SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Members of UK Parliament Have Their Emails Hacked in Brute Force Attack

Posted on July 17, 2017

Email isn’t just one of the most convenient ways to communicate — it’s also the easiest way for a hacker to uncover information about you. In the final week of June, the Parliament of the United Kingdom experienced its very own cyber attack. The attack focused solely on Parliament email addresses and was not sophisticated in nature: it was a regular brute force attempt. However, the attack brought the network to a standstill.

By trying common passwords and as many other combinations as possible, the hackers eventually compromised roughly 90 email accounts. Although that accounts for only about 1% of the total number of active email addresses in Parliament, that still signifies a serious problem. The House of Commons issued a statement stating that they were investigating to determine if the attackers succeeded in stealing anything from the compromised accounts.

Even the mild success of this attack highlights two significant problems endemic not just government cyber security, but to cyber security practices in general. First, a brute force hack shouldn’t be able to compromise passwords. A strong password policy that disallows common weak passwords and enforces rules for strength can help render brute force attacks unfeasible for an attacker.

Second, why isn’t there a stronger perimeter defense in place to safeguard these important email accounts?  Many corporations, for example, require a VPN in order to access email – and VPN access can be setup with two-factor authentication (2FA) in order to provide a strong defense against unwanted access.  While it’s certainly convenient to access your email from anywhere without a VPN, this incident demonstrates the sacrifice in security by making access “too” convenient – and that trade-off at a government level could put things like national security at risk. 

Despite the limited disruption to Parliament’s activities, the fact that attackers could breach any government accounts so easily is worrying. It puts a spotlight on the need for governments and enterprises to take cyber security seriously at all levels. Otherwise, it will continue to be all too easy for bad actors to launch attacks on sensitive data.

Join our mailing list for the latest security news and deals