This is a bit of an exception from my usual posts but I thought I’d add it here since people seem to have been struggling with this for years and since you can presently get this hardware around Toronto for as low as $10.

I happen to have a Rogers-branded box but I suspect this method would work just as well for any other any other branded CGN3 models. It might even work with other branded Hitron networking devices but that’s a whole lotta conjecture on my part.

Want local router, can’t log in

As mentioned, this simple bypass will only allow you to set up the CGN3 as a standalone router and assumes that you can’t log in to configure it for this purpose (otherwise just log in and configure it!) Usually this is because the device is brand-locked (e.g. to Rogers), and requires a confirmed cable internet connection before allowing you any further.

If you’re planning to use the router for cable internet access then you should go through the regular setup outlined by your ISP. If that doesn’t work then contact them for assistance (that’s what you’re paying for!)

Otherwise, use this method to connect your WiFi and wired devices together so that they can communicate. Typical uses include LAN gaming, connecting to local networked printers and scanners, using local webcams, accessing local network storage devices, local file sharing and media streaming, etc.

Instructions

1. Perform a full hardware reset on the unit and then turn it on (plug in the power supply).
   The manual claims that you only need to press and hold the hardware RESET button (the tiny button on the back that requires a paperclip), for about 10 seconds but I hold it longer just in case.
2. Use a computer or tablet to connect to the CGN3.
   The manual describes both the wired (Ethernet) and wireless (WiFi) methods. You might be able to use a mobile phone for this but I haven’t tried it and it seems like it would be a pain in the ass.
3. Fire up your favourite browser and go to the following URL:
   http://192.168.0.1/selfinstall/index.html#test_success
4. Open up the Developer Tools panel (CTRL-SHIFT-I or CMD-SHIFT-I in most browsers) and switch to the JavaScript Console tab (often just called “Console”). Then copy and paste the following code into the console, followed by ENTER:
   
   document.querySelector("#test").value = "1";
document.querySelector("#name").value = "";
document.querySelector("#pass").value = "";
initHistory();
   
5. Turn the modem off and then on again (unplug it and then plug it back in).
6. Reconnect back to the modem using your preferred method (see step 2).
7. In your browser go to:
   http://192.168.0.1/
8. Log in with the username “cusadmin” and same password as network password — blank, unless you specified some other value for the “#pass” part in step 4.
9. Configure away! (I recommend starting with changing the admin password.)

But why?

Again, it’s a cheap option if you’re looking for a wireless+wired router that supports 802.11b/g/n concurrent dual band (2.4GHz and 5GHz) along with WPA-PSK and WPA2-PSK security. It’s got pretty flexible configuration options and it can even act as a Samba (network) storage server — just plug a USB storage device or two in the back.

I can’t say that the CGN3 is the best router I’ve ever used but it works pretty well, most of the time. For the money, I can’t complain.

I’m not really big on end-of-year wrap-ups or retrospectives in general but I think it’s worth reviewing some of the things I’ve been following and projects I’ve worked on this year. By extension, I suspect that 2026 is going to be a busy year.

Ye Olde Yuletide Stats

Although I haven’t matched the zeal of the blog’s first year it’s nice to note that as TCL heads into its 16^th year it’s still going strong.

I know that the site’s stats are a minuscule drop in the ocean of modern internet traffic but it’s rewarding to note that TCL has a reach that is both global and for the most part organic, meaning that I spend exactly 0 minutes and $0 on promotion. By this mean I mean that I’m open to select and affordable promotions so reach out if you’re interested (see sidebar).

Core SPI

TCL readers may recall the SPI project. To wit, it’s an effort in which Toronto Police Service’s Calls-For/4-Service data is collected and analyzed over a multi-year period. Basically, any time the Toronto Police are dispatched to a call, whether valid or not, it appears in the C4S data.

