Table of Contents

Preamble

Found on the ground during the last days of work next to the office.

About

The story is recollected by an individual that decided to talk to us regarding a case involving a very large data leak at the Extreme Light Infrastructure (ELI-NP) at the Institutul Național de Cercetare-Dezvoltare pentru Fizică și Inginerie Nucleară "Horia Hulubei" (IFIN-HH) that the staff, management and the Romanian police participated in the attempt to cover up the accident. As per sources, to our knowledge, there has never been any official acknowledgement of the data leak and the leak content consisted in authentication credentials (username and passwords) as well as E-Mail body content that ended up transmitted in plain text depending on how the various users configured their mail client.

We like to stick to facts because ultimately it is what matters, but we suppose that some more "background" is necessary, in particular for institutions such as the IFIN-HH in order to be able to comprehend how such leaks occur, how come they are never made public, why the perpetrators end up getting away with it even when the European Community is aware but also as a more general overlook over the IFIN-HH. That being said, some background will be offered, and then only the facts will be listed in chronological order without further explanations such that if you're looking for just the technical gist of it, you can skip to the memorandum. The "background" is provided due to multiple "employer" rating websites such as Glassdoor, as we're told, deleting the content posted by former employees, as well as one case of the Romanian online mobbing on Wikipedia that attempted to bury the truth, such that it seem more of an imperative (or a last resort) of getting the truth out some way given that all these online venues are either corrupt or have been corrupted. That said, if you're just looking for the core-narrative of this case, please see the memorandum section. If you would like more background, factual but only tangential to the case itself, then carry on reading.

Background

The IFIN-HH institute was founded by Dej, the former "president" of Romania before Ceausescu and the IFIN-HH became a hotbed of controversies with most of the staff being members of either the Romanian communist party or part of the Romanian Securitate. These were the sort-of "faux" scientists that due to international cooperation ended up doing favors with various people around the world with the result of ending up involved with organizations ranging from the Italian mafia and up to even more prestigious institutes such as the Max Plank institute in Germany. Many of these people became "well-known" across the years, yet due to their political implication with various either shady or not so-shady structures, most of their "academic prestige" became more closed-circuit over time. For instance, you would find academicians (an institute of prestige, an ode to entitlement and a monument to elitism) that even though they would have a large amount of publications, would spend their time in Russia telling the KGB how food made out children in sold in Romania, of course, for the benefits of being invited again to Russia with a relatively large additional wage.

Many of these people literally burned their communist party membership card on the stairways at the IFIN-HH when the revolution came to be, for the sake of not being "caught" as being an avid communist party member. Some of these people often made it a story that they were somehow "coerced" or "forced" into the Romanian communist party, yet at the time, becoming a member of the Romanian communist party was, in fact, "competitive" due to the many additional benefits that would be bestowed upon anyone that became a party member. For example, if you became a member, you were immediately entitled to a second house or apartment, which was great, especially for a growing family. Similarly, becoming a "communist party" member was not only competitive, but also a matter of "purity" where, for example, you would have had to quit the Romanian Securitate in order to become a communist party member (with the Romanian Securitate, as complex as it might seem, being seen as "too dirty" for a proud communist party member).

Then again, many people, for example, Mr. Nicolae Victor Zamfir, one of the researchers at the time, that struck their gold elsewhere and via other means, turned the story around after communist and even went as far as stating that they were somehow coerced, victims or even up to "blackmailed" to join the Romanian communist party, which, given the actual history of both the Romanian communist party and the Romanian Securitate, was quite controversial given the many benefits one would have had. For example, and perhaps even tied to the Romanian online mobs that crawl the Internet in order to save Romania's reputation, a former investigation, looking at the history of Mr. Zamfir's page on Wikipedia a funny quote is found that is fairly funny having mentioned the former context:

"Deși înainte de decembrie 1989, supus presiunilor acelor vremuri este forțat să devină, datorită rezultatelor sale excepționale, unul dintre liderii UTC, totuși imediat după revoluția din 1989 pleacă în Germania. Dovadă că și astăzi, institutul pe care îl conduce are o bună deschidere spre străinătate. [..]"

which translates to:

"Even though before December 1989, given the pressures of the time, he is forced to become, due to his exceptional results, one of the leaders of the UTC (Uniunea Tineretului Comunist, Romanian Communist Youth), thus immediately after the revolution from 1989 he leaves to Germany."

