A planet called Corona

A planet called Corona

  The crisis arou...

News from the Gang of Brabant

News from the Gang of Brabant

Update: update 12/17/2...

Die Stem van die Apartheid (1/1999)

Die Stem van die Apartheid (1/1999)

South African diaries of ...

Prev Next

The Patch is the Attack

The Patch is the Attack

A current assessment of the SolarWinds hack

Hartmut Pohl[1]



The attack was first detected by the affected IT security company FireEye[2] around December 8, 2020; FireEye warned against the use of its security products, but denied that stored, unpublished vulnerabilities (zero-day vulnerabilities) had been read. The perpetrators manipulated an update of the network monitoring platform Orion of SolarWinds Inc. in such a way that a backdoor (currently two have already been published – may be more next week) was installed in the approx. 18,000 of the approx. 300,000 customer systems (supply chain attack). Customers are the public sector in the USA, Great Britain and the world's largest companies in all sectors (defense companies, technology companies, banks, consulting, pharmaceutical/chemical, telecommunications and raw materials companies) in North America, Europe, Asia, the Middle East and in Germany[3] too like all the states of the European Union.

Given the immense impact of the attack (copying of data and programs and manipulation of programs), the attack is likely to continue to be studied in detail[4] - and also imitated, and attack documentation (despite an expected very high price) will be sold like hot cakes to criminals and interested security agencies. Companies and authorities should therefore prepare themselves by taking preventive measures. The probability of occurrence is rated internationally as very high.


U.S. federal agency systems were also compromised in the attack, with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issuing an emergency directive instructing all federal agencies to immediately shut down affected Orion products.


The SolarWinds cyberattack is not an isolated incident. Microsoft[5] alone has sent more than 13,000 warnings to customers in the last two years. The aim of the backdoor installation is to remotely control systems globally at this manufacturer's customers. At present, the perpetrators seem to be only partially concerned with financial success (extortion). This also applies to attacks in the healthcare sector; they are currently not (yet?) targeted specifically at individual patients.


The methods used by perpetrators are consistently at a very high technical level and demonstrate years of experience. Such specialists can be found not only in all industrialized countries, but also in so-called developing countries. However, such attack techniques are not researched and taught at public universities. The first criminal attempts date back to the beginning of the 1970s in Germany.

Summary and ideas

Attacks on IT systems are increasingly being carried out by companies specializing in them.

By escalating to the many victims of an attack (here approx. 18,000) the expenditure for the attack preparation sinks to about 500 K$ with an expected revenue of currently 500 - 10,000 K$... in each case per victim. Prefinancing is possible by organized crime or intelligence agencies. Further such technically well-crafted attacks can therefore be expected.


The attackers planned and implemented the attack over about 3 years. Between the first unauthorized access and the spying out of data and programs alone, about 6 - 18 months pass; this has already been pointed out by international studies (also in German-speaking countries).

An illusion is the frequently encountered opinion that once IT production is up and running again, the attack has been averted. In any case, restarting is not a sign of averted attacks. Unless at least the exploited attack points such as undetected security vulnerabilities (zero-day vulnerabilities), backdoors, covert channels and the like have been eliminated, renewed attacks must be expected. This is likely given the market power (technical capabilities, core personnel) of commercial hacking companies. The powerlessness in the face of the hacking companies also shows the helplessness of the affected U.S. government agencies.


Theoretically, only companies whose financial creditworthiness was considered sufficiently good by the perpetrators were attacked. The perpetrators attacked repeatedly (when the opportunity arose).

1. Current situation on the Internet

Politicians and also decision-makers largely lack an understanding of the risks of attacks on (their own) IT. Accordingly, the IT manager is asked whether everything is safe. Therefore, independent advice from 'outside' is not sought at all. Especially since the attackers usually proceed cautiously to conceal the attack from the victim for up to several years.

2. Perpetrators

Of course, it was the Russians (Pompeo knows); but it was the Chinese (Trump guesses). Much speaks for Korea - but only because a Korean word was 'found' in the source code (maybe rather North Korea)? If you can't think of anything else, the hackers were at least 'close to the state'. All this is nothing more than the usual political propaganda of politicians (cf. the 'rogue states'), which can only be clarified in a technically extremely complex way.

Basically, a typification of perpetrators according to script kiddies, freaks, hackers, crackers, etc. seems outdated. The diverse and complex attack possibilities require competencies and personnel in all areas of cybersecurity that cannot be provided by individual companies, municipal administrations or private individuals[6].


In the last 5 years, companies have developed internationally that carry out new attack procedures developed worldwide according to the motto 'Crime as a Service (CaaS)’[7] against payment for clients.

A distinction between perpetrator groups[8] such as script kiddies, insiders, hackers, hacktivists, cybercriminals, state-sponsored groups, 'intelligence agencies' (government institutions such as security agencies) are a thing of the past: Increasingly, hacking groups are commercialized - i.e., attacks are carried out by specialized companies under contract for a fixed fee or a revenue share of, say, 30% (ransomware). A corporate structure with minimal departments such as personal, marketing, accounting and production etc. is in place. Thus, it is carefully analyzed whether and how the company intended as a victim is actually liquid to the desired extent (profit orientation). The personnel strength of attack companies is up to 20 employees - with up to 15 IT specialists; free-lancers are brought in for special tasks.

3. Affected parties

Many U.S. federal ministries and companies have come forward or been published. The German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik BSI) has informed affected German companies. In fact, probably 18 - 35 thousand SolarWinds customers[9] are affected, with a total of more than 300,000 worldwide.

