Russia, really? 'Any teenager' could be culprit of UK parliament cyberattack says expert
The alleged cyberattack was not sophisticated - and likely too brash for a nation state.
On 25 June (Sunday), roughly 48 hours after a cyberattack attempted to infiltrate the email accounts of British politicians, hackers linked to the Russian state were already being blamed.
"It was a brute force attack. It appears to have been state-sponsored," one security source allegedly told The Guardian. The newspaper also reported how Moscow was believed to be "the most likely culprit" behind the incident, which compromised fewer than 90 email inboxes.
But not everyone is convinced of such an explanation.
"Such an attack is very simple and cheap to organise, and virtually any teenager could be behind it," said Ilia Kolochenko, chief executive of security firm High-Tech Bridge. "At this early stage it would be inappropriate to speculate about the identity of the attackers.
"For this particular incident, I would abstain from blaming any state-sponsored hacking groups," he continued. "Because with such an unacceptably-low level of security they have likely already been reading all emails for many years without leaving a trace."
The UK government admitted some MP accounts had little security – despite the potentially sensitive information they contain. Ultimately, they were "compromised as a result of the use of weak passwords that did not conform to guidance issued," it said in a statement.
The reason for such quick-fire attribution may be linked to a story published by The Times' on the same day as the attack (23 June), which claimed politicians' email account information leaked from a series of major data breaches was being traded on the criminal underground.
"We have to be careful in over-hyping events seen to be occurring this weekend with a so-called cyberattack on UK parliament," said Andrew Clarke, director with security firm One Identity.
"It appears that the parliament's IT team have done a good job in closing down access to their email systems – this would serve to protect them until the nature of the intrusion is understood.
"Even before this news, I am sure that 'hackers' tried to circumvent security controls for what would be seen as a prestigious hack. Nevertheless, with the publicity exposing the password haul [from The Times' report] it is no surprise that someone has tried to take advantage."
The UK's National Cyber Security Centre (NCSC), an off-shoot of signals intelligence agency GCHQ, is now investigating.
It said it "is working around the clock with the UK parliamentary digital security team to understand what has happened and advise on the necessary mitigating actions."
Alan Woodward, professor at the University of Surrey, told The Times: "State actors, if they wanted to get access to those emails, would try and do it a lot more quietly.
"Anybody that has any experience knows that [a brute force attack] is going to make a lot of noise."
The Kremlin has been accused of orchestrating numerous cyberattacks on political groups over the past 12 months, including the incident at the Democratic National Committee (DNC).
Two Russia-linked units, dubbed Fancy Bear and Cosy Bear, were reportedly involved.
And it's not the first time that British MPs have accused Russian hackers of causing digital chaos against UK national interests. Labour's Chris Bryant MP said in February: "I don't think we have even begun to wake up to what Russia is doing when it comes to cyberwarfare."
Of course, it is the MO of Russian hackers to infiltrate email accounts of governments. But to date, there has been no evidence to attribute such a basic cyberattack to Russian espionage groups – and until public data is revealed experts say the default position should remain one of scepticism.
In a statement, parliament said it is now putting plans in place to "resume wider IT services".
© Copyright IBTimes 2024. All rights reserved.