June 26, 2017 by

Simple Brute Force Cyberattack Compromises the UK Parliament’s Email System

The British Parliament’s email system was struck by a brute-force attack over the weekend by an unknown adversary who bombarded the system with thousands of login attempts.

Up to 90 people at the UK parliament saw their email accounts compromised due to a rudimentary cyberattack that took advantage of a lack of basic security practices.

With a ‘sustained and determined cyberattack’ hackers repeatedly bombarded politicians’ email accounts on both houses of the parliament including the office of the prime minister, other government ministers and every other aid using the email network.

In a statement, the UK Common’s Press office confirmed the attack, claiming that less than 1% of 9,000 accounts on the parliamentary email network had been compromised. Authorities blamed the users’ weak choices in passwords for the disruption.

An excerpt from the statement read:

Investigations are ongoing, but it has become clear that significantly fewer than 1% of the 9,000 accounts on the parliamentary network have been compromised as a result of the use of weak passwords that did not conform to guidance issued by the Parliamentary Digital Service.

The press office added that the individuals whose accounts have been compromised have since been contacted. An investigation exploring the possibility of any compromised data as a result of the breach is currently underway.

Of course, a brute force attack would simply not be able to penetrate any competent email network, say a commercial-grade webmail service. Amazingly, the UK parliament’s email system is less secure than the likes of Gmail, which should be a concerning thought.

High Tech Bridge CEO Ilia Kolochenko offered a professional take on the breach, in statements with TNW. The security professional stated:

A simple brute force attack can normally be detected and blocked within a minute. This incident highlights once again that cybersecurity fundamentals are ignored even by the governments of leading countries.

Technology director at UK security firm Darktrace pointed to the cyberattack as a “wake-up call”, adding:

This is a rudimentary routine attack. This has the hallmarks of someone just doing it to show they can or of someone doing it for fun.

Image credit: Pexels.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Brute-Force Attacks Affects Millions of Alibaba Accounts

A brute-force attack on TaoBao, an ecommerce site by Alibaba may have compromised up to 21 million...

Read more arrow_forward