4. Attack targets

The reports about reached attack targets are diffuse. Apart from marketing statements, it must therefore be assumed that valuable company data were spied out (security tools, exploits, medical devices) and that manipulations were also carried out on control data of production processes (IoT[10]) for vaccine production[11] and for the production of chemicals and medicines: Sabotage. Use for terrorist purposes cannot be ruled out - but has not yet been proven. One of the targets is likely to be data in (private and public) clouds (e.g. Microsoft Office 365 accounts).

5. Attack sequence

Overall, this hack seems to have a technical significance comparable to the ongoing (!) hack on the German Bundestag[12], Stuxnet[13] or NSA[14]. These attacks together show used techniques of the state of the world attack technology; here only the SolarWinds hack is referred to:

A. The first evidence[15] of unauthorized manipulation of Orion updates dates from October 2019 - also about 14 months before the attack detection.

B. The exploited attack points of SolarWinds systems are as yet undisclosed or even unidentified. The only possible attack points are unpatched, unpublished, or even undiscovered vulnerabilities. Experience shows that unpublished (zero-day vulnerabilities) - at least vulnerabilities not known to SolarWinds or at least not patched - are exploited for this purpose (initialization of the attack: March to June 2020). As long as this entry point is not identified and patched, the following steps can be repeated at will by the attackers.

C. The two (or more) groups of attackers make themselves independent of this vulnerability by installing (at least) two backdoors in the SolarWinds system. These backdoors are not published or identified by SolarWinds.

D. To make the tampered update appear authentic, the update is correctly digitally signed[16]. Code signing is one of the most important security measures of global software companies. If the signature can be forged, it opens the door to any abuse of authentication and integrity checking in the first place.

E. In the source code of the update, the malicious code is obfuscated (steganography); in operation, the runtime environment is checked to see if it is a corporate network or, say, an analyst's workstation.

F. With an update for the SolarWinds Orion Business Software manipulated with almost 4,000 lines of code[17], a backdoor was installed in the customer system (Orion Monitoring Software) for the first time[18]. As long as a backdoor is not identified and closed, the following attack steps can be repeated at will.[19] This applies analogously to the second backdoor that has been published meanwhile[20], as well as to any further backdoors.

G. Further backdoors are realistic. As long as not all backdoors are identified and patched, further similar attacks must be expected.

Through the backdoor, further - possibly also updated - code from a command&control server is infiltrated or a (also permanent) connection between attackers and the target system is generally established. Thus, files are transferred, executed, the system is parameterized, system services are activated and deactivated, and computers are rebooted. The transport protocol is similar to the SolarWinds protocol.

H. The backdoor is conveniently embedded in one of the SolarWinds modules installed in the target system. If the attackers know of other software (such as standard software from vendors like Microsoft) in the target system, the backdoor can be installed there as well. An attack lasts as long as the backdoor can be exploited. In other words, the built-in backdoor is the linchpin. Attackers build in several backdoors for resilience reasons; after identifying a (first) backdoor, the victim often believes that the attack has been repelled and is therefore over. In some cases, they even ask for 'proof' why they are still looking for further backdoors. 

Of course, further steps by the attackers are possible, such as copying and deleting (all) data of the attack victim and encrypting (ransomware). Copying of security information is especially relevant when unpublished security holes are collected - e.g. for law enforcement purposes. Even before the investigation was completed, such theft was denied by FireEye.

I. After this attack was discovered, the backdoor was identified by the manufacturer and closed with a (signed patch); it can be assumed that the attackers do not use the (closed) back-door anymore. At this time we can only speculate about the use of other backdoors.

J. There is often more than half a year between the installation of the backdoors and their exploitation - the period can also last up to 18 months. The decisive factor for this duration is that the attackers want to be sure that the victim does not notice their attack.

Basically, it cannot be proven that a system is backdoor-free. This means for the mentioned hacking cases like NSA, Bundestag a proof cannot be provided. And it also does not mean that the cases are actually closed. However, the attackers will move cautiously not to give any hint of their activities.

6. Damage and amount of damage

No serious damage assessment can be made because of the person-year effort. Official estimates are likely to remain secret.

The attackers also used novel malicious code that was not (yet) stored in the Department of Homeland Security's (DHS) multi-billion dollar intrusion detection system 'Einstein'.

A cleanup of the known manipulations is expected to take far more than 6 months.

However, the USA also attacks other states in this form[21].

7. Protective measures after attack detection

The manufacturer recommends updating to the latest Orion Platform version 2020.2.1 HF 1 as soon as possible to ensure the security of the environment. However, it is doubtful whether a simple update of the Orion Platform is sufficient to eliminate an infection, given the complexities involved. Anyone who has used the compromised software builds has no choice but to check and forensically analyze the affected systems. The signatures of the two published backdoors are available for this purpose.

Identifying backdoors is easy if they are at least partially known, as in this case. It is more difficult to identify more backdoors, especially those that have not yet been detected or have not yet been published. The latter requires a sophisticated methodology. It is easier to identify backdoors that misuse documented input or output interfaces.

The scope of recovery measures depends on the value of the processed data and controlled processes (risk analysis) and ranges from a simple update of the Orion software to immediate disconnection from the Internet, installation of new devices and software, and a check of all stored data; after all, attack software can be stored anywhere - in (standard) software, in firmware and microcode of devices and controls, and also in data. Only after a new really comprehensive check can the system be put back into operation.

Simply attempting to restart without further action can be negligent. Anti-virus programs and installing the latest updates etc. can also help against this particular attack[22]. However, these measures are unlikely to detect modifications to the attack. Affected parties should carefully consider whether the successful attack should be made public.