Judging just from how the person writing this has contorted the sentence so much that, even in Romanian, the sentence does not make much sense (ie: "Even though", not really corresponding to any counter-"though"), you can observe how much the writer of this text is lying. Similarly, the quote follows with:

"Proof that even today, the institute that he leads has a good opening (translate fail, gen. "overseas")."

which seems to be more in-tone with communist propaganda than actually being factual. As propaganda goes, typically holds oratorical value at the expense of grammar (ie: first sentence not even bothering to bless the reader with a predicate, "Proof that even today,").

Looking at the page, the insertion of these sentences is made by a user named "Mondan", that does not have any other edits on Wikipedia and whose implicit webpage on Wikipedia is blank.

This content spends time up on Wikipedia from 2007 to about 2023 when some users seem to start a fight by pointing out that the sentence is junk, has no citations and hence must be removed. However, this is met with phenomenal resistance from the users that attempt to drag the discussion into ToS violations, editors such as Andrei Stroe deflecting the discussion, spewing complete nonsense and for some reason requesting proof that Mr. Zamfir even was a member of the Romanian Communist Youth (UTC). Ironically, Mr. Zamfir's membership to the UTC is actually a pretty public fact, and by his own words, Mr. Zamfir states for B1 TV (a TV station in Romania) that he was a party member such that all the resistance from these users are just for the purpose of saving face and to deflect from the truth.

As a general frame for the institute, this is a Molvanian-like structure (one of the newest reactors in Eastern Europe) and with big hopes being sold to Romanians. The ELI-NP project is written about in the press, depicted with images as the harbinger of flying cars, suspended fast rail trains and other elements of promise as-if captured from "Zorba the Greek" that ended up just narrowing down, well, to just cutting up the street in half with one half being dedicated to bicycles, and so poorly made that the whole cannibalization of the already existing infrastructure turned into a flash point of accidents. Do not go there at night, because you might just start driving on the pavement. Otherwise, like from a Kusturika movie, Mr. Zamfir can be read in various magazines, making brave statements on how Romania is going to win the Nobel prize and other expressions of grandeur that, whelp, at least to this date, did not come to fruition.

Whilst all of that is more interesting from a historical perspective, it is still fairly benign albeit hopeful, with no harm done; or at least, so far, might seem petty but not a show stopper. One letter received by us, from an alleged source contains an attachment that is supposed to be an E-Mail that allegedly had been sent by an employee at the IFIN-HH to some other employee, and here is the content. This is where it starts to get a little … strange.

The employee claims that their spouse and them have been harassed after their spouse raising some concerns about the ELI-NP. This includes, citing "anonymous phone calls during the night" and/or various noises being made during the night to prevent them from sleeping. Of course, along with the the reaction of the staff at ELI-NP / IFIN-HH against these two employees that even dared to question the ELI-NP project. The letter ends by claiming that due to the stress, the spouse of the employee got ill and died, with the spouse left over asking the receiver of the letter to comment and contribute to one of the sites that they maintain as a testament to what happened to them. Surely, quite unbecoming of a Yale graduate, a person courted by Romanian masonry (and who-knows what other para-organizations) and a Romanian "academician". Ultimately, with all the prestige that Yale might convey, you surely do not want to be remembered for the person that was in charge and let this happen to these two employees, regardless how financially vested you might be in a project or not, especially given that these two individuals did not seem to pose much of a threat and the project would have been built anyway regardless of their comments.

Otherwise, the whole scene is roughly the same with most ex-communists that drew benefits back then, drawing benefits now, the overreaching SRI backed by the police, gendearmerie and others that perpetuate an institute filled with the shady and suspicious communist swamp dwellers that fight for the adulation of foreigners and the dissolution of their own communist past. Which, is interesting, or a country that never truly covered their own communist extermination camps, but actually perpetuated them on external funding.

A lot of the staff that seems politically connected, as in, holding positions of leadership where the line between "scientist" and politician becomes blurry, hold the citizenship of numerous other countries, making it seem like if they mess up in Romania, then they can jump into the next available boat and float away to Germany or perhaps the USA. Mr. Livius Trache, for example, another value that, as sources claim, used to chase lots of women during his University years, now also a Romanian value, is the holder of dual citizenship, both Romanian and from the United States. You get the idea though, if things go bad, board a plane and you're out and while that seems funny, it also seems something along the lines of "conflict of interest" where leadership positions, pertaining to the state or funded out of public money, should not allow such a waiver of responsibility. Similarly, and closing in to the case itself, a letter received shows an E-Mail sent to the IEEE describing various instances of, to put it lightly, misbehavior at the "DFCTI: Computational Physics and Information Technologies" under the leadership of Mr. Mihnea Dulea.

