[BreachExchange] Election candidates warned about phishing attempts

Destry Winant destry at riskbasedsecurity.com
Fri May 19 03:37:12 EDT 2017


http://www.bbc.com/news/technology-39947628

Candidates in the general election have been asked to look through
their emails for signs that they have been targeted by a phishing
attack.

The list of potential targets includes recent MPs.

The National Cyber Security Centre (NCSC), which is part of GCHQ,
disclosed the request in a document released early on 16 May.

The BBC understands that the number of victims is currently understood
to be in single figures.

Candidates have been asked to look for suspicious emails received
after Jan 2017.

The NCSC declined to say if any data had been taken.

A report in the Financial Times said it was "likely" that the phishing
campaign had been orchestrated by a state.

In a document titled Phishing: guidance for political parties and
their staff, the centre says it has "become aware of phishing attacks
to gain access to the online accounts of individuals that were MPs
before dissolution of Parliament" and "other staff who work in
political parties".

The NCSC said the attacks were likely to continue "and may be sent to
parliamentary email addresses, prospective parliamentary candidates,
and party staff".

'Personal emails targeted'

The BBC understands that so far victims' personal emails have been
affected but no successful phishing attempts have been made via
parliamentary email addresses.

It is believed that the NCSC has contacted the Electoral Commission
about the threat and that the commission will help to alert
candidates.

The centre said that potential victims should look out for "unexpected
requests to reset your password for online or social media accounts
(such as Apple, Google, Microsoft, Facebook or Twitter)".

"Or you might have been asked to approve changes to your account that
you've not requested."

The NCSC did not say whether it knew who was behind the phishing campaign.

Analysis by Gordon Corera, security correspondent, BBC News

The warnings to political parties come as cyber-security officials
brace themselves for some kind of incident during the elections.

No-one can be sure that anything will take place, but the experience
of the US and more recently France has led them to believe that some
kind of theft and then dump of information is possible.

In both those cases, a Russian hand is suspected.

Intelligence agencies have historically kept their distance from the
communication of politicians due to the doctrine that says MPs should
not be monitored.

But parties and politicians themselves have been asking for advice and
guidance in recent months amid growing concerns.


Concern about elections being targeted by hackers has been running
high, following the attack on the Democratic National Committee during
the US presidential election.

US authorities attributed that incident to Russia and said that a
significant component of the attack involved phishing.

More recently, the electoral campaign of President Emmanuel Macron in
France was targeted by a similar campaign.

The NCSC has said the UK has "systems in place to defend against
electoral fraud at all levels and [we] have seen no successful
cyber-intervention in UK democratic processes".

The BBC understands that since last month, the NCSC has delivered
cyber-security seminars to the UK's political parties, with the aim of
helping them reduce the risk of succumbing to an attack.

Advice has also been offered to local authorities and the electoral commission.


More information about the BreachExchange mailing list