UK parliamentary email compromised after 'sustained and determined cyber attack'
Brute force attack on weak passwords, cracked <90 email accounts
The Parliament of the United Kingdom has admitted it experienced a “sustained and determined cyber attack” over the weekend and says <90 email accounts have been compromised as a result.
The event struck on Saturday and late that evening Parliament issued a ”Statement regarding cyber incident” admitting that “We have discovered unauthorised attempts to access accounts of parliamentary networks users and are investigating this ongoing incident”.
The Parliamentary IT team “temporarily restricted remote access to the network” and warned that “As a result, some Members of Parliament and staff cannot access their email accounts outside of Westminster.” The Register understands that the email accounts cover members of Parliament, from the prime minister down, plus thousands of salaried staffers. All other IT services continued to work well. Unlike the recently-hung Parliament. Boom-tish. Here all week. But we digress.
By Sunday the Commons Press Office updated the nation on the incident, as follows.
Updated statement regarding cyber incident pic.twitter.com/c7JMvBWUgk— Commons Press Office (@HoCPress) June 25, 2017
The Parliamentary Digital Service later weighed in and said “Closer investigation by our team confirmed that hackers were carrying out a sustained and determined attack on all parliamentary user accounts in an attempt to identify weak passwords. These attempts specifically were trying to gain access to users emails.”
Which are, after all, a juicy target if they've left sensitive stuff in their inboxes, or if Parliamentary email credentials let attackers get deeper into Parliamentary resources.
Cutting off remote access appears to have stymied that attack quite quickly and effectively, while leaving the United Kingdom's elected representatives tragically and undemocratically unable to respond to constituents concerns late on Saturday night and through a big slab of Sunday.
The UK's cyber defence apparatus swung into action more or less as planned – the National Cyber Security Centre acknowledged the incident on Saturday night and and said “it is working around the clock with the UK Parliamentary digital security team to understand what has happened and advise on the necessary mitigating actions.” The Parliamentary Digital Service was also swift to explain matters.
Left unexplained is why Parliamentary staffers are able to set sub-standard passwords and what resources are available to those who manage. The Register has asked those questions and will update this story or pen a new one as information comes to hand. ®
Sponsored: Becoming a Pragmatic Security Leader