[BreachExchange] Was Parliament hacked by amateurs?

Destry Winant destry at riskbasedsecurity.com
Sat Jul 8 00:37:42 EDT 2017


http://www.itpro.co.uk/security/28920/was-parliament-hacked-by-amateurs

Security experts had previously thought the Russian government was
behind the attack

European government sources have stated that the cyber attack on the
UK Parliament last month was likely to have been carried out by
amateur or private hackers rather than state-sponsored.

As reported by Reuters, cyber security experts found that the hackers
managed to access accounts of lawmakers who were using primitive and
easy to discover passwords. The experts added that it still remains
unclear who did carry out the attack.

Investigators hope that this latest attack will convince politicians
and other public figures to use more sophisticated passwords for their
email and online activities.

British authorities are not commenting publicly on the progress of
investigations but an official said after the attack that "cyber
threats to the UK come from criminals, terrorists, hacktivists as well
as nation states".

A number of security experts had speculated that the Russian
government was behind the cyber attack on UK Parliament at the end of
June, in which 90 MP accounts were breached. Security agents had
thought that a foreign government was responsible for the attack
rather than a criminal group.

The brute-force style attack attempted to identify "weak passwords
that did not conform to guidance issued by the Parliamentary Digital
Service". Despite this, the breach highlighted the lack of stronger
protection methods, such as two-factor authentication, on a network
that holds government material.

26/06/2017: Russia suspected in cyber attack against UK Parliament

Security experts speculate that the Russian government was behind the
cyber attack against the UK Parliament over the weekend, in which 90
email accounts belonging to MPs were breached.

An investigation has been launched following a "sustained"
cyber-attack on Friday that led to the breach of around 90 email
accounts, and while the identity of the attackers remains unknown,
it's thought to have been state-sponsored.

"We have discovered unauthorised attempts to access accounts of
parliamentary networks users and are investigating this on-going
incident, working closely with the National Cyber Security Centre,"
read a Parliamentary statement issued on Saturday.

The attack targeted a network used by every Member of Parliament,
including Theresa May and her cabinet. Remote access to the network
has since been blocked as a precaution, according to the statement.

Security agents believe that a foreign government, rather than a
criminal group, carried out the attack, and that only Russia, China,
North Korea or Iran would have the capabilities and motivation to do
so, according to sources speaking to the Guardian.

A Commons press office statement issued on Sunday revealed that fewer
than 1% of the 9,000 accounts on the network were compromised. The
on-going investigation has so far revealed a brute-force style attack
that that attempted to identify "weak passwords that did not conform
to guidance issued by the Parliamentary Digital Service".

Password strength aside, the breach highlights a lack of two-factor
authentication on a network that holds government material. Ilia
Kolochenko, CEO of web security firm High-Tech Bridge, believes the
incident highlights significant shortfalls in government security, and
that it is ignoring "cyber security fundamentals".

"Today, two-factor authentication (2FA), advanced IP filtering and
anomalies detection systems are a must-have for critical systems
accessible from the Internet," said Kolochenko. "Strict password
policies, regular audits for weak and non-compliant passwords are also
vital for corporate security. However, apparently, none of these
simple but efficient security controls were properly implemented."

The attack followed the release of a report by the Times, which
revealed that usernames and passwords of thousands of MPs, police
employees and government staff were being traded online by Russian
hackers.

The government has said it has informed those individuals whose email
accounts have been compromised, and an investigation to determine what
data has been lost is underway.


More information about the BreachExchange mailing list