SNP MP Stewart McDonald says Russia-linked hackers hacked his private email account

Scottish National Party MP Stewart McDonald has told the BBC that his email account was hacked by threat actors allegedly linked to Russia.

The SNP’s Stewart McDonald said that his email account was compromised on January 13 after he opened an email sent by one of his staff members to his private email account. 

 

McDonald,  the MP for Glasgow South, was the defence spokesperson for the SNP till last year and followed the Ukraine-Russia war closely.

McDonald said the email that was sent from his staff member’s genuine account contained a password-protected file with military updates on Ukraine. When he clicked on the document, it brought up the email login page, which he filled in, and the document turned out to be a blank page.

After a few days, the staff member, from whose account the email was sent to McDonald, was locked out of his personal account due to suspicious activity. That is when McDonald spoke to the staff member and realized that the latter did not send the email on January 13.

In a tweet, McDonald said, “Over the past couple of weeks I have been dealing with a sophisticated and targeted spear phishing hack of my personal email account, and the personal email account belonging to one of my staff. These hacks are a criminal offence.”

 

The security incident has been reported to the National Cyber Security Centre. An NCSC spokesperson shared the following statement with BBC:

“An incident has been reported to us and we are providing the individual with support. The NCSC regularly provides security briefings and guidance to parliamentarians to help them defend against the latest cyber threats. This includes expert advice for MPs and their staff available on the NCSC website.”

McDonald added that the reason he went public with the news was to warn others of such spear-phishing attacks and to pre-empt any publication sharing them.

“If it is indeed a malicious state-backed group, then, in line with what I’ve seen elsewhere, I expect them to dump some of the information online.

“And I can expect them to manipulate and fake some of that content and I want to get out ahead of that to ensure any disinformation attack against me is discredited before it’s even published,” McDonald told the BBC.

“Although attempts to hack my parliamentary account are continuous – as is the case for all MPs – these have not been successful. I want to assure constituents that their information is secure. My private account is not used for constituency or parliamentary business,” he tweeted.

According to the BBC, the Seaborgium hacking group is behind the security incident. This group has been linked to Russian security services and has conducted targeted campaigns against high-profile figures, including politicians, activists and journalists.

Commenting on the news, Javvad Malik, lead security awareness advocate at KnowBe4, said, “When we see nation-state attacks or those by organised cyber criminals, the most popular way of attack is through social engineering - of which phishing is the preferred method.

“This appears to be a targeted attack, where the attackers researched and sent an email which they knew had a high likelihood of fooling the victim. It is why it’s vitally important to provide timely and relevant security awareness and training to end users so that they are aware of the threats that they face and are better placed to identify and report them.

“From a technical perspective, had multi-factor authentication (MFA) been implemented, even if criminals had gained access to an individual’s email address and password, they still would have been unable to log on.

“From a monitoring perspective, it is possible to detect when new logins occur, whether that be from new devices, or from a different location. All these can raise alarms to allow security teams to investigate potentially suspicious logins. It highlights why defence in depth across people, processes, and technology is important and why everyone needs to take cybersecurity seriously,” Malik added.