Interesting patterns have emerged to my naked human eye and I suspect that subtler patterns may emerge to the digital eye. As an example, in the past I’d noted that the 12 overnight hours during Halloween seem like the busiest time for Toronto Police.

Do other interesting patterns exist within this data? Are there other observables that could be recorded and analyzed in a similar manner? 🤔Questions linger, efforts continue.

Artificial Intelligence

Now that we’re more-or-less living in cyberpunk land I thought it best to get in on the action. The early results of my experiments with generative AI were satisfactory but not always what I expected. However, the technology improved pretty quickly and I think I was just as astonished as most people by the human-like coherence of its output. We now have potential access to incredible tools with which to create realistic images, videos, sounds, and music.

I use the word “potential” because all these tools include some sorts of limits, primarily because they’re being hosted on remote servers by remote people living in remote realities. As usual, paywalls have been erected.

In response, I learned to adapt some of their stuff to my local, albeit limited, setup. The results make me wonder if we couldn’t cooperatively rent/borrow out our meager hardware (or rent/borrow out others’), in order to add to the parallelism of modern-day AI inference tasks.

Either way, AI has escaped the government-corporate sphere and is currently available to anyone who wants to avail themselves of its abilities. And now it’s agentic. How long the situation will last is anyone’s guess so, looking forward, I deeply recommend looking into it.

/sectionb

If you’re feeling a bit worn down by walking the “straight and narrow path on the tree-lined route, weakly lit by sparse and sickly yellow lights that barely hold back an encroaching darkness“, consider a slight detour.

The first full-length /sectionb novel is now complete, online, and publicly available. The follow-up is in the works.

Why did I make the first novel freely and fully available online? Simply, as many dope dealers will gladly explain, because “the first one’s free!”

I’m continually in the process of adding promotional material which you’re free to distribute to all your edgy friends, radical underground buddies, and any other easily malleable subjects that you may encounter.

Obviously this is heading somewhere so stay tuned in the new year!

Intel 2026

Speaking of the new year, what would a year-end post be without a little analysis? I’ll leave out the obvious “rise of AI” obviousness and instead posit something large that no one yet seems to be mentioning.

While this is strictly speaking not Toronto-centric, am I the only one smelling the presence of global armed conflict? Ukraine may have been a hopeful NATO proxy for a while but it’s looking more like the masks are coming off (and true intentions are emerging).

For example, in Germany:

Germany will require all men to register for potential military service from 1 January 2026, with compulsory service to be reintroduced if volunteer numbers fall short of targets set to meet NATO commitments.

“Modern military service is coming,” said Jens Spahn, Chairman of the ruling CDU/CSU parliamentary group, in a press statement.

“We will have more commitment to voluntary service, the aim is to establish a binding growth path in law with a six-monthly reporting obligation to the German Bundestag.”

…and France:

French President Emmanuel Macron is widely expected to unveil a new proposal on reintroducing national military service on Thursday. During a visit to the 27th Mountain Infantry Brigade – one of France’s most elite military units – in the southeastern town of Varces earlier this week, the Élysée Palace said Macron would make an announcement that would “reaffirm the importance of preparing the nation and its morale to face growing threats”.

…and the UK (also Sweden, Norway and Denmark):

Prime Minister Rishi Sunak said he believed bringing back compulsory service across the UK would help foster the “national spirit” that emerged during the pandemic.

Labour criticised the plans, expected to cost about £2.5bn, as “desperate” and “unfunded”.

The Conservatives want the first teenagers to take part in a pilot from September 2025, with details to be worked out by a Royal Commission

The armed forces placements would allow young people to learn about cyber security, logistics, procurement, or civil response operations.

…and Poland:

Work is under way to make all men in Poland undergo military training, Prime Minister Donald Tusk said.

In a speech to the Polish parliament, Tusk said the government aimed to give full details in the coming months.

Efforts are being made to “prepare large-scale military training for every adult male in Poland,” he told the Sejm.