8. Preventive measures

Commercial and government intrusion detection systems are of little use if they fail to detect documented attacks. Legal measures[23] such as the requirement to report attacks within 60 calendar days fall completely flat in the face of detection of attacks only after at least 6 months up to 18 months - 13 months in the SolarWinds case. The impression is created that the U.S. authorities are developing excellent attacks, but are not in a position to adequately protect themselves against attacks by third parties.

In Germany, great emphasis is placed on surveillance (decryption of all communications) of citizens - monitoring Internet traffic and protection against criminals seems neglected. The recurring crypto debate can therefore be described as a distraction of citizens from the real risks of the Internet.

Politicians must ask themselves how they intend to guarantee the fundamental right to physical integrity[24] - for example, in hospital cases and in the supply of vaccines[25]. Attacks such as the SolarWinds case discussed here can no longer be detected, investigated or even repelled, even by well-funded companies.

The aim of politics must be to identify attacks and warn companies and authorities in good time by pointing out previously unpublished security loopholes, backdoors and covert channels. Such an initiative belongs in the IT security law.

Two basic techniques for identifying backdoors and covert channels[26] are the analysis of a system's resources and a thorough static source code analysis. Experience shows that only 30% of covert channels can be detected thanks to tools.

Not very helpful is the Microsoft suggestion[27] to create a signature about the attack practiced in SolarWinds and compare it with current data streams - comparable to anti-virus programs. This may detect the SolarWinds hack, but hardly any other.

A constructive approach to the topic is the 'Internet Governance Forum' (IGF)[28] of the United Nations and the 'Council to Secure the Digital Economy' (CSDE) of the IT and telecom industry.

9. Final assessment

The total damage can only be estimated by those affected (companies and authorities) with great effort - and only if logs have been created automatically at various levels.

Further, attack vectors - beyond the 2 published backdoors - are still likely to be identified - possibly not even using the Orion software; in any case, all statements such as "was not spied on, not sabotaged" are not technically justified. In addition, the 'usual' security errors can be seen, such as publication of passwords, too long reaction times after malware detection.

If the impression is given here that this case is one of the few exceptional ones, the impression is wrong. Comparable attacks - perhaps not with this scope - are commonplace. Accordingly, 5 days after the case was published, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive asking U.S. agencies using SolarWinds products to forensically analyze the case and block network traffic to addresses outside the organization. Agencies without the appropriate expertise should immediately shut down the products due to possible compromise.



This paper represents the released executive summary of a confidential audit report security testing a German company.



[1] Prof. Dr. Hartmut Pohl, Geschäftsführer der IT-Sicherheitsberatung softScheck GmbH Köln – Sankt Augustin
https;// This email address is being protected from spambots. You need JavaScript enabled to view it.


[3]  For example, the source code base of Windows (Microsoft) was successfully accessed (; so far unconfirmed (but probable) are accesses to the supply chain, which - as with the access to the SolarWinds supply chain - enabled backdoors in over 85% of all computers in the world. The political and economic consequences were studied decades ago (, but were not understood: Worldwide, almost all computers and thus the Internet can be shut down by attackers within a few days or even abruptly. Terrorist interests (sabotage) cannot be ruled out.






[9]  A rough (unconfirmed) overview of CISA can be found on the Internet ( Belkin, Cisco, CrowdStrike, Deloitte (since June 20019), FireEye (with CIA involvement), Intel, Nvidia, Siemens, VMware. A number of US government agencies were also compromised by the malicious software. For example, the hackers reportedly managed to penetrate the Department of Homeland Security, the Department of Treasury, the Department of Commerce and the Department of Energy, and the systems of the U.S. Atomic Weapons Agency, airport networks such as Austin, the NSA, ... Thus, the sectors affected are telecommunications, aerospace, and defense and health care. Furthermore, companies in Great Britain and Turkey are mentioned, as well as cloud/hosting providers in particular, such as Amazon, DigitalOcean, Microsoft Azure. Also, the UK National Health Service, the European Parliament and NATO.

Classic ransomware attacks, on the other hand, seem to be those on Aida, Funke, Hetzner, Symrise, etc. The German government stated that there were no accesses to its systems.

Simultaneously, Microsoft has also admitted to a successful attack - although it has not published how long the attackers have been active in Microsoft networks. (!

Since the attack took place months ago, some companies no longer have the forensic data that is essential for a full investigation.







[16] For reasons of practicality, the message (in this case the update) is first hashed and this hash value is encrypted into a check digit using a (strictly secret) private key from SolarWinds. Only with the corresponding public key the check digit can be decrypted again, so that the update appears authentic from SolarWinds and unchanged. The unauthorized use of the signature method therefore requires that the attackers could read and use the private key without authorization!


[18] Backdoor or trapdoor. Concealed (undocumented) sequence of instructions (programs, program parts in hardware, firmware, microcode and/or software) that enables access to an IT system by bypassing the security system (access control system).

[19] Therefore, a kill switch was installed on the associated command & control server, which automatically deletes the back-door when called by the manipulated software.

[20] Web shell 'Supernova' embedded in Orion code by another attacker.

[21] In June 2019, The New York Times reported that U.S. Cyber Command had penetrated Russian electric utilities deeper than ever before and deployed malware.





[26] Covert channel. Logical channel that is not intended for information transmission - nevertheless enables unauthorized and covert (non-documented) transmission, i.e. exchange of information and thus violates the security policy of the IT system. Two classes of covert channels are distinguished covert storage channels and covert timing channels. A covert channel is a channel that allows information to flow between at least two cooperating entities in a manner that is contrary to the security objectives - without being controllable by access control, i.e. it violates the security policy.




