Russia hacked Liam Fox's personal email to steal trade documents

Hackers accessed his account several times between July and October 2019 by gaining access using a spear-phishing attack

Hackers stole sensitive US-UK trade documents from the personal email account of the former secretary of state for international trade Dr Liam Fox in a spear-phishing exercise.

Documents leaked last year, and subsequently used by Labour during the general election to highlight discussions regarding the NHS, were initially obtained from the former government minister, according to Reuters.

Whitehall sources have indicated to The Guardian that they were not obtained from his parliamentary or ministerial accounts but a personal email account, prompting major security concerns in addition to the breach itself. 

Cyber criminals, said to be Russian-linked, reportedly accessed the Conservative MP's account multiple times between 12 July and 21 October last year, and stole information among which were six caches of documents revealing details behind trade negotiations with the US.

The nature of the breach, spear-phishing, would also raise major alarms. This method is deployed by hackers to obtain confidential information, such as account login details, illicitly by fooling the victim into providing them willingly. Such attacks often see cyber criminals pose as trusted or legitimate individuals when sending an email or on the telephone.

A spokesperson from the National Cyber Security Centre (NCSC) said the organisation has worked closely with parties and politicians on how to defend against cyber attacks. They also offered several links to support material, including guidance for individuals in politics, that aim to educate high-profile individuals about known cyber security risks.

“The NCSC works closely with political parties, local authorities and MPs, who are offered access to the best cyber security guidance and support,” the spokesperson said. “We have worked closely with political parties for several years on how to protect and defend against cyber attacks – including publishing advice on our website.

“There is an ongoing criminal investigation and it would be inappropriate to comment further at this stage.”

The government had only last month highlighted the incident as evidence that Russian state-linked cyber criminals were attempting to interfere in British politics. 

Related Resource

Close the gap in device security

Unprotected endpoints are quickly becoming a favourite attack vector

Download now

It isn’t at all uncommon for MPs and senior politicians to be targeted by phishing attacks, with the former shadow home secretary Diane Abbott having been targeted in November 2018, according to Metro.

Abbott admitted on Twitter she had initially been “taken in” by somebody claiming to be from her internet service provider, who was requesting remote access to her PC. This was in response to journalist Marcus Chown describing a similar ploy targeting him.

As for Liam Fox, the former international trade secretary actually resigned as defence secretary in 2011 after being found to have let a friend into sensitive defence meetings without appropriate security clearance.

Spear-phishing, meanwhile, has proven an effective means of targeting individuals and compromising security, after it was also the method hackers used in the recent infamous Bitcoin Twitter hack.

The company announced, following the attack, that it would review its security policies after confirming its staff were successfully targeted in a spear-phishing exercise. This allowed hackers to tweet from 45 high-profile accounts, and access direct messages of a subset of these individuals and organisations.

Featured Resources

Five lessons learned from the pivot to a distributed workforce

Delivering continuity and scale with a remote work strategy

Download now

Connected experiences in a digital transformation

Enable businesses to meet the demands of the future

Download now

Simplify to secure

Reduce complexity by integrating your security ecosystem

Download now

Enhance the safety and security of your people, assets and operations

Enable a true vision of security with an engineered solution based on hyperconverged and storage platforms

Download now

Recommended

The Ritz suffers data breach after hackers pose as staff
data breaches

The Ritz suffers data breach after hackers pose as staff

17 Aug 2020
British teenager charged over Twitter hack
hacking

British teenager charged over Twitter hack

3 Aug 2020
Mid-year report says vulnerabilities up 22% in 2020
hacking

Mid-year report says vulnerabilities up 22% in 2020

30 Jul 2020
BlackRock banking Trojan targets Android apps
trojans

BlackRock banking Trojan targets Android apps

27 Jul 2020

Most Popular

Accenture ploughs $3 billion into cloud migration support group
digital transformation

Accenture ploughs $3 billion into cloud migration support group

17 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Google Pixel 4a review: A picture-perfect package
Google Android

Google Pixel 4a review: A picture-perfect package

18 Sep 2020