The UK Parliament has come under a “sustained and determined” cyber-attack aimed at MPs and their offices, HuffPost UK can reveal.
The House of Commons and Lords were targeted by hackers on Friday morning in a bid to identify weak passwords of “all Parliamentary user accounts”, Westminster sources said.
In response, security teams have “made changes”, including curbs on remote access and mobile phone accounts, to prevent the attackers breaking their way into the system.
The origin of the attack is still being investigated.
PA Wire/PA Images
The UK’s specialist National Cyber Security Centre in London.
MPs have long feared a cyber-assault and intelligence sources told the Financial Times last month that MPs were targeted earlier this year amid fears that all the political parties were under threat ahead of the general election.
That previous attack – believed to be the work of a foreign state – focused on fewer than 10 MPs, as well as their political staff, as those targeted were sent fake “phishing” emails as a way into their computers.
But Friday’s incident was unprecedented because it appears to have targeted all Parliamentary addresses.
An email passed to HuffPost UK reveals the seriousness of the incident as hackers were found to have been “carrying out a sustained and determined attack on all Parliamentary user accounts in attempt to identify weak passwords”.
After HuffPost was sent the email, Lib Dem peer Lord Rennard and Labour MP Ian Austin tweeted their difficulties with remote access.
Only this week, the Times reported that passwords belonging to British politicians, diplomats and senior police officers had been traded by Russian hackers.
The majority of them were said to have been compromised in a 2012 hacking raid on the business social network LinkedIn, in which millions of users’ details were stolen.
The National Cyber Security Centre (NCSC), an arm of the intelligence surveilliance agency GCHQ, released guidance on Friday in response to the LinkedIn attack.
GCHQ earlier this year asked the Electoral Commission to warn all political parties of the potential threat of hacking in the run up to the June 8 poll.
NCSC has already offered “24/7” assistance to political candidates to guard against “phishing” and other back-door attempts to break into their data and private details.
A Cabinet Office spokeswoman told HuffPost UK: “The NCSC is aware of the incident and is working around the clock with the UK Parliamentary digital security team to understand what has happened and advise on the necessary mitigating actions.”
A Parliamentary spokesperson said: “The Houses of Parliament have discovered unauthorised attempts to access parliamentary user accounts.
“We are continuing to investigate this incident and take further measures to secure the computer network, liaising with the National Cyber Security Centre.
“We have systems in place to protect member and staff accounts and are taking the necessary steps to protect our systems.”
Emmanuel Macron and Theresa May
Politicians across Western Europe have been on high alert for possible Russian interference in their online networks, not least after US intelligence officials accused Moscow of trying to influence the Presidential election in 2016.
French intelligence believed that Russia behind the leaking of emails from Emmanuel Macron’s En Marche party on the eve of the French Presidential election last month.
A former US intelligence expert told the Guardian recently that a British political party could soon be the victim of a hack similar to those suffered by the Clinton and Macron presidential campaigns.
James Norton, a former official at the US Department of Homeland Security and head of the security consultancy Play-Action Strategies, told the paper: “It wouldn’t surprise me if there’s already been some emails stolen … it would surprise me if it didn’t happen.”
The NHS was targeted by hackers in a huge attack last month, with hospitals and GPs’ surgeries forced turn patients away.