come on, start the fucking war already

Cyber-attack on UK parliament: Russia is suspected culprit
Ewen MacAskill, Rajeev Syal, Graun, Jun 25 2017

The Russian government is suspected of being behind a cyber-attack on parliament that breached dozens of email accounts belonging to MPs and peers. Although the investigation is at an early stage and the identity of those responsible may prove impossible to establish with absolute certainty, Moscow is deemed the most likely culprit. The disclosure follows the release of the first details of the “sustained” cyber-attack that began on Friday. Fewer than 90 email accounts belonging to parliamentarians are believed to have been hacked, a parliamentary spox said. Amid fears that the breach could lead to blackmail attempts, officials were forced to lock MPs out of their own email accounts as they scrambled to minimise the damage from the incident. The network affected is used by every MP including Theresa May, the prime minister, and her cabinet ministers for dealing with constituents. The British security services believe that responsibility for the attack is more likely to lie with another state rather than a small group of individual hackers. The number of states who might mount such an attack on the UK is limited, and, in addition to Russia, includes North Korea, China and Iran. A security source said:

It was a brute force attack. It appears to have been state-sponsored. The nature of cyber-attacks means it is notoriously difficult to attribute an incident to a specific actor.

MPs contacted by the Guardian said the immediate suspicion had fallen upon foreign governments such as Russia and North Korea, both of which have been accused of being behind hacking attempts in the UK before. The attack on the Houses of Parliament sought to gain access to accounts protected by weak passwords. The estate’s digital services team said they had made changes to accounts to block out the hackers, and that the changes could mean staff were unable to access their emails. A parliamentary spokesman said those whose emails were compromised had used weak passwords despite advice to the contrary. “Investigations are ongoing, but it has become clear that significantly fewer than 1% of the 9,000 accounts on the parliamentary network have been compromised, as a result of the use of weak passwords that did not conform to guidance issued by the Parliamentary Digital Service. He said:

As they are identified, the individuals whose accounts have been compromised have been contacted and investigations to determine whether any data has been lost are under way.

It comes just over a month after 48 of England’s NHS trusts were hit by a cyber-attack. Britain’s National Cyber Security Centre (NCSC) is understood to have played a leading role in investigating the WannaCry malware that affected the NHS and other organisations in May and concluded that a North Korean hacking team had been responsible. An NCSC spox said:

The NCSC is aware of the incident and is working around the clock with the UK parliamentary digital security team to understand what has happened and advise on the necessary mitigating actions.

The NCSC, which started its operations in October last year, is the public face of GCHQ. Liam Fox, the international trade secretary, connected the news to reports that cabinet ministers’ passwords were for sale online, saying:

We know that our public services are attacked so it is not at all surprising that there should be an attempt to hack into parliamentary emails. And it’s a warning to everybody, whether they are in parliament or elsewhere, that they need to do everything possible to maintain their own cyber-security.

An email sent to all those affected, seen by the Guardian, said:

Earlier this morning, we discovered unusual activity and evidence of an attempted cyber-attack on our computer network. Closer investigation by our team confirmed that hackers were carrying out a sustained and determined attack on all parliamentary user accounts in an attempt to identify weak passwords. These attempts specifically were trying to gain access to our emails. We have been working closely with the National Cyber Security Centre to identify the method of the attack and have made changes to prevent the attackers gaining access; however, our investigation continues. The changes are believed to have stopped MPs and their offices from accessing emails on mobile phones and tablets outside Westminster. Access to systems from the Westminster estate has not been affected. Further disruption is likely.

The government’s National Security Strategy said in 2015 that the threat from cyber-attacks from both organised crime and foreign intelligence agencies was one of the “most significant risks to UK interests.” The National Crime Agency said it was working with the NCSC but the centre was “leading the operational response.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s