I actually lived in Manor Street for a number of years and use to hang out on that corner – just saying!
A British Army Explosive Ordnance Disposal Technical Officer approaches a suspect device at the junction of Manor Street and Oldpark Road in Belfast, Northern Ireland. The Manor Street marked the line between protestant and catholic neighbourhoods. The quotation on the sign on the building to the left is from the Old Testament (Amos 4:12) and it reads:
“Prepare to meet your God“.
Probably the most discouraging thing to possibly read before approaching something that may or may not blow you to pieces.
What is even more morbid is that the technician pictured is already within the “kill” radius for an explosive of that size. Fortunately, the technician in this photo did not lose his life, the bomb did not explode.
The Ammunition Technicians of the Royal Logistic Corps became highly experienced in bomb disposal, after many years of dealing with bombs planted by the Provisional Irish Republican Army (PIRA) and other groups. The bombs employed by the PIRA ranged from simple pipe bombs to sophisticated victim-triggered devices and infra-red switches.
The roadside bomb was in use by PIRA from the early 1970s onwards, evolving over time with different types of explosives and triggers. Improvised mortars were also developed by the IRA, usually placed in static vehicles, with self-destruct mechanisms. During the 38-year campaign in Northern Ireland, 23 British ATO bomb disposal specialists were killed in action.
The EOD squad who served in Northern Ireland pioneered gears and tactics. For example the first EOD robot was made from a wheelchair stolen from a hospital and a various pulleys and some bits of wood. Also they were first to use the protective suit. The EOD suit only protects from the shrapnel that is ejected by an explosive device, it does not prevent the technician from being killed by the pressure wave produced by a large explosion.
The issue is that the bomb suit stops fragmentation injuries, but explosive force doesn’t care about the suit. Either the explosive force hits you without it and you haemorrhage and die, or it hits the suit and the suit hits you and you haemorrhage and die. It’s useful, but for smaller pipe – bombs, grenades, and small IED objects.
————————
Bomb Disposal
Bomb disposal is the process by which hazardous explosive devices are rendered safe. Bomb disposal is an all-encompassing term to describe the separate, but interrelated functions in the military fields of explosive ordnance disposal (EOD) and improvised explosive device disposal (IEDD), and the public safety roles of public safety bomb disposal (PSBD) and the bomb squad.
Northern Ireland
The Ammunition Technicians of the Royal Logistic Corps (formerly RAOC) became highly experienced in bomb disposal, after many years of dealing with bombs planted by the Provisional Irish Republican Army (PIRA) and other groups. The bombs employed by the PIRA ranged from simple pipe bombs to sophisticated victim-triggered devices and infrared switches. The roadside bomb was in use by PIRA from the early 1970s onwards, evolving over time with different types of explosives and triggers.
Improvised mortars were also developed by the IRA, usually placed in static vehicles, with self-destruct mechanisms. During the 38-year campaign in Northern Ireland, 23 British ATO bomb disposal specialists were killed in action.
A specialist Army unit, 321 EOD Unit (later 321 EOD Company, and now part of 11 Explosive Ordnance Disposal Regiment RLC), was deployed to tackle increased IRA violence and willingness to use bombs against both economic and military targets.
The unit’s radio call-sign was Felix. Many believe this to be an allusion to the cat with nine lives and led to the phrase “Fetch Felix” whenever a suspect device was encountered, which later became the title of the 1981 book Fetch Felix. However, the real reason could be either of two possibilities.
All units in Northern Ireland had a callsign to be used over the radios. 321 Company, a newly formed unit, didn’t have such a callsign, so a young signaller was sent to the OC of 321 Coy. The OC, having lost two technicians that morning, decided on “Phoenix“.
This was misheard as “Felix” by the signaller and was never changed. The other possible reason is that the callsign for RAOC was “Rickshaw”; however, the 321 EOD felt it needed its own callsign, hence the deliberate choice of “Felix the Cat with nine lives”.
