China ac­cused of hack­ing Holy­rood


CHINA has been ac­cused of be­ing be­hind the re­cent cy­ber at­tack on the Scot­tish Par­lia­ment by se­nior Holy­rood fig­ures. What was de­scribed as a “brute force” at­tack last month caused days of dis­rup­tion, just weeks af­ter a hack on email ac­counts at West­min­ster.

Se­nior Holy­rood sources told the Sun­day Her­ald that China, which is es­ti­mated to have a “hacker army” of up to 100,000 peo­ple, is sus­pected of be­ing be­hind the at­tack.

Ex­perts sug­gest that “hack at­tacks” of this sort can be a “test” de­signed to learn about for­eign gov­ern­ments’ IT se­cu­rity sys­tems. At the time of the at­tack it was said only that “ex­ter­nal sources” had tried to hack Holy­rood email ac­counts by at­tempt­ing to crack their pass­words. No ac­counts were com­pro­mised, but the pro­longed at­tack meant that MSPs could not ac­cess their emails re­motely and pass­words had to be changed.

In a mes­sage to staff, Holy­rood chief ex­ec­u­tive Paul Grice said “ro­bust cy­ber se­cu­rity mea­sures” iden­ti­fied the at­tack early, and sys­tems re­mained “fully op­er­a­tional”.

David Ste­wart of the Par­lia­men­tary Cor­po­rate Body (the PCB is re­spon­si­ble for the run­ning of Par­lia­ment) had pre­vi­ously re­as­sured MSPs that a re­view of cy­ber-se­cu­rity had been un­der­taken, which had “of­fered as­sur­ance that suf­fi­cient and ef­fec­tive ar­range­ments are in place”.

It was also re­vealed on Fri­day that hack­ers had made re­peated at­tempts to break into the Scot­tish Gov­ern­ment’s net­works over the last two years, forc­ing min­is­ters to spend £2 mil­lion to pro­tect the pub­lic. The Holy­rood at­tack was sim­i­lar to the one car­ried out on West­min­ster in June, in which up to 90 email ac­counts with weak pass­words were be­lieved to have been tar­geted.

Ac­cord­ing to sev­eral re­ports, the Rus­sian gov­ern­ment was sus­pected of be­ing be­hind the West­min­ster breach.

How­ever, two Holy­rood sources told this news­pa­per that the Scot­tish Par­lia­ment in­ci­dent was linked to China, not Rus­sia. While Rus­sia is known for de­ploy­ing hack­ing as a way of gath­er­ing in­tel­li­gence – the re­cent US pres­i­den­tial elec­tion be­ing the prime ex­am­ple – China has a track record in cor­po­rate cy­ber-es­pi­onage.

China is con­sid­ered to be the world’s hack­ing su­per­power and Western coun­tries have en­tered into loose agree­ments on com­bat­ing the cy­ber-threat from Bei­jing. Ex­perts told the Sun­day Her­ald that find­ing con­clu­sive ev­i­dence which links a coun­try to a cy­ber at­tack is no­to­ri­ously dif­fi­cult.

They also cited a va­ri­ety of rea­sons for why coun­tries en­gage in cy­ber-hack­ing par­lia­ments and other state in­sti­tu­tions. Dr Omair Uth­mani, pro­gramme leader of the net­work­ing and se­cu­rity de­grees at Glas­gow Cale­do­nian Univer­sity, said: “It might sim­ply be blind prob­ing, to see how strong the de­fences are on a cer­tain in­fra­struc­ture. Cer­tainly the fact [that the at­tack] has been de­tected is one way of say­ing ‘we probed the de­fences in one area, and we had a re­ac­tion, so that is prob­a­bly not the way to do it the se­cond time around’.”

Dr Daniel Dres­ner, a cy­ber se­cu­rity ex­pert at Manch­ester Univer­sity, echoed the GCU aca­demic’s view: “Peo­ple will of­ten carry out an at­tack as a bit of ex­per­i­men­ta­tion, to see how far they can get, or see what the re­ac­tions are – or carry out an at­tack on one part of the sys­tem, while they are in­fil­trat­ing some­thing else com­pletely.”

De­fence ex­pert Dr Phillips O’Brien, based at St An­drews Univer­sity, said that the cy­ber at­tack­ers could have been “test­ing vul­ner­a­bil­i­ties”.

He said: “Scot­land could be an easy tar­get to try to see how vul­ner­a­ble it is, what sys­tems they have, what de­fences they have.” O’Brien also said of cy­ber-hack­ing: “You can bring a coun­try to its knees very quickly.”

Ewan Law­son, a re­search fel­low at the Royal United Ser­vices In­sti­tute for De­fence and Se­cu­rity Ser­vices, said there were two aims be­hind such at­tacks: “One, gath­er­ing up in­for­ma­tion as avail­able there and then. But, two, if you are crack­ing pass­words and don’t get caught, then of course you can be stream­ing the data on a con­tin­ual ba­sis un­til such time as you are caught.”

Law­son said hack­ing was “very, very wide­spread”. He added that most ma­jor busi­nesses, as well as the Gov­ern­ment, were “con­fronting a prob­lem daily ... in part, be­cause it is not too dif­fi­cult to do. While a load of emails from the Scot­tish Par­lia­ment to con­stituents might not seem par­tic­u­larly in­ter­est­ing, there will be nuggets. If you were a mem­ber of party A, and you are crit­i­cis­ing your leader, and that in­for­ma­tion be­comes avail­able, that has a value to some­body.”

A Scot­tish Par­lia­ment spokesper­son said: “We can see which coun­tries the at­tack was routed through, but that doesn’t con­firm the place of ori­gin. We won’t list those coun­tries through which the at­tack was routed but we are li­ais­ing with the Na­tional Cy­ber Se­cu­rity Cen­tre.”

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.