“We will try to have a model ready by the end of this year so that every adult male in Poland is trained in the event of war, so that this reserve is comparable and adequate to the potential threats.”

…and a few other countries:

In the past two weeks alone, Germany and France announced new schemes to enlist more young recruits into their armies.

Belgium also announced the reintroduction of a form of voluntary military service for all 18 year olds earlier this year, just as the Netherlands did in 2023.

Others, like Lithuania and Sweden, saw Russia’s seizure and illegal annexation of Crimea in 2014 as an early warning sign to beef up their armies, and reintroduced conscription soon after.

Although Canada has not (yet) made a similar announcement, a recent interview with Canada’s top brass suggests a similar direction, which is to say bellicose and anti-Russian:

I already have (provided) significant contributions to Ukraine. We can go up to 600 members.

What we want to do is have scalable options that dial up or down depending on the demand. And there are ways to rearrange current forces serving in Europe via the NATO stream.

I don’t believe you need to take any sides in this brewing conflict in order to see the pieces moving into position. In the mix is Russia’s stance on any enemy combatants that they may capture in their encounter with Ukraine:

Any Western troops deployed to Ukraine would either become legitimate targets for Russian forces while hostilities continue but deploying them would serve no purpose in the event of a peace deal, President Vladimir Putin said on Friday.

So if any of those “up to 600 [Canadian] members” are captured in the seemingly swelling conflict, would they be considered traditional prisoners of war? Considering that no declaration of war has been issued, and if some reports are to be believed, shit’s about to get messy for everyone. I doubt Toronto will be spared.

The annual Communications Security Establishment Canada report for 2024 to 2025 mentions Toronto a few times but mostly as an afterthought. I still think it’s worth a look though. You can download the report here or read it online.

It begins with an assurance by current Chief Caroline Xavier (she/her) that:

Equity, diversity, inclusion and accessibility inform everything we do and are essential to helping us deliver our mission.

Thank goodness I’m not running the place because my decisions would likely be informed by shit like effectiveness and adherence to/promotion of the Establishment’s mission:

The Communications Security Establishment Canada is Canada’s agency responsible for foreign signals intelligence, cyber operations, and cyber security.

We gather foreign signals intelligence to defend Canada’s national security. We keep the Government of Canada’s information secure. We work with industry and academia to protect Canadians from cyber threats.

Oddly, on page 46 under the sub-heading “Inclusivity in our external representation” (part of the “CSE is Growing and Learning” section), it is noted that:

We worked hard this year to embed EDIA into every facet of our work … including pronouns and a land acknowledgement

Yet there’s nary a land acknowledgement to be found in the entire report! Begs the question, if CSIS can do it then why can’t CSEC?

But not to worry, out of the 56 page report (of which 17 pages are fluff like full-page photos, decorative graphics, and section titles), CSEC has dedicated 4 full pages (plus generous sprinklings elsewhere), to advertising its initiatives on equity, diversity, inclusivity, and accessibility.

So if an acknowledgement or two slip through the cracks then … you know … shit happens. But I can see how shit like this can happen when I read things like:

Our diversity—whether in our backgrounds, skills, talents or motivations—is our strength.

Bringing in people with differing backgrounds, skills, and talents at a superficial level seems like a good idea but am I the only one to suspect that differing “motivations” could be somewhat problematic? Like, would it be considered a sufficiently diverse motivation if an applicant openly wished to destroy CSEC from within?

Maybe a uniquely diverse dearth of motivation is what produced the dearth of land acknowledgements in the report.

But let’s put all that aside for a moment and summarize what else the Establishment gets up to in their spare time. In late 2024 the report claims that CSEC detected and disrupted a foreign ransomware group within 48 hours. Also in 2024 CSEC boasts of helping to take RT off the air in Canada and of assisting in thwarting some botnets. In addition they spent some time providing intel for the military:

This year, we delivered timely intelligence for many named operations, including operations UNIFIER, REASSURANCE and HORIZON.

