Parliamentary personnel using ‘weak passwords’ have had email accounts compromised, and it remains unclear whether MPs, Lords and their staff use two-factor authentication.
Security services are investigating whether hackers stole data from UK politicians after a cyberattack breached a number of online accounts belonging to Parliament personnel.
The attack, which took place on Friday, compromised up to 90 accounts and saw MPs, Lords and their staff cut off from remote access to emails and some other Office 365 services, in order to protect users.
As of Monday morning, the parliamentary system was not fully up and running, leaving MPs working outside of Westminster without the ability to respond to constituent queries.
“Parliament’s first priority has been to protect the parliamentary network and systems from the sustained and determined cyberattack to ensure that the business of the Houses can continue,” a spokesperson told ZDNet.
Under one percent of the 9,000 accounts on the parliamentary network have been compromised by attackers and those that have been hacked were “compromised as a result of the use of weak passwords that did not conform to guidance issued by the Parliamentary Digital Service”.
“Investigations to determine whether any data has been lost are under way,” the spokesperson said, adding that affected users are being required to change their passwords and are being “proactively reminded” of best cybersecurity practice advice.
Parliament is working with the National Cyber Security Centre – the cybersecurity arm of GCHQ – and the National Crime Agency to investigate the attack.
“The NCSC is aware of an incident and is working around the clock with the UK Parliamentary digital security team to understand what has happened and advise on the necessary mitigating actions,” the NCSC said in a statement.
Parliament “like all responsible organisations, takes cybersecurity extremely seriously”, a spokesperson told ZDNet, adding: “We have made a series of technology changes to increase user account security and will continue to assess and improve our risk mitigation measures”.
Parliament didn’t respond to a query as to whether two-factor authentication was enforced as standard by the Parliamentary Digital Service. However, if those affected by the cyberattack had been using two-factor authentication, it could’ve prevented outsiders from hacking their accounts.
All eyes have turned to determining who carried out the cyberattack, although the NCSC told ZDNet that the investigation is still in its early stages and more evidence is needed before making a “sensible assessment” about the nature of the attack and the culprit.
The cyberattack against Parliament comes just over a month after large swathes of the National Health Service were hit by the WannaCry ransomware epidemic. However, WannaCry wasn’t a targeted attack against the NHS specifically, but rather its worm-like nature saw it spread to any system around the world it could compromise.