321 Coy RAOC (now 321 EOD Sqn RLC) is unique in that it is the most decorated unit (in peace time) in the British Army with over 200 gallantry awards, notably for acts of great bravery during Operation Banner (1969–2007) in Northern Ireland.
British Ammunition Technicians of 11 EOD Regiment RLC were requested by the US Forces commanders to operate in support of the US Marine Corps in clearing the Iraqi oilfields of booby traps and were among the first British service personnel sent into Iraq in 2003 prior to the actual ground invasion.
See below for other Iconic Pictures & pictures that changed the world.
I posted this question on Twitter yesterday after a few people people pulled me up for calling it Potato Bread and not a Tatti Scone. I had been blogging about food I like and the wife found gross and naturally I included my childhood favorite Potato Bread .
This slideshow requires JavaScript.
And so the debate began.
To date the Scottish vote is embarrassingly in front with a whopping 5.6 k votes and the Northern Ireland vote is a shameful 235 – and this must be put right.
If you would like to vote and address this outrageous imbalance go to my Twitter page @bfchild66 and look for the Tweet in question or click the link below.
Lets settle this – is this Potato Bread or Tattie Scone?
Retweet = Potato Bread
Like = Tatti Scone pic.twitter.com/arHnUxHEI1
The motto has been used by twelve elite special forces units around the world that in some way have historical ties to the British SAS.
An early statement of the idea is ‘τοῖς τολμῶσιν ἡ τύχη ξύμφορος’ (“fortune favours the bold”) from the Ancient Greek soldier and historian Thucydides.
. ‘C Squadron (Rhodesia) Special Air Service’ Mil. Abbrev. ‘C Sqn SAS’. Later ‘Rhodesian Special Air Service Regiment’ in Kabrit Barracks, Salisbury (now Harare)
She is most notable for her characteristic emotional and sometimes vitriolic tone, described as “passionate”, “vaguely menacing”, and “aggressive”. Ri made the official announcements of the deaths of Kim Il-sung in 1994 and Kim Jong-il in 2011. In a news report by CCTV News on 24 January 2012, Ri announced her retirement as chief newsreader at KCTV. She has periodically reappeared on television in the years since, typically to make an announcement regarding the country’s militaristic developments.
Ri was born in 1943 to a poor family in Togchon, Gangwon, Japanese Korea. She was cultivated by the North Korean government because of her background of abject poverty, which is considered a sign of political trustworthiness in the country. Ri studied performance art at Pyongyang University of Theatre and Film and was recruited by KCTV.
Career
Ri began work onscreen in 1971, became chief news presenter of KCTV in 1974, and was consistently on‑air from the 1980s. Her career was unique for its longevity; while many at KCTV were demoted or purged, her career was never interrupted. After retiring in January 2012, she came out of retirement especially to announce that North Korea claims to have carried out an H-bomb detonation in January 2016 and that North Korea had launched a missile in February 2016. She also announced the nuclear test of September 2016.
Style
Ri has received high acclaim from the North Korean authorities for her resonant voice, impressive mood and outstanding eloquence. She is known for her melodramatic announcing style. She often speaks in a wavering and exuberant tone when praising the nation’s leaders, and conversely with visible anger when denouncing the West.
According to Brian Reynolds Myers, a professor at Dongseo University and an expert in North Korean propaganda, her training in drama serves her well, given the large amount of showmanship that is typical of North Korean broadcasting.
When she made the official announcement of Kim Il-sung’s death in 1994, Ri was visibly crying during the broadcast. Likewise, when she announced Kim Jong-il’s death in 2011, she was seen holding back tears. Her melodramatic style has been parodied in the character of Kim Bong Cha, a North Korean correspondent on The Noose.
Ri usually appears wearing either a pink, Western-style suit or in a traditional Korean hanbok
Isis recruiter Sally Jones reportedly wants to leave Raqqa and return to Britain
Sally Jones, the leading female recruiter for Isis, reportedly wants to leave Raqqa and come home to Britain. The former punk rocker who married a now-dead Isis fighter and took her son to Syria has been “crying and wants to get back to Britain,” according to reports.