To name a few, as related by the source and the received materials:

or otherwise a full swing of the proverbial dial on measuring the scale of what is called workplace toxicity.

Memorandum

As related by the source, an employee at IFIN-HH, at the DFCTI department, with Mr. Dulea being the CO, here is the full sequence of events. Bear in mind that from top to bottom, during the whole affair, the source was acting right under the obligations of the contract between themselves and the IFIN-HH, such that this is one of those infamous Romanian cases where a company desires something but when they get that something they are unhappy because the results are too good. More to the point, the source was asked deliberately to look into vulnerabilities and tasked with that right by Mr. Mihnea Dulea, such that all of this is very much legitimate. Furthermore, there had been other incidents in the past, reported the very same way, that were resolved. As we interviewed the source, it became sort-of obvious that the institute did not anticipate the capabilities of the source and when they started having to plug all sorts of critical security issues, they became irritated. Maybe, they can hire someone more incompetent in the future, that way at least, they can claim that they do not have vulnerabilities! Either way, here is the rundown:

Technicalities

The following is provided due to its contribution to computer security in a broader sense, especially since part of the problem is that mail clients accept to configure mail servers without any sort of encryption but everything will be covered in detail. For completeness, here is the output of an online port-check tool that verifies servers remotely and that demonstrates that the IMAP and POP plaintext service ports were open for the mail server at ELI-NP:

the IP address reading 188.27.74.96 is the IP address of the source, performing this check remotely, outside the institute (IP records indicate "RO-RESIDENTIAL"), and with the port checking tool also being remote to ELI-NP, such that the data leak is not restricted just to the internal IFIN-HH network.

Misconfiguration

First, the ELI-NP mail server was accepting forged enveloped senders under the eli-np.ro domain, which is a misconfiguration problem and here is a transcript of the communication. 

# telnet mail.eli-np.ro 25
Trying 194.102.58.7...
Connected to mail.eli-np.ro.
Escape character is '^]'.
220 mail.eli-np.ro ESMTP Postfix
ehlo mail.eli-np.ro
250-mail.eli-np.ro
250-PIPELINING
250-SIZE 50000000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: <ticket258@eli-np.ro>
250 2.1.0 Ok
rcpt to: <...@yahoo.com>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Acesta este un mesaj fals trimis doar ca exemplu pentru rezolvarea tichetului #258.
.
250 2.0.0 Ok: queued as 06C9C40000FA1
QUIT
221 2.0.0 Bye

The transcript shows a connection to the eli-np.ro server made manually where the client identifies itself as a sender with a terminating eli-np.ro domain. The destination is set to be some E-Mail address outside the ELI-NP network at Yahoo. Finally a body is added and the E-Mail is accepted for delivery to the Yahoo mail server. Note that the connection is made from outside of ELI-NP and the IFIN-HH such that the former is possible without having to be within the institute's network allowing anyone to perform this attack.

Plain-Text Mail Services

Finding the plaintext mail services is easy with a manual connection. Here is the plain POP3 connection: 

# telnet mail.eli-np.ro 110
Trying 194.102.58.7...
Connected to mail.eli-np.ro.
Escape character is '^]'.
+OK Dovecot ready.

and here is the plain IMAP connection: 

# telnet mail.eli-np.ro 143
Trying 194.102.58.7...
Connected to mail.eli-np.ro.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN
AUTH=LOGIN] Dovecot ready.

Note that whilst the IMAP service advertises for STARTTLS implying that "encryption is available" it turned out that MTA decided that no encryption should be used just due to the fact that the service is available over the plain IMAP port 143. Furthermore, note that the authentication scheme implies plaintext passwords via AUTH=PLAIN which justifies the data leak as having leaked the credentials of incoming connections.

In order to check, here is an intercepted communication between Microsoft Outlook and the ELI-NP plain IMAP server, showing the connection and the whole packet payload communication in multiple steps whilst attempting to configure an account using various E-Mail clients. The username will be ticket258@eli-np.ro and the password will be PAROLAINCLAR and they will be used to setup the accounts on the ELI-NP mail server.

