Police and security services believe they know the identity of the man behind the Manchester suicide bombing. Speaking outside Downing Street after chairing a meeting of the Government’s emergency COBRA committee, the Prime Minister Theresa May said authorities are working to establish whether he was acting alone or as part of a group. She said the blast at Manchester Arena, which left 22 people dead1, was “among the worst terrorism we have experienced in the United Kingdom” and that the city had fallen victim to a “callous terrorist attack”. :: Live updates: 23-year-old man arrested after Manchester suicide bombing2
The target was a pop concert, the audience was a mixture of teenagers, many of them young girls, all out for a fun and innocent evening . Some were young enough to need chaperoning by parents or grandparents. If this does turn out to be an Islamist-inspired attack, the attacker has deliberately targeted everything his warped beliefs hate in a Western society. He has also demonstrated a deadly competence – he blew himself up as the high-spirited crowd streamed out of the arena after the concert .
The timing, and location of the explosion – just outside the main arena itself – suggests planning and shows he probably carried out a recce. The singer Ariana Grande is world-famous . She has more than 45 million followers on Twitter . Another basic but twisted way of guaranteeing this attack will resonate far. :: What we know so far3 The morning after the attack, a number of things will be happening simultaneously and with urgency. In Manchester, counterterrorism police from North West Command will be carrying out forensic work at the scene of the explosion.
They will try and find bomb-making signatures that might give a clue as to who was behind this attack. They will look for certain chemicals, such as triacetone triperoxide (TATP). :: Witness: ‘It was absolute carnage’4
TATP has been used by terrorists around the world, it is a favoured compound of Islamic State and it is relatively straightforward to make, but it is extremely unstable and lethal. It has been confirmed that the attacker died on the scene – this tells us that something is left of his body. That will be important in identifying him, either facially, through fingerprints, dental records or DNA. Once the security services are confident they have the right man, databases will be scoured . Was the attacker known to the security services ? Does he have known associates? His home will be searched .
So too the homes of any close relatives or friends. People might be detained, questioned and then released . Computers will be taken away and their contents and internet history studied. GCHQ will be looking for a digital trail and if necessary MI6 will speak to foreign partners to build a picture of who this man was and who he knew. Was he acting alone, a so-called lone-wolf (unlikely with this nature of attack), did he have supporters helping him in the UK, was he being remotely ‘directed’ by a centralised body (for example IS leadership in Raqqa)? These are all questions which will have been asked by the Prime Minister as she chaired the COBRA meeting. The most pressing questions of all though – was this part of a network and should the UK prepare for a secondary attack?
COBRA (the dramatic acronym for the mundane Cabinet Office Briefing Room) is attended by key members of Government, including the home and defence secretaries, the heads of the UK’s intelligence agencies and other relevant figures. The Foreign Secretary is in Brussels so wouldn’t have been there in person but could have dialled in, if necessary. The decision to raise the national threat level is one for JTAC – the Joint Terrorism Analysis Centre. It sits inside MI5’s headquarters on the banks of the River Thames, and acts independent from government although with input from government officials. The threat level is currently set at “severe”, one from the top . It means an attack is highly likely. If JTAC assesses that another attack is under way or imminent, it will raise that level to the highest – “critical”.
The security services have been warning that London isn’t the only target of terrorists wishing to attack the UK. Many smaller cities might be less prepared for an incident like this, but not Manchester. MI5 has a regional base in Bury, just on the outer edges of the city.
The police armed response unit is highly trained and on the scene within minutes of the attack. Now and in the coming days, armed police will patrol Manchester city centre, partly for reassurance, partly for increased security. And then there are 22 families, the morning after, at home, mourning the death of loved ones.
“The death of these children will remain with us forever,” a member of the city council told Sky News.
We have a role for an experienced Security Officer to join our team working a 7-day fortnight shift pattern, 6am to 6pm. To serve visitors by greeting, welcoming, and directing them appropriately; notifies company personnel of visitor arrival; maintains security and telecommunications system. Main duties include:
- Welcomes visitors by greeting them, in person or on the telephone; answering or referring inquiries.
- Directs visitors by maintaining employee and department directories; giving instructions.
- Maintains security by following procedures; monitoring logbook; issuing visitor badges.
- Maintains telecommunication system by following manufacturer’s instructions for house phone and console operation.
- Maintains safe and clean reception area by complying with procedures, rules, and regulations.
Maintains continuity among work teams by documenting and communicating actions, irregularities, and continuing needs.
- Contributes to team effort by accomplishing related results as needed.
- Receive and sort daily mail/deliveries/couriers.
- Working as part of a team to provide Conflict Resolution assistance at premises where there is potential for conflict
- A valid front line SIA License or current certificate of completion of SIA front line training.
- Ideally holds a valid First Aid Certificate.
- Some experience of working within a Facilities environment.
- Ability to use initiative when required.
- Excellent communication and interpersonal skills.
- Experienced in all Microsoft packages Word, Excel, Outlook & PowerPoint.
- Flexible in approach and responds positively to working under pressure.
