On Friday it emerged that a number of MP’s email accounts were attacked, which was described as a “sustained and determined” cyber attack, becoming the latest victims in a cyber security scare.
The attack locked MPs and other Westminster staff, a total of 10,000 people, out of their email on their mobile phones and tablets. Everyone was urged to change their passwords as a result. Senior cabinet members were affected by the breach but it’s uncertain if prime minister Theresa May’s email account was amongst the comprised accounts as Downing Street insisted she does not use her parliamentary email account.
Westminsters officials believe the hackers used a brute-force attack, a method which involves using a piece of software that decodes passwords by trying thousands of possible alphanumeric combinations until the right match is found. It’s easy to block brute-force attacks which leaves us wondering why Westminster’s IT didn’t have something effective in place to prevent this kind of attack.
It’s “inevitable” that information was stolen in the attack according to The Sunday Times who cites a senior Westminster official.
So who is behind this attack? Well it’s too early to say for sure but some are already pointing to Russia, who has been accused of hacking the email accounts of US politicians to influence the outcome of the US election last year. There are other theories too of course:
Sorry no parliamentary email access today – we're under cyber attack from Kim Jong Un, Putin or a kid in his mom's basement or something…
— Henry Smith MP (@HenrySmithUK) June 24, 2017
The lesson to take from this is to change your password frequently and use special characters within the password, not just letters and numbers. If two-factor authentication is an option choose that instead.