A number of the same foreign targets of CSEC are the same as those entities targeted by CSIS, namely:

• the PRC’s expansive and aggressive cyber program presents the most sophisticated and active state cyber threat to Canada today
• Russia’s cyber program furthers Moscow’s ambitions to confront and destabilize Canada and our allies
• Iran uses its cyber program to coerce, harass and repress its opponents, while managing escalation risks

While CSEC openly assists the governments of Ukraine and Latvia, domestically they seem more interested in keeping tabs on people:

In 2024 to 2025, following a series of cyber incidents targeting northern institutions, and with the Minister’s authorization, the Cyber Centre began proactively deploying sensors to territorial government IT assets in Yukon, the Northwest Territories and Nunavut. These sensors detect malicious cyber activity in devices at the network perimeter and in the cloud. They are one of the Cyber Centre’s most important tools for defending systems of importance to the Government of Canada

Some people will say that these actions only target government infrastructure and help to increase security but those same people must also admit that simultaneously spreading the attack surface decreases security:

CSE operates Canada’s Top Secret Network (CTSN), a secure IT network used to collaborate and communicate at the Top Secret level. This year, CSE supported major site expansions for existing CTSN clients, including the National Security and Intelligence Review Agency (NSIRA), PCO, Justice Canada and the RCMP, resulting in a 20% increase of deployed endpoints. In the upcoming year, CSE will onboard 3 new government departments to CTSN:

• Environment and Climate Change Canada
• Public Prosecution Service of Canada
• Office of the Commissioner of Canada Elections

Why does Environment and Climate Change need access to top secret information? Maybe it’s for the same reasons that the government Covid jab contracts remain mostly secret.

Other than producing a lot of digital paperwork and giving presentations, it doesn’t seem like CSEC is very involved in most operational matters. Given how often the government ignores even this diminished function of the Establishment does not paint a rosy picture.

Between CSIS’ covert complaints and CSEC’s diverse distractions I don’t think it’s any wonder that Canada’s secret security apparatus relies heavily on the Five Eyes.

That being said, I’m pretty sure that it’s not the priority of the US, UK, Australia, or New Zealand to keep Canadians safe so I don’t find these or other partnerships reassuring. Something to keep in mind as the summer simmers and international intrigues increase.

It’s been over a couple of months since I last focused on the topic of espionage in Toronto and with the recent release of CSIS’ 2024 Public Report (download the PDF or read it online), it seems the perfect time to revisit the topic, especially since Toronto is mentioned a number of times.

I’m just gonna skip over the contentious introductory pleasantries and jump right to the heart of Dan Rogers‘ (the new CSIS boss), intro:

We continually re-evaluate and re-deploy resources to ensure we remain focused on the highest priorities in safeguarding Canada.

If this isn’t a smokescreen then the vibe I’m getting is that the Service is stretched a little thin and, if I’m being honest, it all sounds a little familiar.

Dan has been on the job for about 8 months at this point so if I’m to trust what he’s saying then I’d have to trust his opinion to be well-informed. He also claims:

As states and citizens alike adopt new technology, such as encryption and generative artificial intelligence, Canada must keep pace in understanding the varied impacts, opportunities and risks. These advancements can offer opportunities for Canada’s growth, while simultaneously equipping those who would seek to do us harm. In response, CSIS has implemented new processes and structures to review and shift resources as priorities emerge.

Again, there’s that “we can’t do it all” tone right at the end.

Also of concern is the claim that encryption and generative AI are new. While it’s true that generative AI is making spectacular leaps and bounds forward, for the Service it should’ve been on the radar for some time. Maybe that’s just my own assessment.

I’ve incorporated neural networks into /sectionb because the underlying concepts, at this point, have a lengthy history that predate most living people. In other words, it’s not really that new. You’d think the Service would have at least a couple of people on staff to keep track of this sort of stuff.

