Simple Brute Force Cyberattack Compromises the UK Parliament’s Email System

The British Parliament’s email system was struck by a brute-force attack over the weekend by an unknown adversary who bombarded the system with thousands of login attempts.

Up to 90 people at the UK parliament saw their email accounts compromised due to a rudimentary cyberattack that took advantage of a lack of basic security practices.

With a ‘sustained and determined cyberattack’ hackers repeatedly bombarded politicians’ email accounts on both houses of the parliament including the office of the prime minister, other government ministers and every other aid using the email network.

In a statement, the UK Common’s Press office confirmed the attack, claiming that less than 1% of 9,000 accounts on the parliamentary email network had been compromised. Authorities blamed the users’ weak choices in passwords for the disruption.

An excerpt from the statement read:

Investigations are ongoing, but it has become clear that significantly fewer than 1% of the 9,000 accounts on the parliamentary network have been compromised as a result of the use of weak passwords that did not conform to guidance issued by the Parliamentary Digital Service.

The press office added that the individuals whose accounts have been compromised have since been contacted. An investigation exploring the possibility of any compromised data as a result of the breach is currently underway.

Of course, a brute force attack would simply not be able to penetrate any competent email network, say a commercial-grade webmail service. Amazingly, the UK parliament’s email system is less secure than the likes of Gmail, which should be a concerning thought.

High Tech Bridge CEO Ilia Kolochenko offered a professional take on the breach, in statements with TNW. The security professional stated:

A simple brute force attack can normally be detected and blocked within a minute. This incident highlights once again that cybersecurity fundamentals are ignored even by the governments of leading countries.

Technology director at UK security firm Darktrace pointed to the cyberattack as a “wake-up call”, adding:

This is a rudimentary routine attack. This has the hallmarks of someone just doing it to show they can or of someone doing it for fun.

Image credit: Pexels.