Blackmail fears after cyber attack
BRITAIN: Parliament has suffered an unprecedented cyber attack after hackers launched a ‘‘sustained and determined’’ attempt to break into MPs’ email accounts.
The ‘‘brute force’’ assault lasted more than 12 hours on Friday (local time) as unknown hackers repeatedly probed ‘‘weak’’ passwords of politicians and aides.
Parliamentary officials were forced to lock MPs out of their own email accounts as they scrambled to minimise the damage from the incident.
The network affected is used by every MP including Theresa May, the Prime Minister, and her cabinet ministers for dealing with constituents.
Experts warned that politicians could be exposed to blackmail or face a heightened threat of terrorist attack if emails were accessed.
MPs also apologised to their constituents and expressed concerns that sensitive and private information shared with them may have leaked.
Fears were raised by cyber specialists that ‘‘state actors’’ such as Russia, China or North Korea could be behind the attack - though Government sources said it was to early for conclusions.
It comes just weeks after more than 40 NHS trusts were affected by a cyber attack that locked nurses and doctors out of their computers.
Liam Fox, the International Trade Secretary, said the attack was a ‘‘warning to everyone we need more security and better passwords’’. He added: ‘‘You wouldn’t leave your door open at night.’’
The attack was launched on Friday morning and targeted the 9000 people who have email accounts on Parliament’s internal network. All 650 MPs have parliamentary email accounts as well as peers, political aides, constituency staff and officials who work in the building.
Rob Greig, director of the Parliamentary Digital Service, wrote: ‘‘Earlier this morning we discovered unusual activity and evidence of an attempted cyber-attack on our computer network.
‘‘Closer investigation by our team confirmed that hackers were carrying out a sustained and determined attack on all parliamentary user accounts in attempt to identify weak passwords. These attempts specifically were trying to gain access to users emails. We have been working closely with the National Cyber Security Centre (NCSC) to identify the method of the attack and have made changes to prevent the attackers gaining access, however our investigation continues.’’
Security sources said the attack was the biggest they could remember on Parliament but had been brought under control by Friday evening. They said it was a ‘‘brute force’’ attack, which involves firing messages at email accounts in an attempt to find a weak password and gain entry. These are more rudimentary than ‘‘spearhead’’ attacks, such as emails that contain viruses. It remains unclear whether the hackers gained access to email accounts.
Andrew Bridgen, the Tory MP for North West Leicestershire, raised concerns about ‘‘confidential information’’ shared by voters with their local politicians. ’’People come to us with their worse problems in their life in the confidence that their emails are secure. If people thought our emails were not secure it would undermine our constituents’ confidence and trust in approaching their MP at a time of crisis.’’
Sean Sullivan, adviser to F-secure, a cyber security company, said
MPs’ emails would provide a trove of information for criminal gangs or to hostile states. ‘‘This information could be used to launch a terrorist attack or for blackmail plots.’’ - Telegraph Group