China accused of hacking Holyrood
CHINA has been accused of being behind the recent cyber attack on the Scottish Parliament by senior Holyrood figures. What was described as a “brute force” attack last month caused days of disruption, just weeks after a hack on email accounts at Westminster.
Senior Holyrood sources told the Sunday Herald that China, which is estimated to have a “hacker army” of up to 100,000 people, is suspected of being behind the attack.
Experts suggest that “hack attacks” of this sort can be a “test” designed to learn about foreign governments’ IT security systems. At the time of the attack it was said only that “external sources” had tried to hack Holyrood email accounts by attempting to crack their passwords. No accounts were compromised, but the prolonged attack meant that MSPs could not access their emails remotely and passwords had to be changed.
In a message to staff, Holyrood chief executive Paul Grice said “robust cyber security measures” identified the attack early, and systems remained “fully operational”.
David Stewart of the Parliamentary Corporate Body (the PCB is responsible for the running of Parliament) had previously reassured MSPs that a review of cyber-security had been undertaken, which had “offered assurance that sufficient and effective arrangements are in place”.
It was also revealed on Friday that hackers had made repeated attempts to break into the Scottish Government’s networks over the last two years, forcing ministers to spend £2 million to protect the public. The Holyrood attack was similar to the one carried out on Westminster in June, in which up to 90 email accounts with weak passwords were believed to have been targeted.
According to several reports, the Russian government was suspected of being behind the Westminster breach.
However, two Holyrood sources told this newspaper that the Scottish Parliament incident was linked to China, not Russia. While Russia is known for deploying hacking as a way of gathering intelligence – the recent US presidential election being the prime example – China has a track record in corporate cyber-espionage.
China is considered to be the world’s hacking superpower and Western countries have entered into loose agreements on combating the cyber-threat from Beijing. Experts told the Sunday Herald that finding conclusive evidence which links a country to a cyber attack is notoriously difficult.
They also cited a variety of reasons for why countries engage in cyber-hacking parliaments and other state institutions. Dr Omair Uthmani, programme leader of the networking and security degrees at Glasgow Caledonian University, said: “It might simply be blind probing, to see how strong the defences are on a certain infrastructure. Certainly the fact [that the attack] has been detected is one way of saying ‘we probed the defences in one area, and we had a reaction, so that is probably not the way to do it the second time around’.”
Dr Daniel Dresner, a cyber security expert at Manchester University, echoed the GCU academic’s view: “People will often carry out an attack as a bit of experimentation, to see how far they can get, or see what the reactions are – or carry out an attack on one part of the system, while they are infiltrating something else completely.”
Defence expert Dr Phillips O’Brien, based at St Andrews University, said that the cyber attackers could have been “testing vulnerabilities”.
He said: “Scotland could be an easy target to try to see how vulnerable it is, what systems they have, what defences they have.” O’Brien also said of cyber-hacking: “You can bring a country to its knees very quickly.”
Ewan Lawson, a research fellow at the Royal United Services Institute for Defence and Security Services, said there were two aims behind such attacks: “One, gathering up information as available there and then. But, two, if you are cracking passwords and don’t get caught, then of course you can be streaming the data on a continual basis until such time as you are caught.”
Lawson said hacking was “very, very widespread”. He added that most major businesses, as well as the Government, were “confronting a problem daily ... in part, because it is not too difficult to do. While a load of emails from the Scottish Parliament to constituents might not seem particularly interesting, there will be nuggets. If you were a member of party A, and you are criticising your leader, and that information becomes available, that has a value to somebody.”
A Scottish Parliament spokesperson said: “We can see which countries the attack was routed through, but that doesn’t confirm the place of origin. We won’t list those countries through which the attack was routed but we are liaising with the National Cyber Security Centre.”