Moving on, Deputy Director of Operations Vanessa Lloyd notes:

In 2024, CSIS actively investigated espionage, foreign interference and terrorist threats, and for the first time in many years, also made concerted efforts to counter sabotage.

For the “first time in many years”? Yikes!

She also states:

In 2020, CSIS acknowledged that it had observed espionage and foreign interference levels not seen since the Cold War.

That’s reassuring. So is her grasp of “new” technologies:

This perspective remains true today as the threat environment evolves at an ever more rapid pace with the advent of new technologies like artificial intelligence and quantum computing.

Again, AI and quantum computing are not particularly new.

However, in her writing she notes a 1996 bust of two bona fide Russian spies, a 1999 investigation that “included CSIS”, a 2006 bust of a GTA terror cell (five of who resided in Toronto), the preemption of a bomb plot in 2023, the arrests of Ahmed and Mostafa Eldidi in 2024, and the interception of another bomb plot in the same year.

Extremism surrounding the Khalistan movement is specifically singled out as a long-term problem.

Other ostensible threats include “a variety of extremist beliefs, including militant accelerationism (advocating for the violent destruction of society), neo-Nazism, and satanic occultism”, but as far as CSIS knows these groups were “… not actively organizing a mass casualty attack.”

White supremacy is not mentioned once, which is quite a pivot from just a few years prior. With CSIS apparently playing cheerleader at that time, Public Safety Minister Bill Blair maintained that:

“There’s been an escalation, not only in rhetoric, but security and planning … countering this group [The Proud Boys] has become an important priority for the government of Canada.”

This was all happening at the same time as terms like “Sikh extremism” were being purposefully removed from government communications on extremist activities.

One thing that the report makes crystal clear is who CSIS is presently focused on, namely elements from:

PRC, India, the Russian Federation, the Islamic Republic of Iran, and Pakistan

In the meantime:

… certain foreign states are attempting to interfere in Canada’s electoral processes and democratic institutions, and that foreign interference had an impact on the electoral ecosystem and has undermined public confidence in Canada’s democracy.

Presumably, when it comes to those “foreign states” it’s more than just interference:

CSIS assesses that RMVE [Religiously Motivated Violent Extremism] actors will continue to pose a domestic threat to Canada in 2025.

Specifically, as relates to Pakistan between 2018 and 2023:

… CSIS conducted a threat reduction measure to reduce the Pakistan foreign interference threat, which was later assessed as effective.

What is that “thread reduction measure” that was used between 2018 and 2023, you may ask?

CSIS has had the authority to undertake threat reduction measures (TRMs) since 2015. A TRM is an operational action that is intended to reduce a threat to the security of Canada as defined in Section 2 of the CSIS Act. Given its mandate and collection capabilities, CSIS is at times the best placed Government of Canada entity to confront a national security threat. Generally speaking, TRMs fall into three broad, but non-restrictive categories that include:

• Messaging: Directly or indirectly pushing information to a threat actor or person impacted by the threat in an attempt to influence their behaviour or reduce the threat.
• Leveraging: Disclosing information to a third party to enable them to take action, at their discretion, against the identified threat-related activities.
• Interference: Directly affecting the ability of a threat actor to engage in threat-related activity.

Basically, anything from an indirect suggestion to “directly affecting” the target … got it 😉.

Unfortunately, the feeling I’m left with is that the Canadian security forces are behind the times and behind the eight ball. So what now … corner pocket? 🎱😎

It was close to 10 years ago that I announced that I’d been working on a crypto-based, peer-to-peer poker project named CypherPoker. That initial version was written in a programming language called ActionScript which produced software for the now-defunct Flash platform.

I admit that I still have a soft spot for the language and the platform on which it ran (a.k.a. the runtime).

Not only did Flash allow me to produce code for a broad variety of operating systems and hardware, it was also very creatively expressive. The platform/runtime was originally a way to produce streaming audio and video content for the web which was a groundbreaking advancement for its time. With the addition of a robust programming language, those “movies” could be made to react to user input and that’s when things got really interesting.

