BreachExchange mailing list archives
Was Parliament hacked by amateurs?
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 7 Jul 2017 23:37:42 -0500
http://www.itpro.co.uk/security/28920/was-parliament-hacked-by-amateurs Security experts had previously thought the Russian government was behind the attack European government sources have stated that the cyber attack on the UK Parliament last month was likely to have been carried out by amateur or private hackers rather than state-sponsored. As reported by Reuters, cyber security experts found that the hackers managed to access accounts of lawmakers who were using primitive and easy to discover passwords. The experts added that it still remains unclear who did carry out the attack. Investigators hope that this latest attack will convince politicians and other public figures to use more sophisticated passwords for their email and online activities. British authorities are not commenting publicly on the progress of investigations but an official said after the attack that "cyber threats to the UK come from criminals, terrorists, hacktivists as well as nation states". A number of security experts had speculated that the Russian government was behind the cyber attack on UK Parliament at the end of June, in which 90 MP accounts were breached. Security agents had thought that a foreign government was responsible for the attack rather than a criminal group. The brute-force style attack attempted to identify "weak passwords that did not conform to guidance issued by the Parliamentary Digital Service". Despite this, the breach highlighted the lack of stronger protection methods, such as two-factor authentication, on a network that holds government material. 26/06/2017: Russia suspected in cyber attack against UK Parliament Security experts speculate that the Russian government was behind the cyber attack against the UK Parliament over the weekend, in which 90 email accounts belonging to MPs were breached. An investigation has been launched following a "sustained" cyber-attack on Friday that led to the breach of around 90 email accounts, and while the identity of the attackers remains unknown, it's thought to have been state-sponsored. "We have discovered unauthorised attempts to access accounts of parliamentary networks users and are investigating this on-going incident, working closely with the National Cyber Security Centre," read a Parliamentary statement issued on Saturday. The attack targeted a network used by every Member of Parliament, including Theresa May and her cabinet. Remote access to the network has since been blocked as a precaution, according to the statement. Security agents believe that a foreign government, rather than a criminal group, carried out the attack, and that only Russia, China, North Korea or Iran would have the capabilities and motivation to do so, according to sources speaking to the Guardian. A Commons press office statement issued on Sunday revealed that fewer than 1% of the 9,000 accounts on the network were compromised. The on-going investigation has so far revealed a brute-force style attack that that attempted to identify "weak passwords that did not conform to guidance issued by the Parliamentary Digital Service". Password strength aside, the breach highlights a lack of two-factor authentication on a network that holds government material. Ilia Kolochenko, CEO of web security firm High-Tech Bridge, believes the incident highlights significant shortfalls in government security, and that it is ignoring "cyber security fundamentals". "Today, two-factor authentication (2FA), advanced IP filtering and anomalies detection systems are a must-have for critical systems accessible from the Internet," said Kolochenko. "Strict password policies, regular audits for weak and non-compliant passwords are also vital for corporate security. However, apparently, none of these simple but efficient security controls were properly implemented." The attack followed the release of a report by the Times, which revealed that usernames and passwords of thousands of MPs, police employees and government staff were being traded online by Russian hackers. The government has said it has informed those individuals whose email accounts have been compromised, and an investigation to determine what data has been lost is underway. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Was Parliament hacked by amateurs? Destry Winant (Jul 10)