Reading:
Members of Parliament and Peers fall victim to brute force hacking attack
Share:
Home Office data breaches government data breach leak

Members of Parliament and Peers fall victim to brute force hacking attack

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

A cyber-attack on the U.K Parliament has prompted concerns over national security as rumours are pointing the finger-of-blame towards a hostile state for the hack.

On the 23rd June 2017, a “sustained and determined cyber attack” was carried out. The hacker(s) attacked MP and Peer IT systems to reportedly get into their email accounts, and were successful in gaining access into 90 accounts.

Although this is only 1% of the 9,000 accounts on the same system, it’s nevertheless worrying in terms of exactly what information hackers may have obtained…

The hacking was done by brute force attacking which is where cyber criminals try to gain access by guessing passwords again and again. With the assistance of simple software, criminals can try hundreds to thousands of passwords in minutes by getting the software to keep guessing them. So there’s very little work on their part.

If a simple password is short and made up of a few lower case letters, hackers could easily guess the password using brute force software. Computerised software can try a huge number of permutations for all the letters in the alphabet and eventually guess the password.

In this case, users who perhaps may have used things like ‘password’, ‘parliament’ or ‘qwerty’ as a password are the ones that can easily end up hacked within minutes.

All passwords ordered to be changed

This simple attack method can be very effective when users have a simple password, and it seems even our legislation makers can’t escape a “telling off” by security experts for using weak passwords. All MPs and Peers have been ordered to change their passwords to make sure they’re updated as well as strong. After the first signs of hacking, accounts were frozen and systems shut down to prevent further damage.

State-sponsored attack?

Given the nature of the hacked users’ position in U.K Parliament, there is uneasiness as to the security of information contained in emails. The Guardian newspaper believes the brute force attack may have been state-sponsored; North Korea and Russia being the main suspects.

The Times Newspapers reported that “Email addresses and passwords used by Justine Greening, the education secretary, and Greg Clark, the business secretary, are among stolen credentials of tens of thousands of government officials that were sold or bartered on Russian-speaking hacking sites. They were later made freely available”. However, given the reportedly unsophisticated method of attack, there are doubts as to whether a nation state is behind it.

Blackmail on the horizon?

With the new trend of ransomware this year, we wouldn’t be surprised if cyber-criminals looked to blackmail MPs and Peers with the threat of releasing sensitive information that could compromise national security. Even if the emails themselves didn’t contain sensitive information, the hacked passwords could be used for different accounts that do. An investigation has begun to check if and what information has been stolen, and what needs to be done to mitigate any damage.

A spokesperson stated:

“We are continuing to investigate this incident and take further measures to secure the computer network, liaising with the National Cyber Security Centre (NCSC). We have systems in place to protect member and staff accounts and are taking the necessary steps to protect our systems.”

This is yet another tale of warning to those who use simple passwords or reuse the same password for multiple accounts.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon