- PA Images
UK Parliament has locked MPs and peers out of their own email accounts after hackers tried to guess their passwords and gain access.
The attack took place on Saturday, and some MPs have been unable to access emails all weekend from anywhere outside Westminster.
Hackers attempted a “brute force” attack, where they try and guess email passwords through trial and error. The weaker your password, the easier it is to break into your account.
On Saturday, a Parliamentary spokesman said the IT team had discovered “unauthorised attempts to access accounts of parliamentary network users”, and that it was blocking some remote access as a precaution. To be clear: it wasn’t hackers who locked MPs out of their accounts.
The issue would potentially impact anyone with emails on the parliament.uk domain. While that affects the constituency email addresses for the prime minister and Cabinet ministers, they conduct more sensitive departmental business on the gov.uk domain, sources told Sky News.
By Sunday, the Commons press office issued an updated statement saying the attack had affected fewer than 90 email accounts. The IT team is still investigating whether the hackers gained access to anything useful, but both Houses of Parliament will still meet as usual today.
The press office blamed the few compromised accounts on “weak passwords that did not conform to guidance” by Parliament’s IT services.
The National Cyber Security Centre, set up to protect the UK’s critical infrastructure from attack, is also now involved. It said in a statement: “The NCSC is aware of an incident and is working around the clock with the UK Parliamentary digital security team to understand what has happened and advise on the necessary mitigating actions.”
Some MPs are still unable to access their emails remotely. Plaid Cymru politician Hywel Williams said he wasn’t able to read messages, instead accessing “a blank screen.” He added that he’d been told “no information has been stolen.”
My e-mail is not working and has been down all weekend. Anyone wishing to contact me please phone 01286 672076
— Hywel Williams AS/MP (@HywelPlaidCymru) June 26, 2017
British security services think another state might be behind the attack, like Russia, according to The Sunday Times. But a security source also told the paper it was difficult to attribute the attack to any one culprit.
Some MPs also told the newspaper they were worried about the prospect of blackmail, if hackers successfully gained access to politicians’ accounts.
But other MPs made light of this on Twitter. Labour MP Wes Streeting wrote: “I’m not sure what they expected to find: some 38 degrees messages, diary requests and MPs touting themselves for committee elections?”
I'm not sure what they expected to find: some 38 degrees messages, diary requests and MPs touting themselves for committee elections? https://t.co/zZoi09H6lR
— Wes Streeting MP (@wesstreeting) June 25, 2017
If the Russians would like to join the battle to get more regular grass cutting in local parks I'm sure they will enjoy my emails. https://t.co/DD6IRrYfHD
— Jess Phillips (@jessphillips) June 26, 2017
Even if the attack doesn’t appear to be serious, it’s a worrying development after reports that Russian hackers interfered with both the French and US elections.
It also comes weeks after a massive cyberattack sent the NHS and other organisations around the world into chaos.