The House of Commons has confirmed in a statement that it has logged “unauthorised attempts” to access the accounts of 9,000 Members of Parliament, peers and parliamentary staff on the parliamentary network.
Parliament's email system and remote access tools were switched off during the weekend as a precautionary measure.
The incident follows on from Friday's report in The Times that a list containing login details of MPs, peers and parliamentary staff was being offered for sale on Russian-speaking websites.
A Parliament press statement said, “We have systems in place to protect member and staff accounts and are taking the necessary steps to protect our systems.”
However, the Parliamentary Digital Service (PDS) has been criticized by cybersecurity experts for failing to provide other means of protection for email accounts.
A Parliamentary spokesman told the BBC, “The parliamentary network was compromised due to weak passwords which did not conform to guidance from the Parliamentary Digital Service.”
The spokesman added: "As they are identified, the individuals whose accounts have been compromised have been contacted and investigations to determine whether any data has been lost are under way."
Parliament said that “significantly fewer than 1 percent of the 9,000 accounts on the parliamentary network have been compromised."
Spencer Young, RVP of EMEA at Imperva, said that while exactly what the attackers were after is not known, the general thought is email login credentials have been compromised.
"Passwords continue to be an Achilles Heel in the fight against cybercrime as improper user behavior – such as weak passwords or use of the same password across different sites continues. This is an outcome of a continual lack of understanding and investment from the Government in security strategies that enterprise Britain adopt as standard operating procedures. This attack was unfortunately just a matter of time," he said.
The Guardian's “security source” has already attributed the attack to Russia. No further explanation had been given as to how it had reached this conclusion apart from the fact that the credentials were being offered for sale on Russian-speaking forums.
Parliament described the incident as “ongoing” and said it is working with the National Cyber Security Centre (NCSC) to identify the culprits.
Parliament says the NCSC is working to “to identify the method of the attack and have made changes to prevent the attackers gaining access”.
SC has contacted the NCSC for comment.
Neil Larkins, co-founder and COO of Egress Software Technologies said in a statement: “There are technical measures that could have been put in place to stop this attack. For example, access can be restricted to known IP addresses, which would mean that anyone on an unknown external device trying to get access – even with the correct password – would be denied in the first instance.”
However, the reason why cybercriminals assaulted the MP's email system, instead of another area of the government's network, is totally logical Adam Laub, senior VP of product marketing at STEALTHbits Technologies, told SC Media.
"cWhile the body content of an email and the conversations themselves have their own distinct value, email quietly maintains a high ranking position as one of the largest file repositories within any organization. The amount of files contained within email inboxes is staggering. It's also a given that a substantial portion of those files will contain sensitive information that could be just as (if not more) damning as the off-color comment that accompanied it in its initial delivery," he said.