UK Parliament Emails Closed After 'Sustained And Determined' Cyber-Attack (theguardian.com)

← Back to Stories (view on slashdot.org)

UK Parliament Emails Closed After 'Sustained And Determined' Cyber-Attack (theguardian.com)

Posted by EditorDavid on Saturday June 24, 2017 @05:38AM from the PWs-for-PMs dept.

An anonymous reader quotes the Guardian: Parliament has been hit by a "sustained and determined" cyber-attack by hackers attempting to gain access to MPs' and their staffers' email accounts. Both houses of parliament were targeted on Friday in an attack that sought to gain access to accounts protected by weak passwords... The estate's digital services team said they had made changes to accounts to block out the hackers, and that the changes could mean staff were unable to access their emails...

The international trade secretary, Liam Fox, told ITV News the attack was a "warning to everyone we need more security and better passwords. You wouldn't leave your door open at night." In an interview with the BBC, he added: "We know that there are regular attacks by hackers attempting to get passwords. We have seen reports in the last few days of even Cabinet ministers' passwords being for sale online. We know that our public services are attacked, so it is not at all surprising that there should be an attempt to hack into parliamentary emails."
One member of Parliament posted on Twitter "Sorry, no parliamentary email access today â" we're under cyber-attack from Kim Jong-un, Putin or a kid in his mom's basement or something." He added later, "I'm off to the pub."

44 comments

Min score:

Reason:

Sort:

It was me, I did it. by Anonymous Coward · 2017-06-24 05:48 · Score: 0

But I'm in my dad's attic.
Their system protects member accounts by ale2011 · 2017-06-24 05:56 · Score: 2

So perhaps it isn't such a bad idea to use your home-brew email server after all.
1. Re:Their system protects member accounts by Pinky's+Brain · 2017-06-24 10:08 · Score: 1
  
  Any government or big company should just hand out secure locked down devices for intranet only use (no web browsing, no USB, no nothing) with hardware VPN.
  Small cost compared to the shit caused by even a low impact hack.
2. Re:Their system protects member accounts by ale2011 · 2017-06-25 06:16 · Score: 1
  
  Hm... sooner or later someone will learn how to hack their way into intranet servers anyway, for example by emulating that device VPN. Intrusions are normal. The point is that if you allow diversity, it becomes unlikely that all servers are attacked simultaneously.
  In addition, smaller data centers can afford smaller security teams, which implies better trust.
ya know, it could just be a false flag attack... by Anonymous Coward · 2017-06-24 05:56 · Score: 1

... convenient excuse to regulate the internet.... how jaded am I with my government ...
"I'm off to the pub." by fustakrakich · 2017-06-24 06:00 · Score: 0

Too bad the taxpayers are buying his drinks...

--
“He’s not deformed, he’s just drunk!”
1. Re:"I'm off to the pub." by thegarbz · 2017-06-24 06:25 · Score: 1
  
  Why is it too bad? Cyber attack stopped, no one needs emails on the weekends anyway (politicians rarely work when they are supposed to in the first place), and it was time to clock out. Should he not be compensated for the work he did, and not get to spend it the way he wants?
2. Re:"I'm off to the pub." by PolygamousRanchKid+ · 2017-06-24 07:12 · Score: 0
  
  Why is it too bad?
  It's too bad if you are a EU citizen living in the UK . . . or a UK subject (the UK doesn't have citizens; it's not written into the constitution that they don't have).
  
