2017 Westminster data breach

Last updated

The 2017 Westminster data breach occurred on 23 June 2017, when an unauthorised attempt was made to gain access to email accounts belonging to a number of politicians at the United Kingdom's Houses of Parliament. [1] Whitehall officials have claimed that Iran was behind the attack. [2]

Contents

The incident was followed by an attempt to hack accounts belonging to politicians at the Scottish Parliament in August 2017.

Events

Parliamentarians were told about the cyberattack on the evening of 23 June, and it was made public knowledge the following day by Chris Rennard, a Liberal Democrat member of the House of Lords who posted a request on social media asking people needing to contact him urgently to do so via text message. Remote access to politicians email accounts was disabled.

However, a spokesperson for the House of Commons said that this was a precautionary measure to protect security rather than a consequence of the cyberattack itself. The matter is being investigated by the National Cyber Security Centre with assistance from the National Crime Agency. [3]

Westminster authorities described the attack as "sustained and determined", and follows media reports that the email passwords of government ministers had been obtained by hackers and were being sold online. [4]

On 25 June, a Westminster spokesperson confirmed the cyberattack had been an attempt to hack email accounts with weak passwords, but that an investigation had found less than 1% of the 9,000 email addresses associated with parliament had been compromised—a figure representing around 90 email accounts. However, it was still being treated as a serious security breach: "The figure is less than many feared, but is still a breach." [5] MPs subsequently said that agencies with links to either Russia or North Korea were suspected of being behind the attack. [6]

Holyrood cyberattack

On 15 August, officials at Holyrood, home of the Scottish Parliament warned that accounts belonging to Members of the Scottish Parliament (MSPs) were currently the subject of a Brute-force attack which was attempting to crack weak passwords, but that no accounts had been compromised. However, MSPs were warned they may find themselves temporarily locked out of their accounts for security reasons. News outlets, such as The Guardian reported the attack was similar in nature to the one that had occurred at Westminster. [6] The following day officials said that Holyrood was working with the UK's National Cyber Security Centre to increase security measures. [7]

Related Research Articles

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

<span class="mw-page-title-main">Data breach</span> Intentional or unintentional release of secure information

A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so. Other terms are unintentional information disclosure, data leak, information leakage and data spill. Incidents range from concerted attacks by individuals who hack for personal gain or malice, organized crime, political activists or national governments, to poorly configured system security or careless disposal of used computer equipment or data storage media. Leaked information can range from matters compromising national security, to information on actions which a government or official considers embarrassing and wants to conceal. A deliberate data breach by a person privy to the information, typically for political purposes, is more often described as a "leak".

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

Cyberwarfare by China is the aggregate of all combative activities in the cyberspace which are taken by organs of the People's Republic of China, including affiliated advanced persistent threat groups, against other countries.

<span class="mw-page-title-main">Cyberattack</span> Attack on a computer system

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack (DDoS).

Cyberwarfare is a part of Iran's "soft war" military strategy. Being both a victim and wager of cyberwarfare, Iran is considered an emerging military power in the field.

In July 2015, a group calling itself "The Impact Team" stole the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. The group copied personal information about the site's user base and threatened to release users' names and personally identifying information if Ashley Madison would not immediately shut down. On 18 and 20 August, the group leaked more than 60 gigabytes of company data, including user details.

Cozy Bear, classified by the United States federal government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with one or more intelligence agencies of Russia. The Dutch General Intelligence and Security Service (AIVD) deduced from security camera footage that it is led by the Russian Foreign Intelligence Service (SVR); this view is shared by the United States. Cybersecurity firm CrowdStrike also previously suggested that it may be associated with either the Russian Federal Security Service (FSB) or SVR. The group has been given various nicknames by other cybersecurity firms, including CozyCar, CozyDuke, Dark Halo, The Dukes, NOBELIUM, Office Monkeys, StellarParticle, UNC2452, and YTTRIUM.

Fancy Bear is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU. The UK's Foreign and Commonwealth Office as well as security firms SecureWorks, ThreatConnect, and Mandiant, have also said the group is sponsored by the Russian government. In 2018, an indictment by the United States Special Counsel identified Fancy Bear as GRU Unit 26165. This probably refers to its Military Unit Number.