First, Outlook connects to the eli-np.ro plaintext IMAP service just like the manual connection and the expected Dovecot advertisement of features payload is received: 

21:50:08.217090 IP (tos 0x2,ECT(0), ttl 53, id 9086, offset 0, flags [DF], proto TCP (6), length 174)
mail.eli-np.ro.imap2 > REDACTAT.14021: Flags [P.], cksum 0x6de7 (correct), seq 124:258, ack 18, win 115, length 134
0x0000: 0401 b782 e601 5c45 2779 0330 0800 4502 ......\E'y.0..E.
0x0010: 00ae 237e 4000 3506 d89f c266 3a07 2e65 ..#~@.5....f:..e
0x0020: 1e58 008f 36c5 1fe9 493e dc7b f730 5018 .X..6...I>.{.0P.
0x0030: 0073 6de7 0000 2a20 4341 5041 4249 4c49 .sm...*.CAPABILI
0x0040: 5459 2049 4d41 5034 7265 7631 204c 4954 TY.IMAP4rev1.LIT
0x0050: 4552 414c 2b20 5341 534c 2d49 5220 4c4f ERAL+.SASL-IR.LO
0x0060: 4749 4e2d 5245 4645 5252 414c 5320 4944 GIN-REFERRALS.ID
0x0070: 2045 4e41 424c 4520 4944 4c45 2053 5441 .ENABLE.IDLE.STA
0x0080: 5254 544c 5320 4155 5448 3d50 4c41 494e RTTLS.AUTH=PLAIN
0x0090: 2041 5554 483d 4c4f 4749 4e0d 0a76 3867 .AUTH=LOGIN..v8g
0x00a0: 6b20 4f4b 2043 6170 6162 696c 6974 7920 k.OK.Capability.
0x00b0: 636f 6d70 6c65 7465 642e 0d0a completed...

Next, Outlook attempts to log-in with the ticket258@eli-np.ro E-Mail, a made-up address that is used to fill out the setup wizard for setting up an account with ELI-NP: 

21:50:08.304497 IP (tos 0x2,ECT(0), ttl 63, id 16152, offset 0, flags [DF], proto TCP (6), length 89)
REDACTAT.14021 > mail.eli-np.ro.imap2: Flags [P.], cksum 0xe1cc (correct), seq 18:67, ack 258, win 257, length 49
0x0000: 0000 5e00 0166 0401 b782 e601 0800 4502 ..^..f........E.
0x0010: 0059 3f18 4000 3f06 b35a 2e65 1e58 c266 .Y?.@.?..Z.e.X.f
0x0020: 3a07 36c5 008f dc7b f730 1fe9 49c4 5018 :.6....{.0..I.P.
0x0030: 0101 e1cc 0000 7638 346d 204c 4f47 494e ......v84m.LOGIN
0x0040: 2022 7469 636b 6574 3235 3840 656c 692d ."ticket258@eli-
0x0050: 6e70 2e72 6f22 2022 5041 524f 4c41 494e np.ro"."PAROLAIN
0x0060: 434c 4152 220d 0a CLAR"..

and, as claimed, the transcript contains the password PAROLAINCLAR in plaintext as part of the intercept transcript.

Here is the same attempt to set up an E-Mail account with the mail client on Android KitKat using the made-up user ticket258@eli-np.ro and the password androidparola. First the Android mail client connects to the ELI-NP Dovecot plaintext IMAP service and the features advertisement payload is received: 

22:19:58.469461 IP (tos 0x0, ttl 255, id 29423, offset 0, flags [none], proto TCP (6), length 171)
mail.eli-np.ro.imap2 > REDACTAT.49064: Flags [P.], cksum 0xb0bc (correct), seq 124:255, ack 15, win 5826, length 131
0x0000: 4500 00ab 72ef 0000 ff06 9e50 c266 3a07 E...r......P.f:.
0x0010: ac10 018f 008f bfa8 65c1 7010 0f7d f40e ........e.p..}..
0x0020: 5018 16c2 b0bc 0000 2a20 4341 5041 4249 P.......*.CAPABI
0x0030: 4c49 5459 2049 4d41 5034 7265 7631 204c LITY.IMAP4rev1.L
0x0040: 4954 4552 414c 2b20 5341 534c 2d49 5220 ITERAL+.SASL-IR.
0x0050: 4c4f 4749 4e2d 5245 4645 5252 414c 5320 LOGIN-REFERRALS.
0x0060: 4944 2045 4e41 424c 4520 4944 4c45 2053 ID.ENABLE.IDLE.S
0x0070: 5441 5254 544c 5320 4155 5448 3d50 4c41 TARTTLS.AUTH=PLA
0x0080: 494e 2041 5554 483d 4c4f 4749 4e0d 0a31 IN.AUTH=LOGIN..1
0x0090: 204f 4b20 4361 7061 6269 6c69 7479 2063 .OK.Capability.c
0x00a0: 6f6d 706c 6574 6564 2e0d 0a ompleted...