- Professional/smart appearance
Job Type: Full-time
Required licence or certification:
Getty Images / UniversalImagesGroup / Contributor Update 13.05.2017: The NHS cyberattack appears to be slowing down after a security researcher says he “accidentally” hit the kill switch on the ransomware . Writing on the blog @malwaretechblog, the unnamed malware expert registered a domain name used by Wanna Decryptor, or WannaCrypt, and inadvertently killed it . The National
Cyber Security Centre then repurposed the blog1 to spread the message.
Original story The NHS cyberattack that hit hospitals across the UK is said to have been part of the biggest ransomware outbreak in history, according to Mikko Hypponen from F-Secure. Viruses, trojans, malware, worms – what’s the difference?2
Viruses, trojans, malware, worms – what’s the difference?
Commenting on the news, Hypponen said the Wanna Decryptor attack was unprecedented, while cyber security expert Varun Badwhar said it gave a glimpse of what a “cyber-apocalypse” would look like.
“We’ve never seen something spread this quickly in a 24-hour period across this many countries and continents,” explained Badwhar. “So it’s definitely one of those things we’ve always heard about that could happen and now we’re seeing it play out.”
The NHS hack is said to be creeping across the UK with reports of the ransomware attack hitting a range of other organisations in as many as 99 countries . In a statement, NHS Digital3 confirmed a number of NHS organisations had been affected by a ransomware attack . The investigation is at an early stage but we believe the malware variant is Wanna Decryptor4, a spokesperson said.
At this stage, we do not have any evidence that patient data has been accessed . We will continue to work with affected organisations to confirm this. Hackers use ransomware6 to infect a computer or system before holding files hostage until a ransom is paid . It can infect a computer via a trojan, virus or worm. Wanna Decryptor encrypts users files using AES and RSA encryption ciphers meaning the hackers can directly decrypt system files using a unique decryption key . Victims may be sent ransom notes with instructions in the form of !Please Read Me!.txt files, linking to ways of contacting the cybercriminals .
Wanna Decryptor changes the computer’s wallpaper with messages (as seen in tweets from affected NHS sites) asking the victim to download a decryptor from Dropbox . This decryptor demands hundreds in bitcoin7 to work. Affected machines are said to have six hours to pay, and every few hours the ransom goes up. “Most folks that have paid up appear to have paid the initial $300 in the first few hours,” said Kurt Baumgartner, principal security researcher at Kaspersky Lab. They added that the attack was not specifically targeted at the NHS because it is affecting “organisations from across a range of sectors” and NHS Digital is working with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations. The NHS incident appears to be part of a global cybersecurity incident with malware spreading to multiple organisations around the world . Security firm Check Point and Avast have said there have been 75,000 attacks in 99 countries . Telefonica in Spain has been the biggest confirmed incident outside of the UK but it also reports issues in Russia, Turkey, Indonesia, Vietnam, Japan, and Germany.
A spokesman for the National Cyber Security Centre8 and National Crime Agency said they were responding to an “ongoing international cyber incident” and confirmed there was no indication medical data or personal information has been compromised.” The specialist cyber crime officers from the NCA and police forces are now working with hospitals to respond to the attack preserve evidence . Read their advice on protecting yourself from ransomware9. A live map10 tracking the malware has plotted thousands of incidents around the world . Although, it is not confirmed these are all the latest version of the malware . This map tracks incidents of wcrypt and reveals how many of the botnets are online, and offline, in real-time . A Unique IP chart below the map reveals the number of new botnets coming online, and the total . As of 7.17pm BST, there were 189 new, and 1,821 total botnets (up from nine just an hour earlier.) It is said that 24 NHS organisations have been hit .
The full list is below:
- Mid Essex Clinical Commissioning Group
- Wingate Medical Centre
- NHS Liverpool Community Health NHS Trust
- East Lancashire Hospitals NHS Trust
- George Eliot Hospital NHS Trust in Nuneaton, Warwickshire
- Blackpool Teaching Hospitals NHS Trust
- St Barts Health NHS Trust
- Derbyshire Community Health Services
- East and North Hertfordshire Clinical Commissioning Group
- East and North Hertfordshire Hospitals NHS Trust
- Sherwood Forest NHS Trust
- Nottinghamshire Healthcare
- Burton Hospitals NHS Foundation Trust
- United Lincolnshire Hospitals NHS Trust
- Colchester General Hospital
- Cheshire and Wirral Partnership NHS Foundation Trust
- Northern Lincolnshire and Goole NHS Foundation Trust
- North Staffordshire Combined Healthcare NHS Trust
- Cumbria Partnership NHS Foundation Trust
- Morecombe Bay NHS Trust
- University Hospitals of North Midlands NHS Trust
- NHS Hampshire Hospitals
- Kent Community Health NHS Foundation Trust
- Plymouth Hospitals NHS Trust
- ^ blog (www.ncsc.gov.uk)
- ^ Viruses, trojans, malware, worms – what’s the difference? (www.wired.co.uk)
- ^ NHS Digital (digital.nhs.uk)
- ^ Wanna Decryptor (www.wired.co.uk)
- ^ Subscribe to WIRED (www.wired.co.uk)
- ^ ransomware (wired.uk)
- ^ bitcoin (www.wired.co.uk)
- ^ National Cyber Security Centre (www.wired.co.uk)
- ^ protecting yourself from ransomware (www.ncsc.gov.uk)
- ^ live map (intel.malwaretech.com)