in check.


In a conversation with a friend last night, he used a phrase about current events which I thought was so accurate, we made a meme of it. Chances are, Canada will feel the effects of the Chinese effort to take Taiwan far far more than we feel Russia’s ambitions to annex the Donbas.

Please download and read this document called, “The Secret Speech of General Chi Haotian. This claims to be a speech given as to ambitions, rationale and methods for Chinese global manifest destiny. The analysis of Nazi methodology alone is worth the time to read it.

One wonders if the Chinese are 80s rock fans. The lyrics are closer to the events today than I had remembered.


Curious article on arrests and NATO cyber-hacking in Italian news

Thank you Gary for the translation:

From the image below:

Defense in the Crosshairs

A hacker at Leonardo arrested . Worked for NATO and PM

D’Elia was consultant for the group. Removed 100,000 files. “Sensitive and military data saved” House arrest also for an employee
-by Claudio Antonelli

An “earthquake” in the world of cybersecurity. A raid by the Prosecutor’s (Office) in Naples has resulted in house arrest for an interim consultant and an employee of Leonardo directly employed at the CERT. (Cyber emergency readiness team), The division that is assigned to block hacker intrusions. The accusation by the Public Prosecutor is very serious. It is believed that for two consecutive years, he (penetrated) 33 computers used at the establishment of Pomigliano d’Arco, used by employees of Leonardo and approximately another 60 used from outside or other companies like Alcatel.

“It has emerged, in fact,
Inset: According to the prosecutor a trojan was used in the computers of Pomigliano d’Arco
……that the malicious software , in the statement released by Prosecutor Giovanni Melillo, for a year, the husband of English ambassador, Jill Morris, “acted like a true trojan of new engineering, inoculated through the insertion of a small USB key in the personal computers being spied on, in a way as to automatically forward each action of the operating system.”

In practice, it was possible for the hacker to intercept what was typed on the keyboard of the infected (computer) station and capture the frames, making a sort of screenshot.
The investigations finally have allowed the reconstruction of the “anti-forensic” activity of the attacker, who, connecting it to the command and control center of the website “fujinama”, after downloading the stolen data, remotely cancelled each trace on the compromised machines.

“The informatic attack, thus carried out, according to the reconstruction by the communications police is classified as extremely serious given the persistence and length of time, the statement continues. According to the charges, over 100,000 files are believed to have been taken from just 33 computers, equal to at least 10 gigabytes of data, chiefly from Leonardo.

The company, for its part, has released a statement pointing out that the activity relative to the site of Pomigliano is not of a military nature and that “ classified or strategic data is handled in segregated areas without connectivity, and therefore, not present in the establishment.” According to Verita, in the network of illegal fishing, there is no end of sensitive files for national security, so much that in these months of investigation, the Dis.* (Sistema di Informazione per la Sicurezza della Repubblica) would not have been alerted.

To understand, however, the exact contours of the matter will be difficult Giving the alert was the same giant (Leonardo) led by Alessandro Profumo, reporting (in January 2017) devious flows coming from computers in use at the establishment where they insist that Boeing, for over a year, was interested in a partnership with the Chinese of Comac. Verita is able to reveal that the representative of the company to conduct the investigation was reportedly Antonio Rossi, among the responsible persons at Cert. who, however, has ended up under house arrest charged with corrupting the tests.

Finally, to stir interest from a journalistic point of view, there is the name of another protagonist of the story, as of yesterday, under house arrest with the even heavier charge of illegal access, illegal intercepts, and illicit handling of data. This is Arturo D’Elia, certainly not a novice in the field of cybersecurity. Over the years, he is believed to have worked for several Italian prosecutors’ offices and for other sensitive companies. Like Alenia Aermachi and Alcatel. Now an injured party of the Naples case. In the curriculum of the expert, there are “spicier” jobs. From 2010-2015, he was a consultant for NCI, the government agency of NATO, concerned with cybersecurity, missile defense, and NATO information technology systems spread around the globe. Work that has brought him considerable expertise (or money?) given that he was reportedly tapped in the past with piercing the security of an Alliance site on Italian territory.
If that isn’t enough to comprehend the weight (importance) of D’Elia, it is helpful to take a further step back in his resume to the beginning of his activity.

He himself on Linkedin states that he has lent his consultant services to Afosi. The acronym will not say much to most (people). This is the Air Force Office of Special Investigation, with its base at Quantico. Translated: The counter espionage of American aviation. We don’t have knowledge if what is stated in Linkedin is true. For sure, if D’Elia decided to talk to investigators , he could say a lot about his cyber capacity.

It remains to be understood what caused the sudden acceleration of handcuffs (arrests) in a case initiated almost three years ago. And that it happened at a very delicate moment for the world of Defense and geopolitics in general. Change of presidents beyond the Ocean and Europe confronts a delicate transition destined to modify the (particulars) of numerous bi-lateral relations on four corners of the Continent.

[Some of this doesn’t make perfect sense. If anyone who speaks Italian wishes to add corrections to this, please post them in the comments. Thank you Gary for the work on this.]

Three authoritative articles on the massive attack on Western systems

1. From an excellent source:

2. The Strategic Implications of SolarWinds

(Article from left leaning site, but we are told, this is a good summation. Apparently, ONLY the Penatgon has not been hit.)

Recent reports of a widespread Russian cyber infiltration across U.S. government networks are a sign of how great power competition will play out in the 21st century. The new great power game is digital, with the shadowy alleys and cafes of Cold War spy games replaced by massive data breaches and compromising corporate security. Some strategies see this world as dominated by offensive operations—but the SolarWinds case suggests the opposite. The U.S. Cyber Solarium Commission, on which we served, found that the future of cybersecurity strategy will come to rely on layered cyber deterrence to enable defensive denial operations, international entanglement and cost imposition when aggressors defy the norms of the international system. The SolarWinds hack emphasizes the importance of implementing this strategy. 

It’s simpler to list the agencies that have not been caught up in the SolarWinds infiltration, which was run by Russian hacking group APT29 under the umbrella of the Russian intelligence services, the SVR. So far, only the intelligence community has not been reported to have been breached. 

3. Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations


This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework. See the ATT&CK for Enterprise version 8 for all referenced threat actor tactics and techniques.

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.

One of the initial access vectors for this activity is a supply chain compromise of the following SolarWinds Orion products (see Appendix A).

  • Orion Platform 2019.4 HF5, version 2019.4.5200.9083
  • Orion Platform 2020.2 RC1, version 2020.2.100.12219
  • Orion Platform 2020.2 RC2, version 2020.2.5200.12394
  • Orion Platform 2020.2, 2020.2 HF1, version 2020.2.5300.12432

Note (updated December 19, 2020): CISA has evidence that there are initial access vectors other than the SolarWinds Orion platform. Specifically, we are investigating incidents in which activity indicating abuse of SAML tokens consistent with this adversary’s behavior is present, yet where impacted SolarWinds instances have not been identified. CISA is working to confirm initial access vectors and identify any changes to the TTPs. CISA will update this Alert as new information becomes available.

Thank you ML for these materials.