Sky News spoke to an immigrant to the so-called Islamic caliphate now under Kurdish guard in a refugee camp who said that few immigrants wanted to join the war. “Aisha” told Sky News that she knew Jones
When asked if she met many British people, Aisha replied:
“I know one-Umma Hussain al Britani”.
She used Jones’ nom de guerre, according to Sky News. Jones was married to Junaid Hussain, Isis’ chief of digital jihad who was killed by a US drone strike in 2015.
“She lost her husband in battle last year. She had one boy,” Aisha continued.
Jones’ son Jojo was born in the UK and is about 12 years old. The boy’s grandparents and father expressed their fears in 2016 that he had been brainwashed into becoming an executioner for the terrorist group. A chilling video released by Isis shows a group of boys executing five Kurdish fighters.
Aisha said: “She was crying and wants to get back to Britain but Isis is preventing her because she is now a military wife. She told me she wish to go to her country.” Sky News noted that if that is in fact what Jones wants, she will have to be prepared to give up her jihadi recruiting and prepare to exchange life in Raqqa for a lifetime in prison.
Jones reportedly rose up a US kill list back in May, with analysts believing she was behind several Isis terror plots. “Mrs Terror,” as Jones has been dubbed, is reportedly behind more than 10 operations that targeted army personnel and civilians.
The first day of the Battle of the Somme, in northern France, was the bloodiest day in the history of the British Army and one of the most infamous days of World War One.
On 1 July 1916, the British forces suffered 57,470 casualties, including 19,240 fatalities. They gained just three square miles of territory. British and German troops faced each other’s trenches only separated by a few hundred yards of “no-man’s land”.
The British force consisted of soldiers from Britain and Ireland, as well as troops from Newfoundland, South Africa and India.
The British generals staged a massive artillery bombardment and sent 100,000 men over the top to take the German trenches.
They were confident of victory. But the British soldiers were unable to break through the German defences and were mown down in their thousands by machine gun and artillery fire.
This day set a bloody precedent: the Somme campaign wore on for five months and, in all, more than a million soldiers from the British, German and French armies were wounded or killed.
The attack began on Friday, 12 May 2017, and within a day was reported to have infected more than 230,000 computers in over 150 countries. Parts of the United Kingdom’s National Health Service (NHS), Spain’s Telefónica, FedEx and Deutsche Bahn were hit, along with many other countries and companies worldwide.
Shortly after the attack began, Marcus Hutchins, a 22-year-old web security researcher from North Devon in England, who blogs as “MalwareTech”, discovered an effective kill switch by registering a domain name he found in the code of the ransomware. This greatly slowed the spread of the infection, effectively halting the initial outbreak on Monday, 15 May 2017, but new versions have since been detected that lack the kill switch.
Researchers have also found ways to recover data from infected machines under some circumstances.
WannaCry propagates using EternalBlue, an exploit of Windows’ Server Message Block (SMB) protocol. Much of the attention and comment around the event was occasioned by the fact that the U.S. National Security Agency (NSA) had already discovered the vulnerability, but used it to create an exploit for its own offensive work, rather than report it to Microsoft.
However, many Windows users had not installed the patches when, two months later on May 12, 2017, WannaCry used the EternalBlue vulnerability to spread itself. The next day, Microsoft released emergency security patches for Windows 7 and Windows 8.
Those still running older, unsupported versions of Microsoft Windows, such as Windows XP and Windows Server 2003, were initially at particular risk, but Microsoft released an emergency security patch for these platforms as well. Almost all victims of the cyberattack were running Windows 7, prompting a security researcher to argue that its effects on Windows XP users were “insignificant” in comparison.
Within four days of the initial outbreak, security experts said that most organizations had applied updates, and that new infections had slowed to a trickle.
Several organizations released detailed technical writeups of the malware, including Microsoft, Cisco, Malwarebytes,Symantec and McAfee.