  Should he not be compensated for the work he did, and not get to spend it the way he wants?
  The current government of the UK hasn't really done any work on planning for the Brexit, while the clock is already ticking on the exit date. The negotiations with the rest of the onery EU members will be about as easy as negotiating The Treaty of Ghent (look it up, if you don't know what that means).
  The EU tabled an offer to grant all UK citizens living in other EU countries permanent rights to live, work and receive social benefits. The UK countered that offer, and tabled up . . . jack shit. You can read all about it in The Economist; it isn't even pay-walled. To put this in a way that US oriented folks can understand, it would be like telling foreign folks in the US with green cards . . . that, oh, sorry, your "permanent" green cards will expire in a year. Since it looks like the UK is going to screw over the EU citizens, the EU, in their fine gentlemanly way, will respond by screwing over the UK citizens abroad.
  I happen to know a few IT British expats, and this is all a very serious matter for them. Imagine sitting down with your manager, who tells you he is more than satisfied with your work, but doesn't know if he will legally be able continue employing you when the Brexit hits the fan.
  In this situation, I would expect the government to be working days, nights and weekends to "get that puppy project shipped". But their government is currently being led by a Schrödingeresque creature that is both a "daft twat" and a "right cunt" at the same time.
  Maybe she should just toss some more housing project subjects onto the barby . . . that might help.
  . . . or maybe not.
  At any rate, I already know what "The Economist" thinks about the current situation, and so I am anxiously awaiting my new copy of "Viz". To really understand the UK, you need to read both to get full coverage from the high brow musings down to the "A Pint and a Fight, a Great British Night!" knocked off a bar stool with a pool cue gut reactions.
  Saying, "oh, email hackers, I'm off to the pub" is pretty sad to hear from a British MP. I mean, it's not America, is it . . . ?
  
  --
  Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
3. Re:"I'm off to the pub." by dunkelfalke · 2017-06-24 07:21 · Score: 1
  
  I don't think the EU would be screwing British expats - that would make them lose the moral high ground. My best guess is, EU will allow them to get a second nationality easier than it is now.
  
  --
  "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
4. Re:"I'm off to the pub." by Anonymous Coward · 2017-06-24 07:25 · Score: 1
  
  You are a fucking retard! Check out the Magna Carta sometime, and realize the difference in law systems means UK civil rights are even more secure than the US constitution provides.
5. Re: "I'm off to the pub." by Anonymous Coward · 2017-06-24 07:28 · Score: 0
  
  Too bad the taxpayers are buying his drinks...
  Even if that was true, why exactly is it bad?
6. Re: "I'm off to the pub." by Anonymous Coward · 2017-06-24 07:38 · Score: 0
  
  I don't think
  Yep, we are in agreement, 100%>
7. Re:"I'm off to the pub." by Anonymous Coward · 2017-06-24 07:59 · Score: 0
  
  politicians rarely work when they are supposed to in the first place
  Right.. because they're at the damn pub drinking on the taxpayer's dime, or quid, whatever! We should be pointing all those spy cameras at them to make sure they are doing their job.
  And the person who modded the OP down is an asshole shill for these people.
8. Re: "I'm off to the pub." by bestweasel · 2017-06-24 09:54 · Score: 1
  
  Aren't US legislators forbidden from admitting they drink alcohol, unless it's in a tearful confession after arrest or in rehab?
9. Re:"I'm off to the pub." by Anonymous Coward · 2017-06-24 14:53 · Score: 0
  
  'Scuse me, my passport says "BRITISH CITIZEN".
Re:ya know, it could just be a false flag attack.. by Rockoon · 2017-06-24 06:07 · Score: 1

how jaded am I with my government ...
Not enough yet.

--
"His name was James Damore."
Re: ya know, it could just be a false flag attack. by Anonymous Coward · 2017-06-24 06:07 · Score: 0

No why regulate, they will just keep it free. Free of child porn, free of terrorists, free of encryption. Not that different than the "free world" we are living in ...
Better passwords? by 93+Escort+Wagon · 2017-06-24 06:07 · Score: 4, Interesting

Wouldn't requiring two-factor auth be a better idea?

