MSPs hit by cyber attack
MSPS and high-ranking Holyrood staff were warned to be ‘vigilant’ last night after a cyber attack on the Scottish parliament.
The National Cyber Security Centre was called in after the ‘brute force’ incident which saw hackers try to access parliamentary systems yesterday lunchtime.
A spokesman for the Scottish Government said it is unclear where the attack came from, but security experts last night were following a trail through several countries across Europe.
It comes just six weeks after a similar attack on Westminster and months after ‘Wannacry’ malware was introduced into NHS trusts across
Britain, crippling computer systems and causing disruption to thousands of patients.
The attack was announced by Scottish Government chief executive Sir Paul Grice, who warned all MSPs and staff with parliamentary email addresses to be ‘vigilant’ after hackers attempted to guess passwords several times. Some staff were still unable to access their accounts last night.
In an email to staff yesterday, Sir Paul said: ‘The parliament’s monitoring systems have identified that we are currently the subject of a brute force cyber-attack from external sources.
‘This attack appears to be targeting parliamentary IT accounts in a similar way to that which affected the Westminster Parliament in June. Symptoms of the attack include account lockouts or failed log-ins. The parliament’s robust cyber security measures identified this attack at an early stage.
‘Our IT systems remain fully operational. It is essential that all IT account users remain vigilant.’
Users of the parliamentary email system have been asked to update weak passwords.
Sir Paul added: ‘Care should be taken in opening any emails from external sources.’
Parliamentary corporate body member David Stewart told MSPs in June that an independent review of ‘cyber security maturity’ had been carried out, and had ‘offered assurance that sufficient and effective arrangements are in place to manage cyber threats and risks’.
He added that parliament regularly takes advice from the police, the security services and the National Cyber Security Centre.
A Scottish Government spokesman said: ‘We can see which countries across Europe and further afield the attack was routed through, but that doesn’t confirm the place of origin.
‘We won’t list those countries through which the attack was routed but we have notified the National Cyber Security Centre. We can’t comment on the motive behind the cyber-attack but our IT systems remain fully operational and nothing further has been identified.’
Although it is unclear where the Holyrood attack originated, Russia and China were named as the prime suspects behind an unprecedented cyber attack on Westminster in June. Up to 90 email accounts were ‘compromised’.
In May, hackers in North Korea also crippled the IT systems of 48 NHS trusts, locking doctors and nurses out of their computers and causing thousands of operations to be cancelled.
Britain’s National Cyber Security Centre and the US National Security Agency concluded the global ransomware virus was launched by a hacking group called Lazarus, sources said. The gang has also been blamed for a string of hacks since 2009, including one on Sony Pictures in 2014.
It is unclear if the attack was sanctioned by North Korea’s government, but officials believe the gang was ‘sponsored by’ the rogue state’s spy agency, the Reconnaissance General Bureau.
The ‘WannaCry’ virus, which infected 300,000 computers in 150 countries, locked files until £230 was paid to release them.
It is thought £110,000 of ransoms were paid in online currency Bitcoin.
Yet the hackers do not seem to have cashed in the Bitcoins as an operational error made the payments too easy to track.
The National Cyber Security Centre was unavailable for comment last night.
‘We can’t comment on the motive’