Serienmord in Namibia – in Rehoboth und Okahandja




Leichenteile in der Region um Khomas

Normalerweise ist Namibia das Land der Schönheit für Einheimische und für Urlauber. Die ehemalige deutsche Kolonie zeigt sich für Ausländer von ihrer besten Seite.


Doch Namibia hat auch dunkle Seiten, nicht nur das ungesühnte Verbrechen an den Namavölkern durch die deutschen Kolonialtruppen unter von Trotha, sondern auch durch herkömmliche Kriminalität, wie Raub und Mord.

Was sich jedoch in den Jahren 2004-2007 abspielte, konnte selbst der Superstar der südafrikanischen Polizeipsychologen, Brigadier Dr. Gérard Labuschagne, nicht klären. Südafrika hatte nach den ungeklärten Morden ein dreiköpfiges Ermittlerteam aus Pretoria zur Unterstützung der Nachbarn übersandt.


Entlang der Autostraße B1, daher wurde der Täter der B1 Butcher getauft, wurden Tüten mit Leichenteilen von später teilweise identifizierten Prostituierten aufgefunden. Die Nationalstraße, die in Namibia von der Grenze Angolas bis zu der südafrikanischen Nordgrenze führt, streifte nur das Gebiet der Ablageorte. Juanita Mabula (21, in 2005), Melanie Janse (22, in 2005), Sanna Helena Ill Garoes (36,in 2007) wurden in gut organisierten Verstecken aufgefunden. Es wurden nur einige der Leichen identifiziert, die abseits der Trasse der Autostraße über Monate abgelegt worden waren. Alle identifizierten Opfer sprachen Afrikaans und Damara. Alle Opfer waren als vermisst gemeldet worden. Die Frauen waren tagelang, nach den Taten, in einem Kühlhaus eingefroren und später erst unbemerkt an die Fundorte verbracht worden. Die Taten selbst waren das Abscheulichste, was die namibianische Polizei bis dahin zu bearbeiten hatte. So entstand auch wider aller Informationen der Behörden ein in der Bevölkerung tief verwurzeltes Misstrauen durch die Taten. Die eigentlich schlimme Folge der unheimlichen Mordserie waren die Vorurteile, die aus der Situation entstanden, und zu regelrechten verbalen Hetzattaken auf deutschstämmige Bürger animierten, da die Spuren zu deutschen Verdächtigen führten.

Im Jahre 2007 wurde ein gewisser Heinz Knierim verhaftet, der ein Deutscher vor Ort in Namibia war. Ihm waren die Taten nicht nachzuweisen, obwohl er wegen einer Vergewaltigung festgenommen worden war. Er wurde auch in Deutschland wegen sexueller Misshandlung gesucht. Der Vorwurf der Vergewaltigung wurde aber letztendlich gegen 800 Namibia Dollar (etwa 50 Euro) eingestellt. Aber die Spur führte in die deutschstämmige Gemeinde Namibias und es gab einen regelrechten Aufschrei in dem südwestafrikanischen Land. Heinz Knierim war schwer erkrankt und wurde wegen fehlender Beweise 2010 entlassen. Das Regionalgericht in Katutura konnte der Anklage nicht folgen. Er legte Klage gegen das Land Namibia ein.
Namibianische Frauen riefen den Täter öffentlich auf, sich zu stellen und die fehlenden Leichenteile zur Beerdigung herauszugeben, was niemals geschah. Der Namibian berichtete seinerzeit ausführlich über die Serie und die Angst der Frauen.

Danach geriet Hans Husselmann ins Visier der Ermittler. Er nahm sich das Leben unter dem erneuten Verdacht, an den Morden entlang der B1 im Großraum Windhuk beteiligt gewesen zu sein. Trotz zahlreicher Bemühungen, wie auch im Fall von Hans Husselmann, der schon 15 Jahre wegen Mordes in Haft gesessen hatte, war es der namibianischen Sicherheitspolizei nicht möglich, diesen Serienmord zu klären.
Der Täter muss mit einer enormen Akribie und einem Hang zur Perfektion in seiner Tat vorgegangen sein. Auch das Profil passte nicht auf den verstorbenen Hans Husselmann, der erneut in eine Vergewaltigung verwickelt gewesen war und sofort in das Rampenlicht der Ermittler rückte, bis er sich dann das Leben nahm. Nach seinem Tod musste die Polizei zugeben, dass es nicht unbedingt Husselmann gewesen sein musste, vielleicht waren es Trittbrettfahrer oder mehrere Täter, räumte die Polizei ein.

Einige Jahre später wurden, nach weiterem Fund eines Kopfes, in Grootfontein, auch in Betracht gezogen, dass der Täter weitergezogen war, wahrscheinlich in Richtung Norden. Der Fall versandete im wahrsten Sinne des Wortes und konnte nicht geklärt werden. Vielleicht, so stellte einer der Ermittler, Nelius Becker, fest, hatte der Täter auch seine Vorgehensweise so geändert, dass weitere Morde erst in der Zukunft überhaupt entdeckt werden können. Es gibt kein Phantombild und keine Täterbeschreibung.



Trump- a disinforming and scolding lout in the biggest crisis since the 2nd World War

He lies, he bullies, he looks for scapegoats. That's all Trump's got to offer. 


The American president has blocked payments to the WHO. He justifies this because Trump lies WHO failed at the beginning of the Corona crisis when the virus from China became a threat. 

The truth is: Trump himself has made the mistakes and is now looking for a compliant scapegoat whom he can hold responsible for the failure of his policies, for the ever lying and ever nagging self-promoter. He, Trump is intellectually completely overwhelmed and tries it in attack mode. 

America can no longer afford Trump.

The world can no longer tolerate him and his psychopathic nature. 

