Ninety accounts compromised in 'brute force' attack on Parliament's email system
Claims that unsubtle attack on Parliamentary email system was state-sponsored
Parliament's email system has been compromised in what has been described as a "sustained and determined cyber attack", in which the email accounts of as many as 90 users were brute forced.
The attack attack was first picked up on Friday and affected "fewer than one per cent of the 9,000 users of the IT system", according to Chris Rennard, a member of the Liberal Democrat party.
Security services shut down access to the network for anyone not in Westminster on Friday night, which left all 650 MPs - as well as peers, aides, constituency staff and officials who work in the building - unable to access their email accounts until the following morning.
"We have discovered unauthorised attempts to access accounts of parliamentary networks users and are investigating this ongoing incident, working closely with the National Cyber Security Centre (NCSC)," a parliamentary spokesperson said.
"Parliament has robust measures in place to protect all of our accounts and systems, and we are taking the necessary steps to protect and secure our network.
"As a precaution, we have temporarily restricted remote access to the network. As a result, some Members of Parliament and staff cannot access their email accounts outside of Westminster.
"IT services on the parliamentary estate are working normally. We will continue to keep members of both Houses of Parliament and the public updated as the situation develops."
The spokesman said the 12-hour-long attack was a result of "weak passwords" that did not conform to guidance from the Parliamentary Digital Service and said that an investigation is under way to determine whether any data has been lost.
Experts have been quick to warn that politicians could be exposed to blackmail or face a heightened threat of terrorist attack if emails were successfully accessed.
"As they are identified, the individuals whose accounts have been compromised have been contacted and investigations to determine whether any data has been lost are under way," the parliamentary spokesperson said.
An NCSC spokesperson added: "The NCSC is aware of the incident and is working around the clock with the UK parliamentary digital security team to understand what has happened and advise on the necessary mitigating actions."
News of hackers targeting parliament comes hot on the heels of reports that Russian hackers had stolen and were trading passwords and email addresses of thousands of MPs and government officials.
The Guardian is already pointing fingers in the direction of Russia, with a security source telling the newspaper that this latest attack "was a brute force attack" and 'appears to have been state-sponsored."
However, such claims are easy to make, but hard to prove and there could be any number of people or groups who might target Parliament's email system in this way.