Apparently, the Android mail client sends some UID which seems irrelevant, but it is part of the setup, so here goes: 

22:19:58.497219 IP (tos 0x0, ttl 255, id 29424, offset 0, flags [none], proto TCP (6), length 40)
mail.eli-np.ro.imap2 > REDACTAT.49064: Flags [.], cksum 0x54ed (correct), seq 255, ack 206, win 5635, length 0
0x0000: 4500 0028 72f0 0000 ff06 9ed2 c266 3a07 E..(r........f:.
0x0010: ac10 018f 008f bfa8 65c1 7093 0f7d f4cd ........e.p..}..
0x0020: 5010 1603 54ed 0000 P...T...
22:19:58.621495 IP (tos 0x0, ttl 255, id 29425, offset 0, flags [none], proto TCP (6), length 70)
mail.eli-np.ro.imap2 > REDACTAT.49064: Flags [P.], cksum 0x6206 (correct), seq 255:285, ack 206, win 5635, length 30
0x0000: 4500 0046 72f1 0000 ff06 9eb3 c266 3a07 E..Fr........f:.
0x0010: ac10 018f 008f bfa8 65c1 7093 0f7d f4cd ........e.p..}..
0x0020: 5018 1603 6206 0000 2a20 4944 204e 494c P...b...*.ID.NIL
0x0030: 0d0a 3220 4f4b 2049 4420 636f 6d70 6c65 ..2.OK.ID.comple
0x0040: 7465 642e 0d0a ted...

and then finally a log-in is attempted in plaintext: 

22:19:58.624632 IP (tos 0x0, ttl 63, id 7615, offset 0, flags [DF], proto TCP (6), length 85)
REDACTAT.49064 > mail.eli-np.ro.imap2: Flags [P.], cksum 0xeb8f (correct), seq 206:251, ack 285, win 65535, length 45
0x0000: 4500 0055 1dbf 4000 3f06 73d7 ac10 018f E..U..@.?.s.....
0x0010: c266 3a07 bfa8 008f 0f7d f4cd 65c1 70b1 .f:......}..e.p.
0x0020: 5018 ffff eb8f 0000 3320 4c4f 4749 4e20 P.......3.LOGIN.
0x0030: 7469 636b 6574 3235 3840 656c 692d 6e70 ticket258@eli-np
0x0040: 2e72 6f20 2261 6e64 726f 6964 7061 726f .ro."androidparo
0x0050: 6c61 220d 0a la"..

As can be observed the password is transmitted in plaintext, which justifies the leak of credentials.

Conventionally, there is no additional setup procedure for the E-Mail body that would offer an encryption of the E-Mail body in spite of the credentials traveling in plaintext, for example, looking at the misconfiguration example, the whole process of sending an E-Mail happens within the same session, such that iff. the session is not encrypted then the body of the E-Mail is not encrypted, such that it is safe to assume that the E-Mail body would be transmitted in plaintext. What happens is that if the account is configured, then there is no "re-evaluation" of cryptographic primitives performed by E-Mail clients, due to the process being part of the setup of the account, such that after having configured the account, all the communication will just take place unencrypted.

Interestingly, Apple Mail refused to set up an account using plaintext IMAP yet it seems that Android and Microsoft Outlook were happy to accept no encryption as part of the setup wizard without any complaint. Even if, users are not necessarily versed in determining whether that is alright or not. Apple instead adamantly refused, and even mentioned that it will not set up an account with an unencrypted session.

