Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Parliament hit by cyber attack as hackers attempt to access MPs' email accounts

Hackers launch ‘sustained and determined attack’ on all parliamentary user accounts 

Lizzie Dearden
Saturday 24 June 2017 16:43 BST
Comments
Email systems in parliament were hacked
Email systems in parliament were hacked (Getty)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Hackers targeted Parliament’s email system in an attempt to access the accounts of hundreds of MPs, Lords, aides and staff.

Up to 90 accounts were said on Sunday to have been compromised, meaning less than 1 per cent of the system's users, as The Guardian claimed suspicion had fallen on Russia and North Korea.

Security services shut down access for anyone not in Westminster as part of efforts to secure the network after the allegedly state-sponsored attack.

“The Houses of Parliament have discovered unauthorised attempts to access parliamentary user accounts,” a parliamentary spokesperson told The Independent.

“We are continuing to investigate this incident and take further measures to secure the computer network, liaising with the National Cyber Security Centre (NCSC).

“We have systems in place to protect member and staff accounts and are taking the necessary steps to protect our systems.”

The Sunday Times quoted a security source as saying: “It was a brute force attack. It appears to have been state-sponsored.”

MPs were told of the cyber attack on Friday night and said they were unable to access their emails the following morning.

Tory MP Andrew Bridgen said such an attack could “absolutely” leave people open to blackmail.

An email sent to everyone using a parliamentary address said “unusual activity and evidence of an attempted cyber attack” had been discovered.

“Closer investigation by our team confirmed that hackers were carrying out a sustained and determined attack on all parliamentary user accounts in attempt to identify weak passwords,” said a message seen by the Huffington Post.

“These attempts specifically were trying to gain access to users’ emails.”

It said changes had been made to the system to prevent the attackers gaining access, shutting down access to emails and unspecified services via mobile phone, but access to systems on the Westminster state itself was unaffected.

Oz Alashe, a former special forces Lieutenant Colonel and chief executive officer of cyber security platform CybSafe, said compromising email accounts can merely be the “first step” in a wider attack.

“Email accounts represent a rich source of information for hackers, so compromising these accounts would often be the first step in a sophisticated cyber attack,” he added.

“With the disarray caused by the recent elections, and the resultant changes in parliamentary staff, it would be a prime time to use social engineering to obtain email passwords.

“Fortunately, it appears this attack has been detected early and locked down. Let’s hope no sensitive information has been lost to hackers.”

Mr Alashe told The Independent that the most common method for this type of attack was “brute force”, where considerable processing power is directed to running through as many possible combinations of passwords as possible in a short space of time.

“If it’s simply an attempt to hit a parliamentary domain and gain passwords it could be an individual, but equally it could be a state – it’s too early to tell,” he added.

The attempt came days after reports that Russian hackers had put passwords belonging to senior ministers, ambassadors and senior police officers up for sale online.

Details stolen in a hack of LinkedIn in 2012 have been sold on by criminal groups
Details stolen in a hack of LinkedIn in 2012 have been sold on by criminal groups (Enis Aksoy/iStock)

Two lists of stolen data included the log-in details of 1,000 British MPs and parliamentary staff, 7,000 police employees and more than 1,000 Foreign Office officials, The Times reported.

The information was believed to have been stolen from LinkedIn, MySpace and other smaller sites, with many passwords “easy to guess”, incorporating memorable numbers and relatives’ names.

Mr Alashe said it was too early to say whether the two incidents were directly connected but that they were part of the same issue.

He said criminal hackers “harvest information” including passwords, addresses and credit card numbers before selling them online, where they can be picked up and used by other actors, including foreign states.

“Many people use the same passwords for different accounts – it’s not unusual,” he added.

“That’s why so many attackers are after these things – once they compromise one account they can sell the password to be used to access others.”

Official guidance from the NCSC states that hackers use software that automatically predicts minor variations to passwords, including the substitution of letters for numbers, warning not to worsen vulnerability by using the same password for accounts at work and home.

The use of longer passwords including a mix of letters, symbols and numbers helps guard against brute force attacks.

Mr Alashe said 75 per cent known breaches take place “because of people rather than technology”, warning: “It doesn’t really matter how good systems are if we as people are making it easy for hackers.

Theresa May: We do need to have international regulations in cyber space to stop terrorism

“One of the most important things is for organisations to educate people on how they can be safe online.

“I don’t think the threat is getting worse, but attacks are happening more frequently.

“But that’s partly because so many people are much more connected digitally - there are so many more opportunities for people to be hacked.”

Members of the Commons and Lords were giving out alternative contact details on Saturday as work continued to secure parliamentary systems.

Henry Smith, the Conservative MP for Crawley, tweeted: “Sorry no parliamentary email access today – we're under cyber attack from Kim Jong-un, Putin or a kid in his mom's basement or something.”

Vladimir Putin has persistently denied allegations of state-sponsored Russian hacking and interference in foreign elections.

Donald Trump has refuted findings by US intelligence agencies that the Kremlin helped his election campaign with attacks on Ms Clinton, claiming the Democratic National Campaign hack could have been carried out by Russia, China or “somebody sitting on their bed who weighs 400 pounds”.

Fears of a cyber attack on Parliament increased following the successful hacks targeting emails related to Hillary Clinton and Emmanuel Macron’s presidential campaigns.

The UK was also rocked by the WannaCry ransomware attack that hit computers running outdated versions of Microsoft Windows around the world last month.

Infecting more than 230,000 computers in 150 countries, it had a devastating effect on the NHS as computers were left displaying only a page demanding bitcoin payments to decrypt files.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in