Isis hacks UK cabinet minister emails: Should we be worried about national cybersecurity?
On 11 September, it was revealed that terrorists from Islamic State (Isis) succeeded in hacking into the email accounts of several UK cabinet ministers, although a lengthy investigation by GCHQ proved that no security breach occurred.
The report, as revealed by The Telegraph, explained that the attack actually occurred in May, but it is not clear what information the extremists were able to access. However, Whitehall officials were told by GCHQ that they had to change their passwords and tighten security procedures.
While it is important to note that the incident occurred three months before British hacker Junaid Hussain (who led IS's hacking operations) was killed by a US drone strike in Syria, the question remains – should we be worried about national cybersecurity? How good are UK government cybersecurity measures?
Inside the Public Service Network
"Since there is so little detail about the attack, we're going to have to guess, but if the hack was relating to email accounts belonging to ministers such as home secretary Theresa May, well then her email account is connected to a secure government network called the Public Services Network [PSN, previously known as the GSI in the 1990s]," Andrew Beckett, managing director of Regency IT Consulting (a specialist security consultancy for the UK government), told IBTimes UK.
"The PSN is basically a virtual private network [VPN] that is at least as secure as your online banking network, but no one would ever call it a completely secure network."
According to Beckett, the PSN is meant to cover mundane everyday correspondence between government departments and citizens, as well as third-party contractors, such as stationery orders, so nothing of any great importance to national security will ever be sent over it.
"Any security breach of ministerial correspondents is of concern, but without further information, we have to be realistic and say the government has a number of communication channels. For more secure activity, Theresa May and her office would have different and far more secure classified communication channels, and it's highly unlikely that those would be breached by IS."
Tens of thousands of viruses attack the UK government every day
Beckett, who has 15 years' experience in government cybersecurity consultancy, says that very likely, the IS attack was just "another day in the office", because tens of thousands of viruses routinely attack UK government infrastructure every day, but no great data breaches are occurring.
"While we still use firewalls and VPNS to maintain security, additional levels are added on top such as encryption, as well as monitoring any breaches that have taken place. There is an ongoing battle between cybersecurity experts and the government against the attackers. The attackers only have to get lucky once," he said.
"We have to be ready for anything. New zero day vulnerabilities are being discovered everyday but you can't prepare for zero days, so you plan for how you can detect it as quickly as possible, block access and remove malware from the system as quickly as possible."
So, for example, if a hacker wanted to somehow hack into David Cameron's emails, it would be very unlikely that they would be successful, as the only way they could do that would be to somehow get malware onto the system and use that to broadcast information, and the sophisticated detection mechanisms in place make this very difficult.
"From The Telegraph article, it sounds like perhaps the PSN login details for the cabinet ministers were compromised or potentially at risk, but it's very difficult to say without more information," said Beckett.
"Saying that cabinet ministers' emails were hacked probably sounds more sexy, but all this has done is give IS a news headline."
GCHQ has a much bigger budget than any hacker
There are a multitude of contractors working with GCHQ to monitor various computer systems within the UK government, and if they detect any sort of potentially troublesome activity, they inform the GCHQ.
The GCHQ also monitors websites and IP addresses known to be associated with people of interest to it, and if it detects that a UK business is hacked, it informs the firm and recommends a commercial security firm that can sort the problem out and improve cybersecurity measures.
"The GCHQ is a state-run body with warrants and a budget that would make your eyes water. It has the ability to mount access and monitoring that isn't available to individuals or terror groups," stressed Beckett.
"Also, in the UK, if GCHQ wanted to monitor activity, they would have to get a warrant. They would use that warrant to include internet service providers. That's not an option to IS. They can't go to BT and ask for all the traffic on the Home Office."
Don't open email attachments or suspicious links
So, in all likelihood, the IS hack is not as big a deal as it sounds. However, it's still important for users to practice good cybersecurity in general, whether at work or at home.
"Cybersecurity is a challenge for an awful lot of people but it's one of those areas where it's really easy to be alarmist where there's no need to be," said Beckett.
"If users are very careful what URLs they click on, what websites they click on, don't open email attachments from people they don't know, you can actually defeat 80% of the attacks before they start," he said.
"This isn't a battle that we're going to win, but we're fighting for a stalemate."
© Copyright IBTimes 2024. All rights reserved.