The impact is that the credentials and the E-Mail body would have leaked all the way from where the ELI-NP server was accessed by a user and up to the ELI-NP server in Bucharest, Romania with all the credentials and E-Mail body being leaked. At the very least, the E-Mail content and the credentials would have to be considered compromised such that, at the very least, the users should be made aware in order to change their credentials and mitigate the leak of their correspondence. From the official data, the leak affects about 500 souls at the Extreme Light Infrastructure (ELI-NP) (with 500 being the "original number of employees when ELI-NP was founded" and probably not the actual number of employees when the leak took place in 2020) since receiving an official E-Mail address is part of the hiring process.

Reception

A data-breach was filed with the E.U. E.D.P.S., however, as former experiences confirm, the E.U. cannot be bothered and they redirect the request to the Romanian data protection agency A.N.S.P.D.C.P. Given the sensitivity of this issue, the actual submission of the document is literally taped on the screen and then a followup E-Mail is sent to the A.N.S.P.D.C.P. in order to re-confirm that the issue has been filed with the A.N.S.P.D.C.P. Curiously enough, the A.N.S.P.D.C.P. does not answer at all in this case, even though they typically just senselessly barf out the very same things that is requested of them and, supposedly, the case "evaporates"? Mr. Zamfir the CEO of the institute is also made aware, along with Mr. Allen Weeks, both of whom do not even bother replying.

Weeks after, upon meeting actual staff at ELI-NP, the source extends the question whether they had been asked to change their password lately, but the staff that can be reached say that they have not been asked to. Similarly, the staff has not been warned about any potential leaks, such that it seems that the leak was never announced and, in good Romanian tradition, swept under the rug with the help of the proverbial Molvanian 34 different Romanian "security services". Ultimately, a few months later (unsure), Mr. Mihnea Dulea pulls a "Vladimir Putin" move, where he gives up the leadership of the DFCTI and a "junior" researcher (as per comparing titles, CP1 vs. CP3, not in terms of results) is made the head of the DFCTI with Mr. Dulea being now only part of "research staff". However, the same staff is still there in the very same positions without any serious restructuring to be seen and with the same ties between people being maintained.

Again, the point has to be made that most of this entsprings just from malice, without any of this being just "accidents" and that most of the people in such cases participate willfully based upon their own choices and are not coerced to participate if they have different onions. The other witnessing of the behaviors at the DFCTI IFIN-HH, in particular the harassment of several colleagues, is definitely at the very least an "optional participation" and if anyone disagrees they have plenty of measures at their disposal, such as complaining like the source and up to resigning or finding a different job. Even attempting to defend the people that were harassed by the staff, lead to people answering with attitudes along the lines of "are you in love with them?" (apparently, this seems to be something common in Romanian workplaces, as we have been told). Given the setup, it seems trivial to explain why it often comes to tragedies, as a response perhaps, to publications within the Romanian press regarding the abuse of individuals - well, no, it is clearly not the fault of "evil corporations", but rather bad management, nepotism, false values and the overreaching arm of a obese government. Obviously, given that individuals have connections to the Italian mafias, are known to have had parents that dealt with selling heavy machinery to Arabic countries during communism, have reached into institutions such as Max Plank, Cambridge and others whilst having a very shaky basis of knowledge, only amplifies a bad situation. For example, there have been publications, mainly started from Romanian citizens publishing via Cambridge in the United Kingdom, regarding some sort of alleged "anti-Romanian sentiment" and as a parallel, if you will, traditionally it is not nice to berate former colleagues because it is not done, however that does not account for the colleagues themselves being willful participants and contributors to a racket that drives other colleagues to suicide (with official cases). In other words, very similar to the "anti-Romanian sentiment" publications, Romanians try to "escape" judgement this way, by claiming some sort of racism, but it is only really used to wash over such incidents that carry on wildly within Romanian institutions. An uninformed reader, could look up the "anti-Romanian sentiment" and be even begrudged that "there is so much racism" when, in fact, these publications are really just used as a cover to censor the truth of Romanian society.

After contacting Mr. Stefan Lüeders at CERN regarding these misbehaviors, technically speaking, by the job description, a colleague, Mr. Lüeders chose to try and get the source to dox one individuals=, tried to apply pressure by CC-ing the main lawyer at CERN, Mr. Jonathan Drakeford and was terribly undignified when it was explained to him that unfortunately, regardless whether he claims that he is not obliged to tell the source the results of an investigation, that CERN and, even the IFIN-HH or ELI-NP are public institutions running on public funding such that their obligation is to the tax payer first.

