Holyrood’s IT staff reportedly swept people’s passwords and found that many were using weak onesiStock
Hackers reportedly tried to steal email credentials of Scottish MPs in a “brute-force” attack similar to the one that targeted email accounts at Westminster several weeks ago. The attack, which may have locked out some people from their accounts, reportedly involved hackers attempting to access the email accounts by repeatedly attempting to crack their passwords.
Holyrood officials reportedly said that they are unaware of hackers having successfully compromised any email accounts. However, MPs and Holyrood staff were urged to update their passwords using longer and stronger variations of letters, numbers and special characters, the Guardian reported. Holyrood’s IT staff reportedly swept people’s passwords and found that many were using weak passwords.
Holyrood staff was reportedly warned about the cyberattack in an internal email by their chief executive Sir Paul Grice.
“The parliament’s monitoring systems have identified that we are currently the subject of a brute force cyber-attack from external sources,” Grice said.
“This attack appears to be targeting parliamentary IT accounts in a similar way to that which affected the Westminster parliament in June. Symptoms of the attack include account lockouts or failed log-ins.”
“The parliament’s robust cybersecurity measures identified this attack at an early stage and the additional security measures which we have in readiness for such situations have already been invoked. Our IT systems remain fully operational,” Grice added.
The attack on the British parliament in June saw hackers try to steal account passwords of MPs in a 12-hour siege. A probe into the attack revealed that around 40 email accounts related to the House of Commons were affected and a total of 90 email accounts were reportedly compromised by the cyberattack.
Although the identity of the hackers still remains unclear, security officials suspected that Russian and North Korean state-sponsored hackers may have had a hand in launching the attack.
Meanwhile, the identity and motive of the hackers behind the Scottish parliament attack remains unclear.