Russia hacked Liam Fox's personal email to steal trade documents

Hackers accessed his account several times between July and October 2019 by gaining access using a spear-phishing attack

Hackers stole sensitive US-UK trade documents from the personal email account of the former secretary of state for international trade Dr Liam Fox in a spear-phishing exercise.

Documents leaked last year, and subsequently used by Labour during the general election to highlight discussions regarding the NHS, were initially obtained from the former government minister, according to Reuters.

Whitehall sources have indicated to The Guardian that they were not obtained from his parliamentary or ministerial accounts but a personal email account, prompting major security concerns in addition to the breach itself. 

Cyber criminals, said to be Russian-linked, reportedly accessed the Conservative MP's account multiple times between 12 July and 21 October last year, and stole information among which were six caches of documents revealing details behind trade negotiations with the US.

The nature of the breach, spear-phishing, would also raise major alarms. This method is deployed by hackers to obtain confidential information, such as account login details, illicitly by fooling the victim into providing them willingly. Such attacks often see cyber criminals pose as trusted or legitimate individuals when sending an email or on the telephone.

A spokesperson from the National Cyber Security Centre (NCSC) said the organisation has worked closely with parties and politicians on how to defend against cyber attacks. They also offered several links to support material, including guidance for individuals in politics, that aim to educate high-profile individuals about known cyber security risks.

“The NCSC works closely with political parties, local authorities and MPs, who are offered access to the best cyber security guidance and support,” the spokesperson said. “We have worked closely with political parties for several years on how to protect and defend against cyber attacks – including publishing advice on our website.

“There is an ongoing criminal investigation and it would be inappropriate to comment further at this stage.”

The government had only last month highlighted the incident as evidence that Russian state-linked cyber criminals were attempting to interfere in British politics. 

Related Resource

Close the gap in device security

Unprotected endpoints are quickly becoming a favourite attack vector

Download now

It isn’t at all uncommon for MPs and senior politicians to be targeted by phishing attacks, with the former shadow home secretary Diane Abbott having been targeted in November 2018, according to Metro.

Abbott admitted on Twitter she had initially been “taken in” by somebody claiming to be from her internet service provider, who was requesting remote access to her PC. This was in response to journalist Marcus Chown describing a similar ploy targeting him.

As for Liam Fox, the former international trade secretary actually resigned as defence secretary in 2011 after being found to have let a friend into sensitive defence meetings without appropriate security clearance.

Spear-phishing, meanwhile, has proven an effective means of targeting individuals and compromising security, after it was also the method hackers used in the recent infamous Bitcoin Twitter hack.

The company announced, following the attack, that it would review its security policies after confirming its staff were successfully targeted in a spear-phishing exercise. This allowed hackers to tweet from 45 high-profile accounts, and access direct messages of a subset of these individuals and organisations.

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Recommended

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020
phishing

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020

20 Apr 2021
Apple's AirTag tracker has already been hacked
hacking

Apple's AirTag tracker has already been hacked

10 May 2021
TsuNAME vulnerability could enable DDoS attacks on major DNS servers
distributed denial of service (DDOS)

TsuNAME vulnerability could enable DDoS attacks on major DNS servers

7 May 2021
Security researchers take control of a Tesla via drone
ethical hacking

Security researchers take control of a Tesla via drone

5 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021