The “payload” works in the same fashion as most modern ransomware: it finds and encrypts a range of data files, then displays a “ransom note” informing the user and demanding a payment in bitcoin.
It is considered a network worm because it also includes a “transport” mechanism to automatically spread itself. This transport code scans for vulnerable systems, then uses the EternalBlue exploit to gain access, and the DoublePulsar tool to install and execute a copy of itself.
WannaCry
Screenshot of the ransom note left on an infected system
Date
12 May 2017 – 15 May 2017
(initial outbreak)
Location
Worldwide
Also known as
Transformations:
Wanna → Wana
Cryptor → Crypt0r
Cryptor → Decryptor
Cryptor → Crypt → Cry
Addition of “2.0”
Short names:
Wanna → WN → W
Cry → CRY
The software contained a URL that, when discovered and registered by a security researcher to track activity from infected machines, was found to act as a “kill switch” that shut down the software before it executed its payload, stopping the spread of the ransomware. The researcher speculated that this had been included in the software as a mechanism to prevent it being run on quarantined machines used by anti-virus researchers;
he observed that some sandbox environments will respond to all queries with traffic in order to trick the software into thinking that it is still connected to the internet, so the software attempts to contact an address which did not exist, to detect whether it was running in a sandbox, and do nothing if so. He also noted that it was not an unprecedented technique, having been observed in the Necurs trojan.
On 19 May, it was reported that hackers were trying to use a Mirai botnet variant to effect a distributed attack on WannaCry’s kill-switch domain with the intention of knocking it offline. On 22 May, @MalwareTechBlog protected the domain by switching to a cached version of the site, capable of dealing with much higher traffic loads than the live site.
EternalBlue exploits a vulnerability in Microsoft‘s implementation of the Server Message Block (SMB) protocol. This Windows vulnerability was not a zero-day flaw, but one for which Microsoft had released a “critical” advisory, along with a security patch to fix the vulnerability two months before, on 14 March 2017.
The day after the WannaCry outbreak Microsoft released updates for these too.
DoublePulsar
DoublePulsar is a backdoor tool, also released by The Shadow Brokers on 8 April 2017,[35] Starting from 21 April 2017, security researchers reported that computers with the DoublePulsar backdoor installed were in the tens of thousands By 25 April, reports estimated the number of infected computers to be up to several hundred thousands, with numbers increasing exponentially every day.
The WannaCry code can take advantage of any existing DoublePulsar infection, or installs it itself.
Attribution
Linguistic analysis of the ransom notes indicated the authors were likely fluent in Chinese and proficient in English, as the versions of the notes in those languages were probably human-written while the rest seemed to be machine-translated.
This could also be either simple re-use of code by another group or an attempt to shift blame—as in a cyber false flag operation; but a leaked internal NSA memo is alleged to have also linked the creation of the worm to North Korea.
North Korea itself denies being responsible for the cyberattack.
Cyberattack
Map of the countries initially affected
On 12 May 2017, WannaCry began affecting computers worldwide, with evidence pointing to an initial infection in Asia at 7:44am UTC. The initial infection was likely through an exposed vulnerable SMB port, rather than email phishing as initially assumed.
When executed, the malware first checks the “kill switch” domain name;[c] if it is not found, then the ransomware encrypts the computer’s data,[58][27][59] then attempts to exploit the SMB vulnerability to spread out to random computers on the Internet, and “laterally” to computers on the same network.
As with other modern ransomware, the payload displays a message informing the user that files have been encrypted, and demands a payment of around $300 in bitcoin within three days, or $600 within seven days. Three hardcoded bitcoin addresses, or “wallets”, are used to receive the payments of victims. As with all such wallets, their transactions and balances are publicly accessible even though the wallet owners remain unknown.
As of 14 June 2017, at 00:18 ET, a total of 327 payments totaling $130,634.77 (51.62396539 XBT) had been transferred.
Organizations that had not installed Microsoft’s security update were affected by the attack. Those still running the older Windows XP were at particularly high risk because no security patches had been released since April 2014 (with the exception of one emergency patch released in May 2014). However, on the day after the outbreak, an emergency, out-of-band security update was released for XP and Windows Server 2003.