Trump is not a doer. He is just a harmful troublemaker who does not know how to deal with democracy and therefore treats the critical press as if it were a dictatorship.

Trump is no longer appropriate for the times. Under his incipient megalomania, he wants to become the US dictator of the 21st century. 

Trump is becoming such a great disgrace to the democratic apparatus of the United States that now even the governors of the US states are mutinying and no longer want to listen to his eternal self-praise sloppiness. Trump cannot do anything else. He is not capable of mastering a crisis. For him, money is the means of choice to overcome any crisis—money that doesn't belong to him, but on which he now wants his insignia printed. Just to show: "This is Donald Trump. I gave you the check, so vote for me too." He abuses the office of President of the United States every day to excess. 

Donald Trump is too simple-minded to see necessities but brutal enough to let his countrymen die for election victory. Trump develops more and more into a dictator far removed from American ideas and into a nationalist who only brings shame to the world and above all brings shame to his people. He is not able to interpret and satisfy the elementary needs of the American people during the Corona crisis. 


Trump is an insult to the United States.

Trump is a liar and a rabble-rouser, which he does best. He is a disinformation. Donald Trump obfuscates. He doesn't think twice when he can call innocent people names. Donald Trump is incapable of criticism when he gives his daily briefings to the world public, to which even the favourite radio station of the American despot no longer wants to listen. Fox News. Nobody wants to have anything to do with him. He, the centre of the world, is now once again the one who has to put up with questions about his presidential administration. He can't. He doesn't want to either. 

Just when you see Trump, you think you have a sick man in front of you, who doesn't think before he says something, but only starts yakking away, without any sense or reason. During a pandemic that threatens humanity, withdrawing money from the United Nations Organization shows just how stupid Donald Trump is. He is not a businessman, at best, an unfriendly lout. Trump is a simple failure. He is the biggest loser of the whole Corona crisis because the virus has exposed him unscrupulously and presented him for what he is: a simple liar and cheat on his people. 

America must quickly draw consequences against this president, who is not suitable for the people before American democracy is severely damaged by the brainless actions of its would-be president. 



Was the cryptoqueen Dr Ruya Ignatova murdered? 

Substantial bounties and indictments from all over the world

Now Dr Ignatova has been almost two and a half years gone from the face of the earth. First, the woman who was not pregnant went on maternity leave and never returned. She ran the pyramid game OneCoin until she disappeared at the end of 2017.

There are also no longer any pictures that show the former fiery-eyed, always heavily made-up beauty, who went to school in Schramberg in the Black Forest, Germany, in more recent times.  


Her brother Konstantin Ignatov, nicknamed Konsti Keks, was arrested at the Los Angeles airport about a year ago after he had taken over the company from his sister in 2017. The US justice here the district attorney Cyrus Vance from New York has written a lengthy indictment against the Ignatov Clan.


"Konsti (Keks) cookie" in better days, screenshot Konstantin Ignatov Facebook

Billions are missing. Supposedly between 6 and 12 billion euros. No one was ambitious with millions.  It is these funds that are being sought, not the snobbish egocentric who suddenly disappeared into thin air in 2017, after she was apparently arrested at Munich airport, but was deported to Bulgaria days later. Until her disappearance, she was the ideal tool of the mafia.

The question is, is the public face of OneCoin still alive?


Probably not. The pressure is and has been very high internationally. It was suspected that Dr Ruja Ignatova could move freely within Europe with a Ukrainian passport. This passport is now attributed to a double. Even the rumour that she was taken in by a Russian oligarch was probably just a ruse that she was pulling when she could still act in public. The fact that she would sail across the oceans on her yacht Davina is also not actual. The luxury boat is anchored in Sozopol on the Bulgarian Black Sea coast. According to the employees, it is rusting there. The Sunseeker yacht is said to be for sale. 


The news of death need not be accurate, but manifold traces led back then already into the milieu, which does not talk long but acts very fast. Her brother testified that since 2017 he had no contact with his sister, who was then under the protection of a wealthy Russian. She had fled via Austria to Greece. After that, the trace of the cryptogoddess vanished near the mountain of Olympus. 


Early justified critics of the system were aware of constant death threats, which had to be taken seriously. Investors heard warnings straight from the mafia's maw. As it looks today, the Bulgarian, Italian and African mafia, led by the Russian mafia, joined forces to launder billions easily. At last, there was a consensus. Dr Ruja Ignatova was only the executive force, a puppet whose idea was perhaps adopted by the mafiosos. That's all it took with the Bulgarian woman. 

A frontwoman was needed. But the girl with the initially doll-like face, who was already extremely unpopular at school in Schramberg, was good for that. The underworld, genuinely enthusiastic about so much effort, just had to wait to legalize their formerly criminal machinations. The Blockchain was only the Trojan that triggered an unexpected hype. Probably even the initiators were overwhelmed with success. Quickly came the descent of the fairy tale princess, who for a time was the hope of millions of Blockchain disciples. At the end of 2018, it became too delicate even for the company's sales agent in Belize, when the US Federal Police FBI was already investigating the backers of the supposed digital currency after even the otherwise sluggish authorities of Belize had issued a warning supported by the International Financial Services Commission (IFSC). Consequence: Mr Santiago Gonzalez resigned.


As in any pyramid game, OneCoin was licensed to print and launder money. This time it was a blockchain, but it was founded for other purposes. Outwardly, the increasingly chubby woman looked like the leader of a financial sect, as seen in her 2016 appearance at Wembley, where thousands of followers cheered her on, and she chanted the crypto goddess. 

