Hackers launch fresh cyber assault on MPs’ passwords

CERT-LatestNews Security News ThreatsCybercrime Uncategorized

Hackers are calling MPs and trying to trick them into revealing their personal parliamentary details, The Telegraph can disclose.

Politicians and aides have been warned that hackers are posing as parliamentary officials asking for their passwords.

The warning comes just a week after Parliament suffered its biggest ever cyber attack as hackers launched a “sustained and determined” attempt to break into emails. Parliament was forced to lock MPs out of their accounts.

MPs in the House of Commons 

Last week Parliament suffered its biggest ever cyber attack Credit: PA

However, in an email seen by The Telegraph, parliamentary officials have said that hackers are still attempting to gain access.

The message sent to MPs and staff on Thursday warned: “This afternoon we’ve heard reports of parliamentary users being telephoned and asked for their parliamentary username and password.

“The caller is informing users that they have been employed by the digital service to help with the cyber attack. These calls are not from the digital service. We will never ask you for your password.”

 Parliament was forced to lock MPs out of their own accounts last week  

 Parliament was forced to lock MPs out of their own accounts last week  

MPs and their staff have also been warned that Parliament’s cyber security “is only as strong as the weakest password set by our users”.

Last week’s assault lasted for more than 12 hours as unknown hackers repeatedly targeted “weak” passwords of staff. Security sources said the attack was the biggest they could remember.

They described it as a “brute force” attack, which involves firing messages at email accounts in an attempt to find a weak password and gain entry.

The network affected is used by every MP, including Theresa May, the Prime Minister, and her Cabinet ministers, for dealing with constituents.

It remains unclear whether the hackers were successful in gaining access. The investigation is ongoing.

A government website has breached the security of 68,000 users, including civil servants, by making their names, email addresses and passwords available online.

The Cabinet Office, which blamed human error for the breach, said the details were publicly available on data.gov.uk, which publishes charts and graphs of public data and is widely used across Whitehall. It was unable to say whether MPs were among the users whose details were available.

A parliamentary spokesman said: “On Thursday afternoon a small number of parliamentary users were telephoned and asked for their parliamentary username and password by a caller claiming to be employed by ‘Windows’ on behalf of the Parliamentary Digital Service to help with the cyber attack. 

“No usernames or passwords were disclosed in these calls.”