A Kaspersky Labs study reported that less than 0.1 percent of the affected computers were running Windows XP, and that 98 percent of the affected computers were running Windows 7. In a controlled testing environment, the cybersecurity firm Kryptos Logic found that they were unable to infect a Windows XP system with WannaCry using just the exploits, as the payload failed to load, or caused the operating system to crash rather than actually execute and encrypt files. However, when executed manually, WannaCry could still operate on Windows XP.
Defensive response
Several hours after the initial release of the ransomware on 12 May 2017, while trying to establish the size of the attack, a researcher known by the name MalwareTech accidentally discovered what amounted to a “kill switch” hardcoded in the malware.
Registering a domain name for a DNS sinkhole stopped the attack spreading as a worm, because the ransomware only encrypted the computer’s files if it was unable to connect to that domain, which all computers infected with WannaCry before the website’s registration had been unable to do. While this did not help already infected systems, it severely slowed the spread of the initial infection and gave time for defensive measures to be deployed worldwide, particularly in North America and Asia, which had not been attacked to the same extent as elsewhere.
On 16 May 2017, researchers from University College London and Boston University reported that their PayBreak system could defeat WannaCry and several other families of ransomware.
Within four days of the initial outbreak, security experts were saying that most organizations had applied updates, and that new infections had slowed to a trickle.
It was discovered that Windows encryption APIs used by WannaCry may not completely clear from memory the prime numbers used to generate the payload’s private keys, making it possible to potentially retrieve the required key if they had not yet been overwritten or cleared from resident memory.
This behaviour was used by a French researcher to develop a tool known as WannaKey, which automates this process on Windows XP systems. This approach was iterated upon by a second tool known as Wanakiwi, which was tested to work on Windows 7 and Server 2008 R2 as well.
The scale of the attack and subsequent exposure of vulnerabilities prompted Micosoft to release new security updates for older versions of Windows that are no longer supported, including for Windows XP, Windows Server 2003, Windows XP Embedded and Windows 7 Embedded In a statement regarding the matter, the head of Microsoft’s Cyber Defense Operations Center, Adrienne Hall, said that
“Due to the elevated risk for destructive cyber-attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt [alternative name to WannaCry]”.
Advice on ransom
Experts advised against paying the ransom due to no reports of people getting their data back after payment and as high revenues would encourage more of such campaigns.
Impact
The ransomware campaign was unprecedented in scale according to Europol, which estimates that around 200,000 computers were infected across 150 countries. According to Kaspersky Lab, the four most affected countries were Russia, Ukraine, India and Taiwan.
The attack affected many National Health Service hospitals in England and Scotland, and up to 70,000 devices – including computers, MRI scanners, blood-storage refrigerators and theatre equipment – may have been affected. On 12 May, some NHS services had to turn away non-critical emergencies, and some ambulances were diverted.
In 2016, thousands of computers in 42 separate NHS trusts in England were reported to be still running Windows XP. NHS hospitals in Wales and Northern Ireland were unaffected by the attack.
Nissan Motor Manufacturing UK in Tyne and Wear, England, halted production after the ransomware infected some of their systems. Renault also stopped production at several sites in an attempt to stop the spread of the ransomware.
The attack’s impact is said to be relatively low compared to other potential attacks of the same type and could have been much worse had a security expert, who was independently researching the malware, not discovered that a kill-switch had been built in by its creators or if it had been specifically targeted on highly critical infrastructure, like nuclear power plants, dams or railway systems.
According to Cyber risk modeling firm Cyence, economic losses from the cyber attack could reach up to $4 billion, with other groups estimating the losses to be in the hundreds of millions.
EternalRocks
Via a honeypot mechanism, Security researcher Miroslav Stampar detected a new malware named “EternalRocks” that uses seven leaked NSA hacking tools and leaves Windows machines vulnerable for future attacks that may occur at any time. When installed, the worm names itself WannaCry in attempt to evade security experts.