Her life sounded in the public performance of like the path of Cinderella, who escaped from late socialism, to become the Crypto Princess. "She grew up in Bulgaria until she moved to Germany at the age of 10. For a young, hard-working foreigner, the transition was not easy, and Dr Ignatova had to learn a new language and begin to prove herself. She lived in Germany both as a student and later as a businesswoman, where she developed her entrepreneurial spirit. She received her doctorate in law from the University of Konstanz, completed her law studies at the University of Oxford (M.Jur.) and obtained a master's degree in law at the University of Konstanz and a master's degree in economics at the Fernuniversität Hagen. Before founding OneCoin, Dr Ignatova was an Associate Partner at McKinsey & Company and managed one of the largest asset management funds in Bulgaria, CSIF, where she managed more than €250 million. Dr Ignatova was named "Businesswoman of the Year" in Bulgaria in 2014 by Lord Evgeni Minchev and "International Businesswoman of the Year" in 2012. Described by some as the "Crypto Queen", Dr Ignatova has become one of the world's leading cryptocurrency experts and visionaries".


OneCoin was founded in 2014 by Dr Ruja Ignatova in Sofia, Bulgaria, together with other people apparently from the Mafia society, such as the Swede Sebastian Greenwood. Many believe that Greenwood is the one who belonged to the mafia and should have the best connections to the Bulgarian government. Sebastian Greenwood was extradited from Thailand to the USA in 2018.  Any clear-thinking investor could have realized that Dr Ruja Ignatova, who holds a doctorate in law, had not invented the Blockchain, only the pyramid game that was attached to it by countless companies and dubious brokers.

Detached, Sebastian Greenwood with his former boss, Screenshot Facebook Greenwood

Quickly numerous offshore companies were established, such as through AMS Company Management Limited Suite 16, Block 5, Watergardens PO Box 417 Gibraltar, (which together with the parent company, Veska Ignatova, Pegaron Invest Limited, Sofia) offered an international platform for money laundering for drug and darknet shops, human trafficking etc. These services were provided on numerous underground platforms. On 27 March 2014 the absurd branch office was established in an offshore office service provider, here in the building in Watergardens in Gibraltar.


After that the Bulgarians were still listed in Sovereign Trust (Gibraltar) Ltd - Trust & Company Managers Suite 2B, 143 Main Street. This place was the last known address in the English enclave in Spain. There, where also the "exceptional Chris", who we edited in some articles, has or had his mailbox domicile. On 26 August 2016, Veska Ignatova applied to remove OneCoin Limited from the Gibraltar register of companies.

Main Street Gibraltar, kasaan media, 2019

But the rise of the Crypto Princess or the later Crypto Queen was like something out of a script: Hollywood could not have written the dialogues better for the frontwoman, who seemed more and more like a matron from another time. From the performance on "Dr Ruja Ignatova is the founder of OneCoin, the OneLife network and the OneAcademy. Born in Sofia, Bulgaria, Dr Ignatova today manages a company that is represented in almost all countries and on six continents."  Even probably in Antarctica, to make the penguins OneCoin tasty. The attentive observer should have already understood that. Besides, for all underprivileged people, there was the necessary foundation: It is not possible to say what extent the foundation developed, but it is said that considerable amounts of money were laundered here as well. Even Richard Branson, Bill Gates, Ben Bernanke and other celebrities had to be godfathers.


Screenshot OneCoin Instagram


2nd part The tracks lead to Gibraltar and Monaco


New York District Attorney's Office

Companies House Gibraltar

International Financial Services Commission (IFSC)

Gerlach Report

Black Forest messenger 


Trade journal


Bank of Ireland


own research




Coronavirus - scary information related to bats - the origin of the Covid-19 virus leads to a cave in Kunming

Opaque braid

The SARS COVID-19 virus is still a mystery; it seems to have an incredible ability to adapt. China accused the US of having brought the mysterious virus from America. By this, China probably meant the funding of the program at the Wuhan Institute of Virology. Disinformation campaigns from both sides are now commonplace. Trump, known as an absolute conspiracy theorist, fuelled the discussion. China by appointing Major General Chen Wei, who worked for many years in the Chinese People's Army's biological weapons programme, as the person responsible for combating the SARS COVID-19 virus in China.


What is the truth of this news first published in the Daily Mail?


It is evident in this context that bats have a high number of different viruses that can jump at any time in unhygienic conditions such as a wild animal market in Wuhan. However, this fact has been known not only since yesterday but also from the investigations into Ebola in the Congo. There, the virus was probably transmitted through wild animal markets, and again by captured bats. In early 2019, the Ebola virus was discovered in the long-winged bat of the species Miniopterus inflatus, which lives in caves and feeds on insects.

Project on bats funded by the Wuhan Institute of Virology laboratory experimented with captive bats from a cave in Yunnan, China. The animals were taken to a cave just over 1000 km from Wuhan, for whatever reason, were brought to Wuhan on behalf of whomever to experiment with these bats. The spicy thing is that the bats come from the cave where the SARS COVID-19 epidemic is said to have had its fatal beginning. This issue is what scientists claim to have discovered from the genome. This Wuhan Institute of Virology laboratory (a level four biosafety laboratory, which is said to be the highest level) is at the centre of many conspiracy theories about where the virus finally jumped over.  The laboratory is no longer funded by the US government, according to unnamed British government sources. Why did the United States of America research this virus via a laboratory in Wuhan in the People's Republic of China?


It is an absolute conspiracy theory that the Coronavirus was part of the People's Republic of China's biological weapons programme. The Washington Post already exposed this statement as fake news. The Chinese government should not be blamed in general. On January 26, 2020, however, the Washington Times wrote about documents that the laboratory in Wuhan would in one way or another stand by the Chinese biological weapons program. The newspaper probably referred to the testimony of former Israeli military intelligence officer Dany Shoham, who has been investigating China's bio-warfare, who said during an interview that the institute was linked to Beijing's covert biological weapons program.

