Details among two huge lists of stolen private information of government officials
An investigation by The Times newspaper has revealed that Russian hackers have gained access to a huge cache of private information of government officials including that of the Minister for Education and Putney, Roehampton and Southfields MP Justine Greening.
Passwords and email addresses belonging to nearly 10,000 people including other cabinet ministers, ambassadors and senior police officers have been put online and offered for sale.
There are reported to be two lists of stolen data revealing the private log-in details of 1,000 British MPs and parliamentary staff, 7,000 police employees and more than 1,000 Foreign Office officials including the department’s own head of IT.
The hackers have harvested data from a number of different sources according to the Times including LinkedIn which was compromised five years ago and MySpace. The concern would be that if the same passwords were used to log in to government web sites then official information could be accessed on an unauthorised basis. The Times states that the information held on Ms Greening may be up to a decade old and official Government security advice is that passwords are changed regularly. However other security experts dispute this is a secure method of preventing unauthorised access as hackers can anticipate variations used by when someone amends their password such by changing the number at the end of a word which remains the same.
The list shows that many officials were using easily guessable passwords including the word ‘password’.
The National Cyber Security Centre (NCSC) is to reissue guidance to government departments after being shown the evidence uncovered by The Times.
A Parliamentary Spokesperson said: “The Houses of Parliament, like all responsible organisations, takes cyber security extremely seriously. We provide advice to users – including Members – to make them aware of the risks and how to manage their digital safety. MPs have to change their parliamentary passwords regularly, however we do not comment on specific details of our cyber security policies”.
June 26, 2017