Was Iran behind Parliament's email hack?

Iran may be the origin of June's attack on Parliament email accounts - report

Who hacked Parliament? First the blame was laid at Russia's door, then the culprits were suggested to be amateur hackers who got lucky. Now, a secret intelligence assessment is pointing the finger at Iran, according to a report in the Times.  

The report cites sources as saying the June hack which compromised 90 accounts, including some 30 used by MPs was run by the Iranian Revolutionary Guard.

Advertisement - Article continues below

But while the report suggested the hackers were "highly capable actors", sources told the newspaper that the attack wasn't particularly sophisticated, chucking traffic at email accounts in a brute force attack.

The sources suggested the hackers were testing their own abilities and left behind a "calling card" claiming the attack.

Of course, Iran isn't the first nation to be blamed for the attack, with Russia previously implicated.

If Iran was behind the incident, it would mark the first time the country is known to have directly attacked the British government, and comes at an awkward time as prime minister Theresa May attempts to defend a deal signed by former US president Obama and Iran on its nuclear programme.

The National Cyber Security Centre and National Crime Agency continue to investigate, and haven't blamed any individual or nation state as of yet.

Advertisement
Advertisement - Article continues below

06/07/2017: Was Parliament hacked by amateurs? 

European government sources have stated that the cyber attack on the UK Parliament last month was likely to have been carried out by amateur or private hackers rather than state-sponsored.

Advertisement - Article continues below

As reported by Reuters, cyber security experts found that the hackers managed to access accounts of lawmakers who were using primitive and easy to discover passwords. The experts added that it still remains unclear who did carry out the attack.

Investigators hope that this latest attack will convince politicians and other public figures to use more sophisticated passwords for their email and online activities.

British authorities are not commenting publicly on the progress of investigations but an official said after the attack that "cyber threats to the UK come from criminals, terrorists, hacktivists as well as nation states".

A number of security experts had speculated that the Russian government was behind the cyber attack on UK Parliament at the end of June, in which 90 MP accounts were breached. Security agents had thought that a foreign government was responsible for the attack rather than a criminal group.

The brute-force style attack attempted to identify "weak passwords that did not conform to guidance issued by the Parliamentary Digital Service". Despite this, the breach highlighted the lack of stronger protection methods, such as two-factor authentication, on a network that holds government material.

Advertisement - Article continues below

26/06/2017: Russia suspected in cyber attack against UK Parliament

Security experts speculate that the Russian government was behind the cyber attack against the UK Parliament over the weekend, in which 90 email accounts belonging to MPs were breached.

An investigation has been launched following a "sustained" cyber-attack on Friday that led to the breach of around 90 email accounts, and while the identity of the attackers remains unknown, it's thought to have been state-sponsored.

Advertisement
Advertisement - Article continues below

"We have discovered unauthorised attempts to access accounts of parliamentary networks users and are investigating this on-going incident, working closely with the National Cyber Security Centre," read a Parliamentary statement issued on Saturday.

The attack targeted a network used by every Member of Parliament, including Theresa May and her cabinet. Remote access to the network has since been blocked as a precaution, according to the statement.

Security agents believe that a foreign government, rather than a criminal group, carried out the attack, and that only Russia, China, North Korea or Iran would have the capabilities and motivation to do so, according to sources speaking to the Guardian.

A Commons press office statement issued on Sunday revealed that fewer than 1% of the 9,000 accounts on the network were compromised. The on-going investigation has so far revealed a brute-force style attack that that attempted to identify "weak passwords that did not conform to guidance issued by the Parliamentary Digital Service".

Advertisement - Article continues below

Password strength aside, the breach highlights a lack of two-factor authentication on a network that holds government material. Ilia Kolochenko, CEO of web security firm High-Tech Bridge, believes the incident highlights significant shortfalls in government security, and that it is ignoring "cyber security fundamentals".

"Today, two-factor authentication (2FA), advanced IP filtering and anomalies detection systems are a must-have for critical systems accessible from the Internet," said Kolochenko. "Strict password policies, regular audits for weak and non-compliant passwords are also vital for corporate security. However, apparently, none of these simple but efficient security controls were properly implemented."

The attack followed the release of a report by the Times, which revealed that usernames and passwords of thousands of MPs, police employees and government staff were being traded online by Russian hackers.

The government has said it has informed those individuals whose email accounts have been compromised, and an investigation to determine what data has been lost is underway.

Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now
Advertisement
Advertisement

Recommended

Visit/security/vulnerability/355276/businesses-brace-for-second-fujiwhara-effect-of-2020-as-patch-tuesday
vulnerability

Businesses brace for second 'Fujiwhara effect' of 2020 as Patch Tuesday looms

9 Apr 2020
Visit/security/cyber-security/355267/zoom-hires-ex-facebook-cso-to-boost-platform-security
cyber security

Zoom hires ex-Facebook CSO Alex Stamos to boost platform security

8 Apr 2020
Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/software/video-conferencing/355257/taiwan-first-country-to-ban-zoom-amid-security-concerns
video conferencing

Taiwan becomes first country to ban Zoom amid security concerns

8 Apr 2020
Visit/security/cyber-security/355271/microsoft-gobbles-up-corpcom-domain-to-keep-it-from-hackers
cyber security

Microsoft gobbles up corp.com domain to keep it from hackers

8 Apr 2020