Blackmail fears after Parliament hit by 'sustained and determined' cyber attack on MPs' email network

Houses of Parliament
Houses of Parliament Credit:  Rii Schroer for the Telegraph

Parliament has suffered its biggest ever cyber attack as hackers launched a “sustained and determined” attempt to break into MPs email accounts. 

The “brute force” assault lasted for more than 12 hours on Friday as unknown hackers repeatedly targeted “weak” passwords of politicians and aides. 

Parliamentary officials were forced to lock MPs out of their own email accounts as they scrambled to minimise the damage from the incident. 

The network affected is used by every MP including Theresa May, the Prime Minister, and her cabinet ministers for dealing with constituents. 

Experts on Saturday night warned that politicians could be exposed to blackmail or face a heightened threat of terrorist attack if emails were successfully accessed. 

MPs also apologised to their constituents and expressed concerns that sensitive and private information shared with them may have leaked. 

Fears were raised by cyber specialists that “state actors” such as Russia, China or North Korea could be behind the attack - though Government sources said it was too early for conclusions.

It comes just weeks after more than 40 NHS trusts were affected by a cyber attack that locked nurses and doctors out of their computers. 

Liam Fox, the International Trade Secretary, said the attack was a "warning to everyone we need more security and better passwords”. He added: “You wouldn't leave your door open at night."

The attack was launched on Friday morning and targeted the 9,000 people who have email accounts on Parliament’s internal network. 

All 650 MPs have parliamentary email accounts as well as peers, political aides, constituency staff and officials who work in the building. 

A “restricted access” email sent at 10.29pm on Friday and seen by The Sunday Telegraph reveals the scale of the problems being faced. 

Rob Greig, director of the Parliamentary Digital Service, wrote: “Earlier this morning we discovered unusual activity and evidence of an attempted cyber-attack on our computer network.

“Closer investigation by our team confirmed that hackers were carrying out a sustained and determined attack on all parliamentary user accounts in attempt to identify weak passwords. These attempts specifically were trying to gain access to users emails.

“We have been working closely with the National Cyber Security Centre (NCSC) to identify the method of the attack and have made changes to prevent the attackers gaining access, however our investigation continues.”

In a bid to shore up the system, parliamentary officials stopped at least one method for remotely accessing emails via mobiles and computers away from Westminster. 

The move left some MPs unable to gain access to their inboxes throughout Saturday, with many taking to social media to issue apologies.

Angela Rayner, Labour’s shadow education secretary, tweeted: “If you try and contact me by my parliamentary e-mail address then l will not be able to respond currently, this is due to a cyber attack”

Henry Smith, the Tory MP, said: “Sorry no parliamentary email access today - we're under cyber attack from Kim Jong Un, Putin or a kid in his mom's basement or something.”

Security sources said the attack was the biggest they could remember targeting Parliament but had been brought under control by Friday evening. 

They said it was a “brute force” attack, which involves firing messages at email accounts in an attempt to find a weak password and gain entry. These are more rudimentary than “spearhead” attacks, such as emails that contain viruses. 

It remains unclear whether the hackers were successful in gaining access to email accounts, with the investigation still ongoing on Saturday night. 

MPs affected warned of the damage a successful hack could bring. Andrew Bridgen, the Tory MP for North West Leicestershire, raised concerns about “confidential information” shared by voters with their local politicians. 

“People come to us with their worse problems in their life in the confidence that their emails are secure,” he said. 

“If people thought our emails were not secure it would seriously undermine our constituents’ confidence and trust in approaching their MP at a time of crisis.”

Sean Sullivan, security adviser to F-secure, a cyber security company, said: “This is at an early stage but possible perpetrators of this attack include state actors including Russia, China and North Korea. They would all be in the frame.”

Mr Sullivan said MPs’ emails would provide a trove of information to criminal gangs or to hostile enemy states. “This information could be used to launch a terrorist attack or for blackmail plots. MPs accounts contains so much confidential information.”

A parliamentary spokesperson said: "We have discovered unauthorised attempts to access accounts of parliamentary networks users and are investigating this ongoing incident,  working closely with the National Cyber Security Centre.

“Parliament has robust measures in place to protect all of our accounts and systems, and we are taking the necessary steps to protect and secure our network. As a precaution we have temporarily restricted remote access to the network.

“As a result, some Members of Parliament and staff cannot access their email accounts outside of Westminster. IT services on the Parliamentary Estate are working normally. We will continue to keep Members of both Houses of Parliament and the public updated as the situation develops”.

Government minsters and officials also use a separate email system, used for sharing more confidential information, which was unaffected by the incident. 

The attack struck just hours after a newspaper reported that the log-in details of 1,000 MPs and parliamentary staff, including cabinet ministers, were being trade online by Russian hackers.

License this content