A few years later I found myself working for an online casino company and realized that a product like provably fair online poker software that didn’t require a middleman (e.g. PokerStars), was singularly unique. So I set out to write CypherPoker. I learned a lot about cryptography and peer-to-peer networking and pretty soon I knew that the idea was viable.

However, although it solved a lot of the problems associated with such an endeavour, my solution didn’t answer the questions of: who enforces the rules if someone does cheat, and moreover, who holds the money (pot) during the game?

It was suggested that I use Ethereum for the answers. You may have heard of Ethereum due the popular cryptocurrency Ether but this is only one half of this particular blockchain. The other half is a set of fairly open-ended programming instructions (a.k.a. Turing-complete), that run the blockchain. Those instructions can be created using any number of programming languages — in my case one called Solidity — and the resulting programs are called smart contracts.

Because smart contracts are run across the entire Ethereum network, an incentive system was included to ensure that people participate (like all blockchains that I know of, Ethereum uses a cryptographic consensus model), hence the Ether cryptocurrency. If you want to store your code on the blockchain, you pay Ether. If you want to run that code, you pay Ether.

If smart contracts and Ether had hips they would literally be joined at them, so much so that even the most basic transactions on Ethereum (e.g. “send X amount of Ether to recipient Y”), require basic smart contracts to do their thing. It’s also why even these most basic transactions require a fee, payable in Ether.

In the process of developing smart contracts I learned how to create my own Ethereum blockchain, which could have helped to keep transaction costs minimal — at least initially. Due to the intrinsically speculative nature of cryptocurrencies, however, I expected the inevitable eventuality of the same problem that I encountered with the official Ethererum blockchain: playing a hand of poker would eventually become prohibitively expensive. In addition, the consensus model meant I’d need a network of people to help run the blockchain, which I didn’t have.

Nevertheless, I received positive, even enthusiastic comments on the project, and as of the last time I checked it had been starred (the equivalent of “likes“), 70 times on GitHub. Perhaps more importantly, it had been forked 13 times, which means that GitHub users copied the code into their own repositories for their own use, adaptation, etc.

Unfortunately, that rotten piece of shit Steve Jobs (my consistent opinion), bashed Flash and with the help of his drooling and ignorant minions helped to prematurely kill off the technology. I won’t go into the numerous reasons why most of what he’d written was pure crap but it doesn’t change the fact that Flash would ultimately be doomed. Plus, the price of Ether skyrocketed so even without any rake the smart contracts were useful for only very high-stakes games in which expensive blockchain fees would make sense.

So, some years later when browsers began to offer some of the functionality that previously only Flash could offer, I decided to re-write the game for JavaScript. Thankfully, the similarity in names between the two programming languages is more than just coincidence. Not only do they both look and feel similar but they’re functionally related.

In fact, an ActionScript developer would often have to also learn JavaScript since Flash content tended to run within a browser window, and browsers use JavaScript to make web pages functional (i.e. more than just static content). In other words, the ActionScript runtime (Flash) was often embedded in a JavaScript runtime (browser), although this wasn’t always the case.

Sufficed to say, other than having to code everything again, going from one language and runtime to another wasn’t a huge leap. I learned a bunch of lessons in the development of the ActionScript version so its follow-up was produced considerably more quickly and robustly.

Instead of incorporating smart contracts directly, I created a plugin architecture into which they could eventually be slotted and wrote a module using Node.js (another JavaScript runtime), to act as a stand-in. Due to its popularity I added support for Bitcoin which, unlike Ethereum, comes with a highly restrictive set of programming instructions (not even close to Turing-complete), called Script.

With Bitcoin, instead of smart contracts someone would have to assume the role of a “trusted banker and game verifier”. It wasn’t ideal but would allow for completely private games, albeit with someone playing the role of a trusted third party. Besides, I figured, I’d written the smart contracts once and I should be able to dust them off at some point and slot them in.