--
#DeleteChrome
1. Re:Better passwords? by symes · 2017-06-24 19:31 · Score: 1
  
  I have no idea why two-factor is not more common. All the stuff I have set up for personal use has it enabled but none of the corporate systems I use so (except for one that also needs a dongle). You know what I would like to see? A near field dongle-like key, something that can be embedded in a phone or keyring or ID card or something. There seems to be the beleif that secure means more difficult and so many have opted for the less secure easier to access route. You can have exceptional security and easy access though.
passwords need to go by Anonymous Coward · 2017-06-24 06:22 · Score: 2, Interesting

Why can't the email for MPs use client side SSL certificates for authentication instead of passwords. This isn't really all that hard to do, just a little extra effort.
This password nonsense needs to end.
1. Re: passwords need to go by Anonymous Coward · 2017-06-24 07:28 · Score: 0
  
  And the next time an mp leaves their laptop on a train?
2. Re: passwords need to go by toonces33 · 2017-06-24 10:53 · Score: 1
  
  That's what encrypted hard drives are for...
3. Re: passwords need to go by Anonymous Coward · 2017-06-24 14:55 · Score: 0
  
  Which brings us back to passwords anyway, unless it's still on.
I don't understand the problem by oobayly · 2017-06-24 06:26 · Score: 4, Insightful

If they've got nothing to hide they've got nothing to fear...
In light of all the anti-privacy legislation that the UK government has been passing, I've got to wonder if somebody's making a point.
Serious question... by Anonymous Coward · 2017-06-24 06:32 · Score: 0

Is there something more secure they could use? Like a centralized "startup'd" like service?
OMG! by Provocateur · 2017-06-24 06:32 · Score: 1

a kid in his mom's basement or something
It's like I have a twin!

--
WARNING: Smartphones have side effects--most of them undocumented.
1. Re:OMG! by Blue+Stone · 2017-06-24 07:29 · Score: 3, Insightful
  
  What I want to know is why a British MP is using the American word "mom" in a communication instead of the British "mum".
  Outrageous!
  
  --
  Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
2. Re:OMG! by Anonymous Coward · 2017-06-24 11:21 · Score: 0
  
  ... American word "mom" ...
  
  In my country, the publishers and broadcast networks decided, a few years ago, that's what authors and screenwriters will write when referring to a female parent. Ditto for 'cookie' and a few other American words.
3. Re:OMG! by Anonymous Coward · 2017-06-24 23:59 · Score: 0
  
  He's implying/joking that the hack is by a US kid.
Given what's going on in the UK by rsilvergun · 2017-06-24 06:34 · Score: 1

I'm guessing the Parliament feels a bit like a kid who hasn't studied and got a snow day right now.

--
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Re: ya know, it could just be a false flag attack. by Anonymous Coward · 2017-06-24 06:45 · Score: 1

Not at all - instead itâ(TM)s a great justification of why having unencrypted data sat on a server (or data encrypted in a way that that server knows how to decrypt) is a bad idea. This is exactly why end to end encryption is needed.
notified by email by klindsay · 2017-06-24 06:54 · Score: 3, Funny

MPs said they were unable to access their emails after the attack began.
An email sent to all those affected, ... (outside Westminster)
What could possibly go wrong with this means of notification?
Re: ya know, it could just be a false flag attack. by Anonymous Coward · 2017-06-24 09:33 · Score: 0

..and an excuse to stop even pretending MPs and govt in general even reads emails from the proles.
attack is such a loaded word by 0111+1110 · 2017-06-24 12:31 · Score: 1

Wouldn't a 'security probe' or 'multiple failed logins' or something of that nature be more accurate? I've had enough of all these bad and misleading analogies. Is computer security really so hard? Just enforce secure passwords and multifactor authentication and take it seriously. Account lockout after 10 unsuccessful attempts etc. And don't use Microsoft software of any kind.

--
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
North Korea (really?) and Putin, but not NSA/CIA? by Anonymous Coward · 2017-06-24 21:18 · Score: 0

People are so dumbed down and blind. Even in the light of what's been revealed in the last few years, they somehow believe that NSA is now being dismantled, would never do such a thing again, and that the CIA has entirely changed their mission. And these people are in the British parliament.