The UK Parliament has been hit by a “sustained and determined” cyber attack, designed to identify weak email passwords just over a month after ransomware brought down parts of the NHS. The House of Commons said it was working with the National Cyber Security Centre, part of GCHQ, to defend the parliament’s network.
“Earlier this morning we discovered unusual activity and evidence of an attempted cyber-attack on our computer network,” an email sent by parliamentary authorities to those people affected said. “Closer investigation by our team confirmed that hackers were carrying out a sustained and determined attack on all parliamentary user accounts in an attempt to identify weak passwords.”
Chris Rennard, a member of the Liberal Democrat party in the House of Lords, was the first to draw attention to the problem, using Twitter to announce: “Cyber security attack on Westminster, Parliamentary emails may not work remotely, Text urgent messages.”
A spokeswoman for the House of Commons confirmed that unauthorised attempts had been made to access parliamentary accounts and said systems were in place to protect member and staff details. “As a precaution we have temporarily restricted remote access to the network,” she said. “As a result, some members of parliament and staff cannot access their email accounts outside of Westminster.”
Liam Fox, the minister for international trade, said the attack was not a surprise and should act as a warning to people across the country to the threat posed by cyber hackers. “We’ve seen reports in the last few days of even cabinet ministers’ passwords being for sale online,” he said. “We know that our public services are attacked so it’s not at all surprising that there should be an attempt to hack into parliamentary emails.”
A Parliament spokesman said later that the compromised email accounts had used weak passwords. “Investigations are ongoing, but it has become clear that significantly fewer than 1% of the 9,000 accounts on the parliamentary network have been compromised, as a result of the use of weak passwords that did not conform to guidance issued by the Parliamentary Digital Service. As they are identified, the individuals whose accounts have been compromised have been contacted and investigations to determine whether any data has been lost are under way,” he said.