However, that never happened.

Ether is still way too expensive and I’m no nearer to having enough people to help me create a CypherPoker blockchain so I added support for Bitcoin Cash (a cryptocurrency similar to Bitcoin), tidied up the code, updated the documentation so that anyone else could adapt it, and shelved the project. At this point it has been sitting idle on GitHub for about 6 years.

A couple of days ago I had a look at the repository and was pleasantly surprised to see that it had been starred 106 times and forked 44 times, twice this year and 5 times last year. In addition, 13 people have set a “watch” on the repository so that they can be alerted should it ever be updated.

Between the original CypherPoker and the newer CypherPoker.js, the project has been starred 176 times and forked 127 times with a total of 23 people watching.

Every once in a while I also receive a comment telling me that someone has implemented some changes or done something interesting with CypherPoker.js

As recently as the 6^th of this month, for example, someone added a “spectator mode” to the game (not sure if this is a good idea), and someone else claimed that they used the project as a basis for their university thesis (LOL … I’m a Canadian college dropout!)

Altogether, it’s nice to know that the interest is still there.

If you or anyone you know share this interest, drop me a note and maybe we can resuscitate what I still consider to be a unique and very promising project.

Another two weeks down and still nothing. To make matters worse, I know that the next focus of my exposé was active as little as a couple of hours ago (as of this post).

I’m talking about Daniel Kurland:

His penchant for impersonation and deranged thinking led him to be involved at all levels in the Gang hierarchy:

But even among his peers Daniel is exceptional due to his antisocial and inhumane tendencies:

As demonstrated early in his career, Daniel fancies himself to be a bit of a pop culture aficionado:

Using his position as a writer for Den of Geek, Vulture, Bloody Disgusting, CBR, and ScreenRant, Daniel has managed to spread his nauseating ideology beyond the confines of the Gang. He’s even gone so far as to promote his activities on his own website, via podcasts, as a Rotten Tomatoes critic, and presumably targeting children via graphic novels.

In short, the guy’s a real piece of work. To think that he’s been operating for over a decade and a half (to the best of my knowledge), is frankly unfathomable. He’s lucky he’s moved to New York where I can’t get at him.

To any Raisin Gang members reading this, a message: the list of names is dwindling, along with your opportunities to contact me!

Does it seem like the time between posts is getting shorter, Raising Gang?

Well, I’m not amenable to schedules so … TICK-TOCK-TICK-TOCK!

Thus, without further delay … today’s target is: Mikey (a.k.a. Michael) Kolberg

You may or may not remember him trying to ignominiously usurp the renowned role of a beloved cripple:

Here’s another clip of Mikey (terribly) impersonating Maple Leafs coach Ron Wilson, all the while belittling stalwart Canadian icons, the Timbits:

I care not one iota for hockey, moderately enjoy confectionery, and yet I’m thoroughly disgusted when I see the lengths to which Mikey, and by extension The Gang, are willing to take things:

Classifying Phil Kessel’s mom a “whore” seemed like a new low until Mikey ended his exposition of the hockey player’s mother by calling her a “bitch”. Wow.

Not long after this Mikey tried to pass himself off as a celebrity:

We can see him again later following familiar patterns:

By all accounts Mikey has continued his grifting ways and still “performs comedy” in Toronto to this day.

Is that enough yet, Raisin Gang?! Get in touch.

About 7 months ago I wrote a short post about traffic trends here on TCL. At the time there was a deluge of visitors from China that seemed legit, by which I mean that most views were of content pages. With enough IPs at their disposal I suppose that the Chinese government could’ve been scraping the blog for content but generally speaking the only unusual thing was the volume of requests.

That’s not to say that there haven’t been hacking attempts on the website but these usually come in bursts of seemingly uncoordinated activity from a variety of sources. Recently, however, I’ve been noticing what looks like a more sinister trend.