Being snarky at press, maybe out of some form of misunderstood entitlement, just does not uphold any case for censorship and lack of statements ("no comment" works fine, it is still a statement!) from a public institution. However, that seems to be a more widespread European problem where, in spite of institutions being both financed by public money or even themselves granting rights, whenever those rights are claimed by an individual, the individual claiming the rights is met by some sort of misplaced "entitlement" as if the European Community is not subject to its own rules or absolved of responsibility.

Of course this exceeds the case involving Mr. Lüeders and another member of staff, yet it should be spelled out. On this matter, the source "mistakenly" contacted some British organization regarding the case, and even though the source was told that they do not deal with the IFIN-HH, even though they are cited, they did thank the source for bringing the affair to their attention - which, at the very least, makes it clear that these cases do not travel outbound out of Romania and that surely some random citizen in a different country would be shocked to find out what they are contributing with money to. Not only that, but these structures would be taken aback when exposed, as if there should be some out-of-this-world, or rather religious blessing bestowed upon them, and that for whatever reason, gross mismanagement ending up with real victims should be covered up. Lesser so, it is pretty funny how fastly these individuals seem entitled to tax payer money, as if receiving payments is some (even) religiously justified state of affairs (or see Varoufakis' statement on feudalism and capitalism), all being granted regardless whether they provide a service or not.

It is beyond our capabilities to investigate but it seems a solid argument that the ties between CERN and IFIN-HH are established on political grounds, rather than (even) trust, such that it makes one wonder how bad a case must get for the larger institute, say CERN or the European Community, to have to step in and take measures by force. For example, in one of the sister-departments of the DFCTI, one person actually attempted suicide at work, and from what we know, not much of a settlement had been met, with the same observations that are made in this case where the staff is still there years after and even making bank. Would pedophilia be good grounds of intervention, how about genocide and/or witnessed homicide, or maybe this case involving mass-leaks is sufficient? We are fully aware that the European Community is batch-copying the United States, not only in structure but also funnily in port and language, but needless to say that plastering Mr. Edward Snowden's face allover European Union pages on whistle-blowing and the bad-evil hackers, but then turning down a 500 person data leak does invalidate their concerns on being hacked by the U.S. - surely, "they'd care if they care", for a lack of a better emphasis of a double-standard. Perhaps the U.S.A. should also provide hints to the EU about which hacker they should be upset about and when, even if the U.S. hacked them initially? Or perhaps the source should wear a suit and tie, as it is somehow traditional on the Eastern-side of the Berlin wall, because without a suit and tie facts have no value? Contrary to Mr. Dulea's slander, the source claims they are not seeking any sort of "attention" but that they are more "amazed" by the complete lack of response (in terms of actual measures) from any of these institutions that match the profile very closely of the case, with pursuing these cases further being fueled more by exactly that amazement, rather than "being a wannabe hero" - after all, the first time Mr. Lüeders asked the source to divulge the identity of the people involved, the source told Mr. Lüeders that it is their opinion that the IFIN-HH should be grazed to the ground and instead of institutes, there should be saloons made for cool people such as the source to, well, tan their balls.

Departing the case by far, and involving all the other cases, in such a context where all these checks and measures EU institutions are just existing "prophylactically", it makes quite a lot of sense that tragedies can happen at any time. Ultimately, the source "discovered" the breach, please bear that in mind, but that someone with ill-intentions would maybe not have pushed for a resolution, but perhaps even monetized the opportunity in the off-hours. Similarly, you can realize that someone with ill-intentions could have dealt a lot of damage, with these institutions being careless the very same way, if petitioned by someone else. It reminds one of the many tragedies have appeared in the press either regarding Romania, the EU or geographic Europe in general, where apparently a foreign force can just waltz in do whatever they like with the said institutions just playing paddy-cake with the responsibility. Nevertheless, more than other cases, this case demonstrates the complicity of the European Union in such matters: the EU loves to claim how they do not intervene and put up the strawman argument about sovereignty, however the EU does not hesitate to finance these institutions via European projects, to name one example, which is probably the main financing backing the IFIN-HH (the source claims that at some point, the IFIN-HH did not even have the money to pay wages). In this sense, the effect of the EU "intervening" is immediately observable, with the people responsible still being employed and with these issues going not only unsanctioned but also unaddressed (because it is highly unlikely that the "manners" would have drastically changed given the exact same staff within the department). What is extremely ironic, is that upon contacting various institutions, the source was asked by an European institution (that will remain unnamed, obviously, because it at least has a shimmer of being functional such that divulging its name would not be wise) to file a complaint with The European Anti-Fraud Agency (OLAF) and then to let them know what OLAF answered. Here is the response from OLAF:

most of which is just closely compacted stupidity, for the following reasons:

The response was handed back to the institute that asked for the complaint to be filed with OLAF and the source moved on.

