Russian hackers trading stolen email addresses and passwords of 1,000 British MPs and top officials online
Hackers are reportedly trading the email addresses and passwords belonging to thousands of British politicians, ambassadors and other top officials online.
An investigation by The Times found two massive lists of stolen credentials were put up for sale or traded on Russian-speaking hacking sites, which included the log-in details of 1,000 British MPs and parliamentary staff, 7,000 police employees and over 1,000 Foreign Office officials.
These lists were reportedly released for free later, The Times reported.
The stolen credentials are believed to have come from prior data breaches including the huge 2012 hack on business social media network LinkedIn, which compromised over 100 million users’ emails and passwords, the MySpace breach, and dozens of “smaller entities”.
In the wake of these breaches, security experts, officials and organisations urged users to immediately change their passwords to stronger ones and avoid the common, but dangerous practice of using the same password across multiple sites and services.
The log-in credentials of education secretary Justine Greening and business secretary Greg Clark were also reportedly included in the troves being swapped online, besides the passwords of head of IT at the Foreign Office, the director-general of the Department for Exiting the European Union and the former ambassador to Israel.
The password of former detective chief inspector Andy Redwood was apparently included in the list that featured over 7,000 police passwords. Redwood headed the investigation into Madeleine McCann’s disappearance. The three most common passwords associated with the stolen police email addresses were “police”, “password” and “police1”.
According to The Times, one senior politician used the name of their home country followed by a number while another used a relative’s surname. Meanwhile, the Chief Operating Officer at the Foreign and Commonwealth Office Peter Jones apparently used a “highly insecure password” that showed up over 3,700 times in one of the lists being traded online.
The National Cyber Security Centre (NCSC), which safeguards the country against potential cyberattacks, told the Times that it would reissue its digital security advice to government departments in the light of the publication’s findings.
The revelation comes as many European countries bolster their digital security and cyberdefences in the wake of the cyberattacks targeting the US presidential election in 2016 and the “massive and coordinated” hacking attack targeting now-French President Emmanuel Macron’s campaign last month.
Multiple European countries, including Ukraine, Czech Republic, Norway, Bulgaria, Italy and others, have also reported cyberattacks that targeted their own digital infrastructure.
Earlier this year, the US intelligence community accused Russian President Vladmir Putin of ordering a complex “influence campaign” to undermine American democracy, denigrate Hillary Clinton and help Donald Trump win the presidency. The Kremlin has continued to dismiss the allegations as baseless.
In June, Putin likened hackers to “artists” and suggested that some “patriotically minded”, private Russian hackers may have been involved in the cyberattacks targeting the US election.
“Hackers are free people, just like artists who wake up in a good mood and start painting,” he said. “Likewise, hackers get up in the morning and read the news about international affairs. If they feel patriotic, they try to make what they see as a fair contribution to the struggle against those who speak ill of Russia.”