UK Parliament Emails Closed After 'Sustained And Determined' Cyber-Attack

An anonymous reader quotes the Guardian: Parliament has been hit by a "sustained and determined" cyber-attack by hackers attempting to gain access to MPs' and their staffers' email accounts. Both houses of parliament were targeted on Friday in an attack that sought to gain access to accounts protected by weak passwords... The estate's digital services team said they had made changes to accounts to block out the hackers, and that the changes could mean staff were unable to access their emails...

The international trade secretary, Liam Fox, told ITV News the attack was a "warning to everyone we need more security and better passwords. You wouldn't leave your door open at night." In an interview with the BBC, he added: "We know that there are regular attacks by hackers attempting to get passwords. We have seen reports in the last few days of even Cabinet ministers' passwords being for sale online. We know that our public services are attacked, so it is not at all surprising that there should be an attempt to hack into parliamentary emails."
One member of Parliament posted on Twitter "Sorry, no parliamentary email access today â" we're under cyber-attack from Kim Jong-un, Putin or a kid in his mom's basement or something." He added later, "I'm off to the pub."

Their system protects member accounts

[ale2011]

So perhaps it isn't such a bad idea to use your home-brew email server after all.

Re:Their system protects member accounts

[Pinky's+Brain]

Any government or big company should just hand out secure locked down devices for intranet only use (no web browsing, no USB, no nothing) with hardware VPN.

Small cost compared to the shit caused by even a low impact hack.

Re:Their system protects member accounts

[ale2011]

Hm... sooner or later someone will learn how to hack their way into intranet servers anyway, for example by emulating that device VPN. Intrusions are normal. The point is that if you allow diversity, it becomes unlikely that all servers are attacked simultaneously.

In addition, smaller data centers can afford smaller security teams, which implies better trust.

ya know, it could just be a false flag attack...

... convenient excuse to regulate the internet.... how jaded am I with my government ...

Re:ya know, it could just be a false flag attack..

[Rockoon]

how jaded am I with my government ...

Not enough yet.

Better passwords?

[93+Escort+Wagon]

Wouldn't requiring two-factor auth be a better idea?

Re:Better passwords?

[symes]

I have no idea why two-factor is not more common. All the stuff I have set up for personal use has it enabled but none of the corporate systems I use so (except for one that also needs a dongle). You know what I would like to see? A near field dongle-like key, something that can be embedded in a phone or keyring or ID card or something. There seems to be the beleif that secure means more difficult and so many have opted for the less secure easier to access route. You can have exceptional security and easy access though.

passwords need to go

Why can't the email for MPs use client side SSL certificates for authentication instead of passwords. This isn't really all that hard to do, just a little extra effort.

This password nonsense needs to end.

Re: passwords need to go

[toonces33]

That's what encrypted hard drives are for...

Re:"I'm off to the pub."

[thegarbz]

Why is it too bad? Cyber attack stopped, no one needs emails on the weekends anyway (politicians rarely work when they are supposed to in the first place), and it was time to clock out. Should he not be compensated for the work he did, and not get to spend it the way he wants?

I don't understand the problem

[oobayly]

If they've got nothing to hide they've got nothing to fear...

In light of all the anti-privacy legislation that the UK government has been passing, I've got to wonder if somebody's making a point.

OMG!

[Provocateur]

a kid in his mom's basement or something

It's like I have a twin!

Re:OMG!

[Blue+Stone]

What I want to know is why a British MP is using the American word "mom" in a communication instead of the British "mum".

Outrageous!

Given what's going on in the UK

[rsilvergun]

I'm guessing the Parliament feels a bit like a kid who hasn't studied and got a snow day right now.

Re: ya know, it could just be a false flag attack.

Not at all - instead itâ(TM)s a great justification of why having unencrypted data sat on a server (or data encrypted in a way that that server knows how to decrypt) is a bad idea. This is exactly why end to end encryption is needed.

notified by email

[klindsay]

MPs said they were unable to access their emails after the attack began.
An email sent to all those affected, ... (outside Westminster)
What could possibly go wrong with this means of notification?

Re:"I'm off to the pub."

[dunkelfalke]

I don't think the EU would be screwing British expats - that would make them lose the moral high ground. My best guess is, EU will allow them to get a second nationality easier than it is now.

Re:"I'm off to the pub."

You are a fucking retard! Check out the Magna Carta sometime, and realize the difference in law systems means UK civil rights are even more secure than the US constitution provides.

Re: "I'm off to the pub."

[bestweasel]

Aren't US legislators forbidden from admitting they drink alcohol, unless it's in a tearful confession after arrest or in rehab?

attack is such a loaded word

[0111+1110]

Wouldn't a 'security probe' or 'multiple failed logins' or something of that nature be more accurate? I've had enough of all these bad and misleading analogies. Is computer security really so hard? Just enforce secure passwords and multifactor authentication and take it seriously. Account lockout after 10 unsuccessful attempts etc. And don't use Microsoft software of any kind.