To close this chapter, let's just say that the source had other "receptions" and involving near-death experiences, which, in context, would just be too naive to be incidental, rather than planned as a response to the former. Maybe the EU can assassinate the whistleblowers for daring to inform / help them? Then again with such a huge octopus as the EU one cannot wonder that no measures are taken due to political interests. Otherwise, we heard that it is a journalist's highest honor to have an assassination attempt on record by the C.I.A., but even if that were true, we're doing things ass-backwards here with the information getting out only after the assassination attempt taking place (which is convenient). To some degree, the authoritarian shift on the planet seems to have these cases as good justification because it is clear that there is wide-range of people in the wrong here, such that the only other option for the people responsible to keep themselves in power is to just carry out summary executions of the whistleblowers because in the event that any of this is brought to justice, most of these people would have to be behind bars. Obviously, that will not happen and just like other Romanian atrocities, the population will be persecuted until, hopefully, the source dies and the matter can be brushed over (or like a war so-very-conveniently broke out just after COVID, only to keep the people in charge extremely busy).

A More Ample Outlook

A part of the lack of reaction from people is due to Romania not being the kind of nation that is pro-efficient with computers and traditionally do not or cannot understand computing very well, with most of the "security" that Romania would have ever provided being more along the lines of "espionage" rather than security (ie: placing a camera in an employee's office, or harassing individuals with loud noises and breaking the law themselves in the process, contrasted to, say, being able to investigate a leak, even if the experise required to debug something as trivial as IMAP or POP is very low bar compared to other computing primitives). This is most of what ensued, as traditionally Romanian, with noisy neighbors trying to harass the source / whistleblower, the police paying visits to ask about random stuff, and the typical East-German stasi measures that any old-timer could recount. Even the source's lawyer explained to the source, after being shown the material of the cars, the flag and the rest that this is just typical of "filaje", which are part of, to use a fast term, sting operations carried out by the Romanian security services. Unfortunately, having the population ill-informed of their rights and keeping them in the dark with censorship and fear, also works for the people that know about the leak, such as Mr. Nicolae Victor Zamfir, Mr. Mihai Ciubancan or Mr. Nicolae Vasile, all of whom were very well-aware and decided to shut down the ticket as fast as possible, with Mr. Dulea sending various threats on tangential subjects that he just had to wait with, instead of letting it out later, untill "a data leak occurred".

On a more broad outlook though, it is somehow fortunate that Romanians have little capabilities and even the source stated during the interview with us that they will never ever be teaching or providing any sort of technology to Romania or Romanians in general. The problem is that it is unsure whether the technology provided by, say, NATO or other espionage agencies that are now allied with Romania, will not be co-opted and then recycled in order to be used to strike at the population at large, rather than, say, used to determine whether a fire would occur at the Collectiv club. It is clear that the Romanians dispose of plenty of assets, given how this case was approached, and that those assets were made to work against the source, either to discredit them, or worse. If you would like a comparison to modern times, the Russian and Ukraine conflict leads to, say, tertiary issues where news outlets have reported that over 40% of the weaponry has gone "amiss", such that you now have high-tech weaponry floating around the planet that might end up in the hands of … well, people with little accounting for, such as kingpins and gangbangers in tribal republics. That being said, Romania is still highly tribal itself and has clearly demonstrated a war upon its citizens, even with famous press writing stuff about the security services wrestling with its own citizens, such that it can only be described as relief that Romania and Romanians are still very much primitive on the technological side, with keeping Romanian that way being more of a moral obligation. Quite frankly it is even unsettling that Romania has such a large representation at NATO, given that the mean average "opinion" of "the people" runs along the notion of "the end justifies the means". Ultimately, you are inviting people that want to cover up what happened at the death camps from the Danube-Black Sea communist initiative to advise on matters of "security" (wait, what?) and then wondering why your group or alliance is turning into a fascist force. Or as the saying goes, "you are what you eat".