The recent cyber-attack on the parliament that compromised around 90 email accounts of MPs were backed by the Russian government, security services believe.
The UK parliamentary digital security team and other agencies feel that the Russian government is behind the recent cyber-attacks on parliament.
On Friday, it came to light that hackers had infiltrated as many as 90 email accounts belonging to MPs including Prime Minister Theresa May as well as several of her cabinet colleagues. A parliamentary spokesman confirmed that these accounts were protected by weak passwords that were exploited by hackers.
“Investigations are ongoing, but it has become clear that significantly fewer than 1% of the 9,000 accounts on the parliamentary network has been compromised, as a result of the use of weak passwords that did not conform to guidance issued by the Parliamentary Digital Service," said the spokesman.
Russian hackers trading email addresses and passwords of British MPs
“As they are identified, the individuals whose accounts have been compromised have been contacted and investigations to determine whether any data has been lost are under way,” he said.
Security services believe that hackers may use information gained from the compromised email accounts to blackmail MPs, and have thus made changes to these accounts and have also locked out affected MPs from their respective email accounts.
Security services also believe that the sustained cyber-attacks were state-sponsored and while the Russian government is a prime suspect, China, North Korea and Iran may have played a part as well. “It was a brute force attack. It appears to have been state-sponsored. The nature of cyber-attacks means it is notoriously difficult to attribute an incident to a specific actor,” said a security official to The Guardian.
Back in 2012, a cyber-attack on LinkedIn helped Russian hackers gain access to email addresses and passwords belonging to thousands of British MPs, parliamentary staff, and other top officials. According to a recent report from The Times, 'private log-in details of 1,000 British MPs and parliamentary staff, 7,000 police employees and more than 1,000 Foreign Office officials' are now freely available on websites run by Russian hackers.
Putin calls Russian hackers 'patriotically minded' and 'free-spirited'
Overall, 2,944 of all hacked email addresses and passwords belonged to officials at the Department for Work and Pensions, 1,442 to officials at the Department of Health, 1,392 to officials at the Foreign & Commonwealth Office and 938 to officials at the Ministry of Justice. Hackers had reportedly gained access to email accounts that featured weak passwords.
"The truth is that we make it too easy for cyber attackers to tap into our online accounts and data by leaving our log-in credentials unchanged for years at a time – or using insecure passwords which are far too obvious," said Andre Stewart, VP for EMEA at Netskope.
Back in May, The National Cyber Security Centre had warned that British MPs were being exclusively targeted by hackers via phishing e-mails. The agency advised ministers and their staff to guard against phishing e-mails that asked MPs to disclose IDs and passwords of their personal accounts or to log into fake websites.
Russian hackers orchestrated spear-phishing campaign ahead of US Elections, says leaked NSA report
"Attackers might send legitimate-looking password reset emails, urgent-sounding messages about financial problems, account change notifications requests, or links to documents that require you to log in with passwords," said the agency.
"The emails are very convincing and could arrive at an individual’s personal or work email account, perhaps even appearing to come from someone known to the recipient," it added. It also warned that phishing attacks were likely to continue and that MPs should desist from sharing their passwords with unknown recipients.
Despite such warnings, the fact that 90 email accounts belonging to MPs were compromised last week points to the fact that cyber-security practices are not being followed despite numerous warnings from national security agencies.
"People often use the same password for multiple sites, even for accessing work-essential applications and services, and do not change them for years; this means that when these credentials are harvested, as we can see in this instance, it can have serious repercussions. As we can see, hackers might sit on these for a number of years, lulling people into a false sense of security; so our advice is always the same, be careful and change your passwords regularly," said Rashmi Knowles CISSP, EMEA Field CTO at RSA.