The first of these is a coordinated campaign being launched from Ashburn, Virginia and Columbus, Ohio. I’ve kept this fact on the back burner since Ashburn is considered to be a technology hub, not unlike Columbus, and no doubt home to many VPNs. This means that despite the traffic patterns being strongly suggestive of a single upstream source, that source could be almost anyone.

Notably, Ashburn is only about a 30 minute drive from Langley (home to you know who), but that’s hardly conclusive. Ohio is the fourth largest state for data centers and pumps out potential recruits for some of the United State’s three-letter agencies, but maybe that’s just a coincidence.

Maybe, or maybe not, as newer information suggests.

A few seconds of research quickly revealed that the CIA ran (and probably continues to run), a massive undercover hacking operation from Frankfurt am Main in Hesse, Germany. This top-secret CIA unit is reported to have made use of malware, viruses, trojans, and “zero days” — freshly discovered and therefore undefended vulnerabilities.

Very similar vulnerability scanning patterns also appear on TCL out of Singapore which boasts strong security ties with the US. The Frankfurt-Singapore traffic often appears alongside Ashburn-Columbus requests and all of them almost entirely ignore content.

If I had to hazard a motive I would say that whoever is behind this effort is trying to gain backdoor access to the site. TCL isn’t exactly a treasure trove of national secrets but it could provide a nice little boost to a DDOS attack or act as an unwitting intermediary for subsequent hacking operations. I can think of at least a few other uses for a compromised website and it sure doesn’t look like the “visitors” in question are here to read any stories so I don’t think that a little concern is unwarranted.

On the upside, I have the opportunity to take a first-hand peek at the secret arsenal being employed. I may not have heard of these vulnerabilities and I may not know how they’re exploited but this information could give me a wonderful starting point, were I so inclined.

Maybe the whole Frankfurt-Singapore-Ashburn-Columbus connection is a bit tenuous. The Frankfurt-Singapore traffic does seem different than the Ashburn-Columbus traffic — yet they collectively show other patterns like clustering and repetition of requests which suggest similar behind-the-scenes automation.

Maybe it’s just a bunch of unusually sophisticated and persistent script kiddies with seemingly endless access to international VPNs. Maybe other interests are at play. Whatever the case, I’ll be keeping my eyes open — and if TCL suddenly goes dark or launches a DOS attack against another site, it wasn’t me!

Continuing my series on espionage, specifically as it relates to Toronto, we come to Station M.

Station “M”, which stood for “Magic”, was ostensibly located in the basement of Casa Loma which now hosts a related historical exhibit and similarly themed escape room game.

While some sources claim that Station M was actually located in Casa Loma’s stables and carriage house, its exact location remains hush-hush. This secrecy, along with the existence of a nearly quarter-kilometer (800 ft.) subterranean tunnel connecting the main building to these outer structures, only adds to the ambiguity.

I’ve been to the castle a number of times, including for a fancy wedding reception, but until recently had no idea that this “subterranean” operation existed. Next time I’m there I’ll be sure to do a bit more exploring!

Station M operated hand-in-hand with Camp X during the second world war to produce covert gadgets, forged documents, counterfeit currency, convincing local dress, and anything else that might assist Allied spies on their overseas missions. Think “Q Branch” from James Bond.

In fact, it’s been suggested that Station M is where Ian Fleming got his inspiration for the fictional support division mentioned in his works.

Fleming is reported to have spent time in Toronto, traveling daily to the Camp in Oshawa from his Avenue Road accommodations. While the amount to which Fleming was inspired by his experiences here is speculative, the fact that he resided across the street from St. James-Bond Church during this period seems to suggest an alternative, if only subconscious, explanation to Fleming’s own claim about appropriating the name from a bird expert. Maybe this official explanation is simply a misdirection based on a happy coincidence. After all, this is the world of espionage we’re talking about.