MPs and peers ordered to change passwords after cyber attack
MPS AND peers returning to Parliament this morning were handed flyers ordering them to change their passwords following the cyber-attack on Westminster.
Instructions issued at the gates told pass holders that they must set “strong passwords” and avoid easy-to-guess phrases such as “summer2017”.
Up to 90 email accounts were compromised during the cyber attack on Westminster on Friday, parliamentary officials have said. Less than one per cent of the system’s 9,000 users were directly impacted by the “determined and sustained” attack.
The incident gave rise to blackmail fears after hackers tried to break in to the accounts of MPs, peers and their staff by searching for weak passwords. Investigations are under way to see whether any data has been lost.
Brian Lord, a former deputy director for Intelligence and Cyber Operations at GCHQ and now managing director of PGI, a cyber-security company, said: “What we’ve seen here is an external attempt which is called a “brute force attempt”, which is an attempt to try and break weak passwords in a system. It’s not a particularly sophisticated attack.”
He said there are a number of people or nation states that could be behind the attack as the dump of personal data indicated an attempt to “embarrass” or “use it as a foothold to get further into Government”.
However he added that it was “not a particularly difficult attack”.
He said: “I’m not saying this is a state actor. This is low level common mischievous activity. It’s not a really a particularly sophisticated or significant breach of Government systems.
“I personally don’t see this as a big massive issue. I see it as a low level attempt to breach systems which has been responded to - from what I can see — pretty well.”
Both Houses of Parliament met today as planned after staff worked to ensure the business of Parliament could continue in the wake of the hacking.
A parliamentary spokesman said: “Investigations are ongoing, but it has become clear that significantly fewer than one per cent of the 9,000 accounts on the parliamentary network have been compromised as a result of the use of weak passwords that did not conform to guidance issued by the Parliamentary Digital Service.
“As they are identified, the individuals whose accounts have been compromised have been contacted and investigations to determine whether any data has been lost are under way.” He said plans were in place to “resume wider IT services.”