Ben Riley-Smith and Robert Mendick
London: Britain’s parliament has suffered an unprecedented cyber attack after hackers launched a “sustained and determined” attempt to break into MPs’ email accounts.
The “brute force” assault lasted more than 12 hours on Friday as unknown hackers repeatedly probed “weak” passwords of politicians and aides.
Parliamentary officials were forced to lock MPs out of their own email accounts as they scrambled to minimise damage from the incident.
The network affected is used by every MP – including Prime Minister Theresa May and her cabinet ministers – for dealing with constituents.
Experts warned last night that politicians could be exposed to blackmail or face a heightened threat of terrorist attack if emails were accessed.
MPs also apologised to their constituents and expressed concerns that sensitive and private information shared with them may have leaked.
Fears were raised by cyber specialists that “state actors” such as Russia, China or North Korea could be behind the attack – though Government sources said it was too early for conclusions.
It comes just weeks after more than 40 British National Health Service trusts were affected by a cyber attack that locked nurses and doctors out of their computers.
International Trade Secretary Liam Fox said the attack was a “warning to everyone we need more security and better passwords”. He added: “You wouldn’t leave your door open at night.”
The attack was launched on Friday morning and targeted the 9000 people who have email accounts on the parliament’s internal network.
All 650 MPs have parliamentary email accounts as well as peers, political aides, constituency staff and officials who work in the building.
A “restricted access” email sent at 10.29pm on Friday revealed the scale of the problems being faced.
Rob Greig, director of the Parliamentary Digital Service, wrote: “Earlier this morning we discovered unusual activity and evidence of an attempted cyber-attack on our computer network.
“Closer investigation by our team confirmed that hackers were carrying out a sustained and determined attack on all parliamentary user accounts in attempt to identify weak passwords. These attempts specifically were trying to gain access to users emails.
“We have been working closely with the National Cyber Security Centre (NCSC) to identify the method of the attack and have made changes to prevent the attackers gaining access, however our investigation continues.”
In an attempt to shore up the system, parliamentary officials stopped at least one method for remotely accessing emails via mobiles and computers away from Westminster.
The move left some MPs unable to gain access to their inboxes yesterday, with many taking to social media to issue apologies.
If you try and contact me by my parliamentary e-mail address then l will not be able to respond currently, this is due to a cyber attack
— Angela Rayner MP (@AngelaRayner) June 24, 2017
Sorry no parliamentary email access today – we’re under cyber attack from Kim Jong Un, Putin or a kid in his mom’s basement or something…
— Henry Smith MP (@HenrySmithUK) June 24, 2017
Angela Rayner, Labour’s shadow education secretary, tweeted: “If you try and contact me by my parliamentary e-mail address then l will not be able to respond currently, this is due to a cyber attack.”
Henry Smith, the Tory MP, said: “Sorry no parliamentary email access today – we’re under cyber attack from Kim Jong-un, Putin or a kid in his mom’s basement or something.”
Security sources said the attack was the biggest they could remember on parliament but had been brought under control by Friday evening.
They said it was a “brute force” attack, which involves firing messages at email accounts in an attempt to find a weak password and gain entry. These are more rudimentary than “spearhead” attacks, such as emails that contain viruses. It remains unclear whether the hackers gained access to email accounts.
Andrew Bridgen, the Tory MP for North West Leicestershire, raised concerns about “confidential information” shared by voters with their local politicians.
“People come to us with their worst problems in their life in the confidence that their emails are secure,” he said.
“If people thought our emails were not secure it would undermine our constituents’ confidence and trust in approaching their MP at a time of crisis.”
Sean Sullivan, adviser to F-secure, a cyber security company, said: “This is at an early stage but possible perpetrators of this attack include state actors including Russia, China and North Korea. They would all be in the frame.”
Mr Sullivan said MPs’ emails would provide a trove of information for criminal gangs or to hostile states. “This information could be used to launch a terrorist attack or for blackmail plots.”
Ministers and officials also use a separate email system for sharing more confidential information, which was unaffected by the incident.
A parliamentary spokesman said: “We have discovered unauthorised attempts to access accounts of parliamentary networks users and are investigating this ongoing incident, working closely with the National Cyber Security Centre.
“Parliament has robust measures in place to protect all of our accounts and systems, and we are taking the necessary steps to protect and secure our network. As a precaution we have temporarily restricted remote access to the network. As a result, some MPs and staff cannot access their email accounts outside of Westminster. IT services on the Parliamentary Estate are working normally.”