Who hacked the UK parliament? Russian hackers suspected to be behind attempted theft of MPs' records

Those whose emails were breached by hackers in the cyberattack on the British parliament reportedly had weak passwordsREUTERS/Peter Nicholls

Authorities investigating the 12-hour-long cyberattack on the British parliament suspect the hand of Kremlin-linked hackers.

Russian hackers are suspected to have attempted to breach and steal sensitive data from MPs' email accounts, specifically targeting those with weak passwords.

The hackers breached less than 1% of parliament's 9,000 email addresses. Fewer than 90 email accounts of MPs were hacked, according to a parliamentary spokesperson.

Advertisement

The Guardian cited an unspecified security source as saying that the breach that began on Friday (23 June) was a "brute force attack" and that it "appears to have been state-sponsored".

"A simple brute force attack can normally be detected and blocked within a minute. This incident highlights once again that cybersecurity fundamentals are ignored even by the governments of leading countries," Ilia Kolochenko, CEO of security firm High-Tech Bridge, told IBTimes UK.

Although investigation is still in the early stages, Moscow is one of the primary suspects. MPs said that apart from Russia, suspicion has also fallen upon North Korea. Both nations are known to have launched cyberespionage campaigns against Britain in the past.

"Such an attack is very simple and cheap to organise, and virtually any teenager could be behind it. However, for this particular incident, I would abstain from blaming any state-sponsored hacking groups. Because with such an unacceptably-low level of security - they have likely already been reading all emails for many years without leaving a trace," Kolochenko told us.

A parliamentary spokesperson told the Guardian that the people whose emails were breached by hackers had weak passwords.

"Investigations are ongoing, but it has become clear that significantly fewer than 1% of the 9,000 accounts on the parliamentary network have been compromised as a result of the use of weak passwords that did not conform to guidance issued by the Parliamentary Digital Service," the spokesperson said.

"As they are identified, the individuals whose accounts have been compromised have been contacted and investigations to determine whether any data has been lost are under way."

Advertisement

The hackers hit the network used by both houses of parliament. The affected network is used by every MP, including Prime Minister Theresa May and members of her cabinet. The hackers attempted to gain access to MPs' accounts, which sparked fears among some of affected individuals that they could potentially be blackmailed by the hackers.

The cyberattack came on the heels of news breaking out about MPs' records being traded on Russian-speaking hacking forums on the dark web.

The incident is being investigated by the NCSC (National Cyber Security Centre), which said in a statement that it was "working around the clock with the UK parliamentary digital security team to understand what has happened and advise on the necessary mitigating actions".

"Today, two-factor authentication (2FA), advanced IP filtering and anomalies detection systems are a must-have for critical systems accessible from the internet. Strict password policies, regular audits for weak and non-compliant passwords are also vital for corporate security. However, apparently, none of these simple but efficient security controls were properly implemented," said Kolochenko.

© Copyright 2017 IBTimes Co., Ltd. All Rights Reserved.