Reactions
A number of experts highlighted the NSA‘s non-disclosure of the underlying vulnerability, and their loss of control over the EternalBlue attack tool that exploited it. Edward Snowden said that if the NSA had
“privately disclosed the flaw used to attack hospitals when they found it, not when they lost it, the attack may not have happened”.
British cybersecurity expert Graham Cluley also sees “some culpability on the part of the U.S. intelligence services”. According to him and others :
“they could have done something ages ago to get this problem fixed, and they didn’t do it”.
He also said that despite obvious uses for such tools to spy on people of interest, they have a duty to protect their countries’ citizens. Others have also commented that this attack shows that the practice of intelligence agencies to stockpile exploits for offensive purposes rather than disclosing them for defensive purposes may be problematic.
Microsoft president and chief legal officer Brad Smith wrote, “Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.”[104][105][106] Russian President Vladimir Putin placed the responsibility of the attack on U.S. intelligence services, for having created EternalBlue.
On 17 May, United States bipartisan lawmakers introduced the PATCH Act that aims to have exploits reviewed by an independent board to:
“balance the need to disclose vulnerabilities with other national security interests while increasing transparency and accountability to maintain public trust in the process”.
The United States Congress will also hold a hearing on the attack on June 15. Two subpanels of the House Science Committee will hear the testimonies from various individuals working in the government and non-governmental sector about how the US can improve its protection mechanisms for its systems against similar attacks in the future.
A cybersecurity researcher, working in loose collaboration with UK’s National Cyber Security Centre, researched the malware and discovered a “kill switch”. Later globally dispersed security researchers collaborated online to developopen source tools that allow for decryption without payment under some circumstances. Snowden states that when “[NSA]-enabled ransomware eats the Internet, help comes from researchers, not spy agencies” and asks why this is the case.
Other experts also used the publicity around the attack as a chance to reiterate the value and importance of having good, regular and securebackups, good cybersecurity including isolating critical systems, using appropriate software, and having the latest security patches installed.Adam Segal, director of the digital and cyberspace policy program at the Council on Foreign Relations, stated that:
“the patching and updating systems are broken, basically, in the private sector and in government agencies”.
In addition, Segal said that governments’ apparent inability to secure vulnerabilities
“opens a lot of questions about backdoors and access to encryption that the government argues it needs from the private sector for security”.
“the current attacks show how vulnerable our digital societyis. It’s a wake-up call for companies to finally take IT security [seriously]”.
The effects of the attack also had political implications; in the United Kingdom, the impact on the National Health Service quickly became political, with claims that the effects were exacerbated by Government underfunding of the NHS; in particular, the NHS ceased its paid Custom Support arrangement to continue receiving support for unsupported Microsoft software used within the organization, including Windows XP.
Others argued that hardware and software vendors often fail to account for future security flaws, selling systems that − due to their technical design and market incentives − eventually won’t be able to properly receive and apply patches. The NHS denied that it was still using XP, claiming only 4.7% of devices within the organization ran Windows XP.
Petya virus – is it ransomware and which companies have been hit by the global cyber attack?
It’s locking users out of their computers and demanding a payment from them.
A CYBER attack dubbed “Petya” has hit computer servers around the world crippling companies in Britain, Europe and Chernobyl.
What is the Petya?
Petya is a malicious software which targeted victims in the UK, Europe and the US with computer screens warning that their files and systems would be destroyed if they did not send the equivalent of about £300 in bitcoin.
Travis Farral, director of security strategy at tech firm Anomali, said: “This is a global attack. Just like WannaCry, organisations are locked out of their networks and a fee demanded to decrypt files.
“Bitcoin payments are currently already at $2,000+ already. But it’s essential that victims understand that payment may not actually allow them to access their data, and may just fund hackers to commit further crimes.”
The cyber-assault is particularly severe because it is understood that just 10 out of 61 antivirus programs are capable of tackling it.
The source of the attacks was not immediately clear.
belfastchildis.com 