So how can it be that the USA supported this laboratory?

So how did the virus escape, which has claimed more than 100,000 victims since the outbreak last November?

The most incredible statement in this context: "Bat samples were taken ten times at different seasons in their natural habitat at a single location (cave) in Kunming, Yunnan Province, China, from April 2011 to October 2015. Bats were captured, and faecal swabs were taken."


Who ordered these faecal swabs? The question is not answered or only partly explained. Allegedly, as the South China Morning Post reported on February 6, the scientists wanted to get a grip on the SARS virus.

In the laboratory about 20 kilometres from Huanan Seafood Market in Wuhan. One possibility would be that laboratory staff were infected by blood from bats, which then transmitted the virus at the wild market in Wuhan. Or perhaps one or more bats by a stupid coincidence came to the market in Wuhan, where it then jumped over, probably to another farm animal, which then, however, transmitted the virus to humans. A scientific treatise from China in English.


The discovery of a gene pool of bat-SARS-related coronaviruses provided insights into the origin of the SARS coronavirus. So does this mean that the SARS coronavirus was already known in 2017? What was done with the virus, knowing that bats in Africa transmit the Ebola virus?


And: Did Donald John Trump know about a series of tests that the United States had allegedly funded with 4 million US dollars years earlier? Is that why Trump had received the intelligence reports at the beginning of the year that pointed to a pandemic? Was the American President informed by the secret services that the virus had been examined in the laboratory? And did he wait, because he did not want to close down the economy due to the reason he would possibly lose the 2020 elections?

Is there a connection between the Ebola virus and the current SARS COVID 19 virus? Has the virus mutated in such a way that it is recurrent and recurs, as in South Korea, when the patient has already produced antibodies?

Or is a virus that exists naturally in bats?

What exactly did the laboratory in Wuhan want to find out?

Countless questions remain unanswered in this context, which only those responsible can clarify. 


Sources: South China Morning Post

               The Daily Mail

               Washington Times

               Pengpai news


               US National Institutes of Health

               Washington Post

               own research


My Gomera (1)


As if from a tale by Jules Verne

La Gomera is the most beautiful island of the Canary Islands. The volcanic island, with its bizarrely shaped rocks of cooled lava, is one of the most impressive formations in the Atlantic Ocean. Those who live here can say to have arrived at least in an antechamber of paradise at the southern tip of Europe.

Only 40 km away from the main island of the Canary Islands, Tenerife, and approximately at the height of the Moroccan city (Moroccan Western Sahara) Tarfaya, La Gomera offers ideal climatic conditions.  

After the end of Franco, a lot has changed here, although Gomera was already an insider tip in the times of the Spanish despot. At that time the hippies reviled by Madrid and the backpackers came to the island. From approximately 1970, more Europeans came to the island. Gomera is already a little, no very much Africa, not only when the Kalima (wind from the Sahara) comes. Also, the mentality has adapted to the African continent. 

The splendour of nature is unique. Under palm trees on the European mainland already extinct butterfly species fly. In the cool, almost fairytale forest further up, mountain streams flow like in the Alps. The fauna and flora are of unique beauty, especially in the Garajonay National Park. Moss-covered trees, which seem to be from a novel by Jules Verne. It is also the loneliness of some houses that makes the magic. The terraces are used for productive agriculture. 

The capital San Sebastián de La Gomera is located in one of these bays. The roads are relatively right, also in the hinterland and the valleys. Just come with us if you can't take a holiday at the moment: 

View to the sea south near Garajonay, hjk/mcvth/kasaan media, 2020



Cedro, hjk/mcvth/kasaan media, 2020


Las Hayas, hjk/mcvth/kasaan media, 2020

Casamatte in the rocks near La Dama,hjk/mcvth/kasaan media, 2020


A typical farm in the south of Garajonay National Park, watch out for the prickly pear cactus, hjk/mcvth/kasaan media, 2020



Marina La Gomera, hjk/mcvth, 2020


Agriculture in terraces and valleys, mostly tomatoes and potatoes, in the background the Teide on Tenerife, hjk/mcvth, kasaan media, 2020


Palm trees and sheep and goat farming on a small farm south of the national park, hjk/mcvth, kasaan media, 2020


Mercedes Benz, W124, 1978, hjk/mcvth, 2020

These vehicles can be found all over the island; one could almost assume that they are to be exploited thereby the general public. You can find cars, real oldtimers, for which a lot of money is paid in the rest of Europe, which do not exist anymore and which are slowly becoming rare here on the island.


Mercedes Benz, W124,1978, hjk/mcvth, 2020

Church of the Assumption in San Sebastián de la Gomera, hjk/mcvth,kasaan media, 2020


An abandoned house at the southern end of Garajonay National Park, hjk/mcvth,kasaan media, 2020


Surf near Valle Gran Rey, hjk/mcvth, kasaan media, 2020

  Washed up a shipwreck, southern coast, hjk/mcvth, 2020


Washed up a shipwreck, southern coast, hjk/mcvth, 2020







Today 75 years ago, the Buchenwald concentration camp was liberated.

Indescribable horror was revealed to the soldiers who invaded the camp. 

Those who cannot understand the horror should not deny it. 

What happened at the site near Weimar was part of the greatest crime in human history. 

Let us remember the victims of National Socialism. Resist the beginnings!




