A cyber-attack on the U.K Parliament has prompted concerns over national security as rumours are pointing the finger-of-blame towards a hostile state for the hack.
On the 23rd June 2017, a “sustained and determined cyber attack” was carried out. The hacker(s) attacked MP and Peer IT systems to reportedly get into their email accounts, and were successful in gaining access into 90 accounts.
Although this is only 1% of the 9,000 accounts on the same system, it’s nevertheless worrying in terms of exactly what information hackers may have obtained…
The hacking was done by brute force attacking which is where cyber criminals try to gain access by guessing passwords again and again. With the assistance of simple software, criminals can try hundreds to thousands of passwords in minutes by getting the software to keep guessing them. So there’s very little work on their part.
If a simple password is short and made up of a few lower case letters, hackers could easily guess the password using brute force software. Computerised software can try a huge number of permutations for all the letters in the alphabet and eventually guess the password.
In this case, users who perhaps may have used things like ‘password’, ‘parliament’ or ‘qwerty’ as a password are the ones that can easily end up hacked within minutes.
All passwords ordered to be changed
This simple attack method can be very effective when users have a simple password, and it seems even our legislation makers can’t escape a “telling off” by security experts for using weak passwords. All MPs and Peers have been ordered to change their passwords to make sure they’re updated as well as strong. After the first signs of hacking, accounts were frozen and systems shut down to prevent further damage.
State-sponsored attack?
Given the nature of the hacked users’ position in U.K Parliament, there is uneasiness as to the security of information contained in emails. The Guardian newspaper believes the brute force attack may have been state-sponsored; North Korea and Russia being the main suspects.
The Times Newspapers reported that “Email addresses and passwords used by Justine Greening, the education secretary, and Greg Clark, the business secretary, are among stolen credentials of tens of thousands of government officials that were sold or bartered on Russian-speaking hacking sites. They were later made freely available”. However, given the reportedly unsophisticated method of attack, there are doubts as to whether a nation state is behind it.
Blackmail on the horizon?
With the new trend of ransomware this year, we wouldn’t be surprised if cyber-criminals looked to blackmail MPs and Peers with the threat of releasing sensitive information that could compromise national security. Even if the emails themselves didn’t contain sensitive information, the hacked passwords could be used for different accounts that do. An investigation has begun to check if and what information has been stolen, and what needs to be done to mitigate any damage.
A spokesperson stated:
“We are continuing to investigate this incident and take further measures to secure the computer network, liaising with the National Cyber Security Centre (NCSC). We have systems in place to protect member and staff accounts and are taking the necessary steps to protect our systems.”
This is yet another tale of warning to those who use simple passwords or reuse the same password for multiple accounts.