Was Iran behind Parliament's email hack?

Iran may be the origin of June's attack on Parliament email accounts - report

Who hacked Parliament? First the blame was laid at Russia's door, then the culprits were suggested to be amateur hackers who got lucky. Now, a secret intelligence assessment is pointing the finger at Iran, according to a report in the Times.  

The report cites sources as saying the June hack which compromised 90 accounts, including some 30 used by MPs was run by the Iranian Revolutionary Guard.

Advertisement - Article continues below

But while the report suggested the hackers were "highly capable actors", sources told the newspaper that the attack wasn't particularly sophisticated, chucking traffic at email accounts in a brute force attack.

The sources suggested the hackers were testing their own abilities and left behind a "calling card" claiming the attack.

Of course, Iran isn't the first nation to be blamed for the attack, with Russia previously implicated.

If Iran was behind the incident, it would mark the first time the country is known to have directly attacked the British government, and comes at an awkward time as prime minister Theresa May attempts to defend a deal signed by former US president Obama and Iran on its nuclear programme.

The National Cyber Security Centre and National Crime Agency continue to investigate, and haven't blamed any individual or nation state as of yet.

Advertisement
Advertisement - Article continues below

06/07/2017: Was Parliament hacked by amateurs? 

European government sources have stated that the cyber attack on the UK Parliament last month was likely to have been carried out by amateur or private hackers rather than state-sponsored.

Advertisement - Article continues below

As reported by Reuters, cyber security experts found that the hackers managed to access accounts of lawmakers who were using primitive and easy to discover passwords. The experts added that it still remains unclear who did carry out the attack.

Investigators hope that this latest attack will convince politicians and other public figures to use more sophisticated passwords for their email and online activities.

British authorities are not commenting publicly on the progress of investigations but an official said after the attack that "cyber threats to the UK come from criminals, terrorists, hacktivists as well as nation states".

A number of security experts had speculated that the Russian government was behind the cyber attack on UK Parliament at the end of June, in which 90 MP accounts were breached. Security agents had thought that a foreign government was responsible for the attack rather than a criminal group.

The brute-force style attack attempted to identify "weak passwords that did not conform to guidance issued by the Parliamentary Digital Service". Despite this, the breach highlighted the lack of stronger protection methods, such as two-factor authentication, on a network that holds government material.

Advertisement - Article continues below

26/06/2017: Russia suspected in cyber attack against UK Parliament

Security experts speculate that the Russian government was behind the cyber attack against the UK Parliament over the weekend, in which 90 email accounts belonging to MPs were breached.

An investigation has been launched following a "sustained" cyber-attack on Friday that led to the breach of around 90 email accounts, and while the identity of the attackers remains unknown, it's thought to have been state-sponsored.

Advertisement
Advertisement - Article continues below

"We have discovered unauthorised attempts to access accounts of parliamentary networks users and are investigating this on-going incident, working closely with the National Cyber Security Centre," read a Parliamentary statement issued on Saturday.

The attack targeted a network used by every Member of Parliament, including Theresa May and her cabinet. Remote access to the network has since been blocked as a precaution, according to the statement.

Security agents believe that a foreign government, rather than a criminal group, carried out the attack, and that only Russia, China, North Korea or Iran would have the capabilities and motivation to do so, according to sources speaking to the Guardian.

A Commons press office statement issued on Sunday revealed that fewer than 1% of the 9,000 accounts on the network were compromised. The on-going investigation has so far revealed a brute-force style attack that that attempted to identify "weak passwords that did not conform to guidance issued by the Parliamentary Digital Service".

Advertisement - Article continues below

Password strength aside, the breach highlights a lack of two-factor authentication on a network that holds government material. Ilia Kolochenko, CEO of web security firm High-Tech Bridge, believes the incident highlights significant shortfalls in government security, and that it is ignoring "cyber security fundamentals".

"Today, two-factor authentication (2FA), advanced IP filtering and anomalies detection systems are a must-have for critical systems accessible from the Internet," said Kolochenko. "Strict password policies, regular audits for weak and non-compliant passwords are also vital for corporate security. However, apparently, none of these simple but efficient security controls were properly implemented."

The attack followed the release of a report by the Times, which revealed that usernames and passwords of thousands of MPs, police employees and government staff were being traded online by Russian hackers.

The government has said it has informed those individuals whose email accounts have been compromised, and an investigation to determine what data has been lost is underway.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now
Advertisement
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/security/vulnerability/356295/microsoft-patches-high-risk-flaws-that-can-be-exploited-with-a
vulnerability

Microsoft releases urgent patch for high-risk Windows 10 flaws

1 Jul 2020
Visit/laptops/34623/how-to-connect-one-two-or-more-monitors-to-your-laptop-including-usb-type-c
Laptops

How to connect one, two or more monitors to your laptop

29 Jun 2020