The access road to the crematorium, kasaan media, 2020



Retained buildings of the former disinfection and effects chamber, kasaan media, 2020


Information sign, kasaan media, 2020


Entrance gate with the cynical saying: Jedem das Seine, kasaan media, 2020



View of the site, kasaan media, 2020


Mars- traces of former civilization

Lost Civilization

If you are looking for clear traces of civilization, it is writing or parts of tools that were once left behind. This image is again from the rover Curiosity, which has been searching for years on Mars for traces of extraterrestrial life.

These signs can no longer be an isolated case.

Up to now, NASA expected a lot from it, and dismissed every discovery, now countless inconsistencies, as illusions.

A video now shows the strange characters that were found elsewhere on the red planet.

Another screenshot, in the same context:



Characters on Marsdlr, 2018  



Canadian Pharmacy Ltd -Spammers send their regards

update 10.04.2020 

Anti-Corona products are now also sold under countless names. These do not exist. There is also no vaccination up to now. There is no effective medicine against the current epidemic - except social distancing. The drugs offered under many trade names can be ineffective or in the worst-case toxic. Hands off dubious offers of chloroquine and hydroxychloroquine. Probably these drugs come from pharmacies in China, which nobody controls. 


Less is more

Thousands of spam messages from a dubious pharmacy are currently flooding the net. It's just before Christmas again and the spammers want to sell their products.

The offers are dubious like the registration number. Here, drugs are offered that probably do not even deserve the title drug.

In the offer Viagra and other potency drugs dubious offers, for which one does not need a prescription or a doctor.

International associations warn against pharmacies that do not have any approval or customer service. Neither are the drugs counterfeit, utterly ineffective or dangerous.

Most of the products on offer are produced in factories whose condition does not meet international standards. In the worst case, taking "drugs" can lead to death. Most of the time, the customers are just disappointed, but the pharmacy's affiliates are not. They send thousands of spams a day to the comment area of numerous companies to get at least one message through once.

The name of the pharmacy is changed if too many customers complain about the ineffectiveness of the colourful pills.

In Europe, there are enough pharmacies, also in online trade, which you can visit without having to fear health problems.

The rule is hands-off spammers from the pharmaceutical sector!



Son et Lumière - a French success story


What was first tried out at Chambord Castle in 1952 has since become very popular not only in other regions of France but also worldwide: the illumination of historical monuments utilizing special lighting effects and often combined with background music or storytelling. The sound and light show at the pyramids of Giza, for example, is very well known.

Extraordinary illuminations can be seen at various locations in Lorraine. Different cities use the most modern media technology to offer a spectacle to guests and locals alike, but also to draw attention to buildings and the exciting history of the region in an entertaining and sophisticated way. In summer, for example, there is video mapping at Metz Cathedral, a sound and light show at Toul Cathedral or the illumination at Lunéville Castle.


Hotel de Ville during the illumination, rm, kasaan media, 2019

But one of the most impressive is undoubted "Son et Lumière" on Place Stanislas in Nancy.


Duke Stanislas, former King of Poland, lived in France as Duke of Lorraine between 1733 and 1766. Through his building activities and ideas, he had a decisive influence on the present appearance of Nancy. The Place Stanislas, which was built according to his plans, is an architectural gem due to its uniform baroque architecture and is rightly considered one of the most beautiful squares in Europe. This square, which has also been included in the Unesco World Heritage List or, to put it correctly, the buildings around the square have been providing the canvas for spectacular illumination since 2007. Once only thrown onto the façade of the Town Hall, the show now comprises a total of five buildings, including the Opera House, the Grand Hotel and the Museum of Art.

  Stanislas 1

Nancy Opera on the Place Stanislas, rm, kasaan media, 2019 

Between 15 June and 15 September 2019, anyone can experience the 20-minute event, which is free of charge to viewers, on the square at 10.45 p.m. in the evening, or 10.00 p.m. since 16 August. A warm summer evening with a good meal in one of the many street restaurants and then a spectacle of the extra class. The technology is realised via eight projectors and seven media servers. About eight kilometres of cable had to be laid for this. But an effort that is enjoying increasing popularity. In 2019, around 900,000 visitors were expected to come to Place Stanislas in the evening.  

Scenes from the history of Lorraine are presented in eleven individual sequences and reminded of prominent personalities from the region, including the famous astronomer Charles Messier, who came from Lorraine.   

A particular focus in 2019 will be on a homage to the opera of Nancy, which celebrates its 100th anniversary.

And as the crowning finale to the opera, the Queen of the Night.


Year after year, some of the sequences are exchanged so that a visit is always worthwhile.

Lorraine and the city of Nancy are worth a visit - especially in summer.


Son et Lumière, kasaan media, 2019

Subscribe to this RSS feed

South Africa and Namibia


SARS Covid19 and the consequences - We stay at home and practice social distancing

SARS Covid19 and the consequences - We stay at hom…

22 March, 2020 | Hits:334

  Loss of reality is a matter of life and death. What is so difficul...

Cold Case

News from the Gang of Brabant

News from the Gang of Brabant

29 December, 2017 | Hits:272

Update: update 12/17/2018 Who recognises these number plates or vehicl...

South Africa

Die Stem van die Apartheid (1/1999)

Die Stem van die Apartheid (1/1999)

27 October, 2017 | Hits:228

South African diaries of the 1980s (1st volume)   A poem from Pieterm...


A planet called Corona

A planet called Corona

28 March, 2020 | Hits:285

  The crisis around the globe The Corona crisis has affected the whol...


At the Scene

International Editions

The Kasaan Times (Deutsche Ausgabe)

The Kasaan Times Norge Nyheter

The KasaanTimes UK Australia NZ

The Kasaan Times Hongkong

The Kasaan Times Österreich

La voix du Kasaan Times

The Kasaan Times  Edición española


About Us

Follow Us