Brute Force Cyber Attack Hits the Scottish Parliament

Scottish Parliament Debating Chamber 3

The Scottish parliament has been the target of a “brute force” attack which saw hackers attempt to steal the email credentials of parliament members.

The Scottish Parliament, also known as Holyrood, has been impacted by a cyberattack wherein attackers sought to obtain the passwords of email accounts belonging to a number of MSPs (Members of the Scottish Parliament). Officials have claimed that no accounts were compromised while adding that MSPs were warned and urged to update and strengthen their passwords.

“The parliament’s monitoring systems have identified that we are currently the subject of a brute force cyber-attack from external sources,” wrote Holyrood’s chief executive Sir Paul Grice in an internal bulletin to MSPs and parliamentary staff.

Drawing comparisons with the recent attack targeting the Westminster parliament earlier in June, he continued:

This attack appears to be targeting parliamentary IT accounts in a similar way to that which affected the Westminster parliament in June. Symptoms of the attack include account lockouts or failed log-ins. The parliament’s robust cybersecurity measures identified this attack at an early stage and the additional security measures which we have in readiness for such situations have already been invoked. Our IT systems remain fully operational.

Curiously, Grice further revealed that Holyrood’s IT staff had done a sweep of passwords used by MSPs, only to discover that many were weak and easily unpicked.

The survey, he revealed, had highlighted a “much higher than expected level of ‘simple’ passwords which would be easy to guess/crack using software which can be easily obtained.” In other words, these passwords are exactly the sort that leave the accounts they are securing vulnerable to an exploit.

“The number of simple passwords identified is too high for us to contact each individual personally,” he added damningly.

The June attack on Westminster’s systems in London had hackers obtain access to less than 1% of the 9,000 email addresses used in the parliament, due to their weak passwords. Officials have laid suspicions on North Korean and Russian agencies, with Moscow believed to be the most likely perpetrator of the attacks, according to UK officials. Russian hackers have notably been linked to attacks on political parties during this year’s French presidential elections. They have infamously been accused of targeting and compromising the email networks of Democrats during the 2016 presidential campaign.

Image credit: Wikimedia.