I only have a gut feel on that, but I'd say yes. My impression is that CM has a packet-level understanding, as well as a decent handle on the tools and methods used to authenticate. I don;t know what hardware level access (at the chan/destination) and hardware level knowledege (of the Q/sender) is available.
I noticed that Q mentioned multiple sending hardware, "We are being attacked on all devices used to talk." and also had awareness that somebody else (CM) had been locked out of GA. That suggests routine audit/confirmation of security.
Staying ahead of the turkeys and wolves has to be a major task.
Regarding questions about possibility of CM setting up a site heavily layered and protected that cannot be compromised. ANY and all systems can be compromised. You build the systems with maximum security methods but it is impossible to completely safeguard. Even systems not connected to Internet are vulnerable. Remember stuxnet.
Many bad actors are wanting to silence awakening. Cause doubt and confusion. Use of trip codes very smart approach by CM.