The Internet service company Yahoo! was subjected to the largest data breach on record. Two major data breaches of user account data to hackers were revealed during the second half of 2016. The first announced breach, reported in September 2016, had occurred sometime in late 2014, and affected over 500 million Yahoo! user accounts. A separate data breach, occurring earlier around August 2013, was reported in December 2016. Initially believed to have affected over 1 billion user accounts, Yahoo! later affirmed in October 2017 that all 3 billion of its user accounts were impacted. Both breaches are considered the largest discovered in the history of the Internet. Specific details of material taken include names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords. Further, Yahoo! reported that the late 2014 breach likely used manufactured web cookies to falsify login credentials, allowing hackers to gain access to any account without a password.

In cybersecurity, cyber self-defense refers to self-defense against cyberattack. While it generally emphasizes active cybersecurity measures by computer users themselves, cyber self-defense is sometimes used to refer to the self-defense of organizations as a whole, such as corporate entities or entire nations. Surveillance self-defense is a variant of cyber self-defense and largely overlaps with it. Active and passive cybersecurity measures provide defenders with higher levels of cybersecurity, intrusion detection, incident handling and remediation capabilities. Various sectors and organizations are legally obligated to adhere to cyber security standards.

<i>Petya</i> and <i>NotPetya</i> Family of encrypting ransomware discovered in 2016

Petya is a family of encrypting malware that was first discovered in 2016. The malware targets Microsoft Windows–based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting. It subsequently demands that the user make a payment in Bitcoin in order to regain access to the system.

<span class="mw-page-title-main">2017 Ukraine ransomware attacks</span> Series of powerful cyberattacks using the Petya malware

A series of powerful cyberattacks using the Petya malware began on 27 June 2017 that swamped websites of Ukrainian organizations, including banks, ministries, newspapers and electricity firms. Similar infections were reported in France, Germany, Italy, Poland, Russia, United Kingdom, the United States and Australia. ESET estimated on 28 June 2017 that 80% of all infections were in Ukraine, with Germany second hardest hit with about 9%. On 28 June 2017, the Ukrainian government stated that the attack was halted. On 30 June 2017, the Associated Press reported experts agreed that Petya was masquerading as ransomware, while it was actually designed to cause maximum damage, with Ukraine being the main target.

Charming Kitten is an Iranian government cyberwarfare group, described by several companies and government officials as an advanced persistent threat.

The 2018 SingHealth data breach was a data breach incident initiated by unidentified state actors, which happened between 27 June and 4 July 2018. During that period, personal particulars of 1.5 million SingHealth patients and records of outpatient dispensed medicines belonging to 160,000 patients were stolen. Names, National Registration Identity Card (NRIC) numbers, addresses, dates of birth, race, and gender of patients who visited specialist outpatient clinics and polyclinics between 1 May 2015 and 4 July 2018 were maliciously accessed and copied. Information relating to patient diagnosis, test results and doctors' notes were unaffected. Information on Prime Minister Lee Hsien Loong was specifically targeted.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. As of 9 March 2021, it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF).

References

  1. "Cyber-attack on parliament leaves MPs unable to access emails". The Guardian. Guardian Media Group. 24 June 2017. Archived from the original on 24 June 2017. Retrieved 24 June 2017.
  2. "Iran blamed for Parliament cyber-attack". BBC News. BBC. 14 October 2017. Retrieved 20 December 2020.
  3. "Parliament hit by cyber-attack". BBC News. BBC. 24 June 2017. Archived from the original on 24 June 2017. Retrieved 24 June 2017.
  4. Riley-Smith, Ben (24 June 2017). "Parliament hit by 'sustained and determined' cyber attack leaving MPs unable to access their emails remotely". The Telegraph. Telegraph Media Group. Archived from the original on 24 June 2017. Retrieved 24 June 2017.
  5. Syal, Rajeev (25 June 2017). "Parliament cyber-attack hits fewer than 90 email accounts". The Guardian. Guardian Media Group. Archived from the original on 30 June 2017. Retrieved 1 July 2017.
  6. 1 2 Carrell, Severin (15 August 2017). "Scottish parliament hit by cyber-attack similar to Westminster assault". The Guardian. Guardian Media Group. Archived from the original on 27 August 2017. Retrieved 28 August 2017.
  7. "Ongoing Holyrood cyber attack fails to breach security". BBC News. BBC. 16 August 2017. Archived from the original on 30 August 2017. Retrieved 28 August 2017.