Hackers pose as lawmakers, launch cyber attack on UK Parliament

[tao]

Politicians were warned that hackers were posing as parliamentary officials asking for passwords

 

Britain's Parliament has been hit by a new wave of cyber attack after hackers attempted to trick lawmakers into revealing their passwords, prompting officials to warn MPs and their aides to guard against such threats.

Politicians have been warned that hackers were posing as parliamentary officials asking for their passwords.

 

"This afternoon we've heard reports of parliamentary users being telephoned and asked for their parliamentary username and password," a message sent to MPs and staff earlier this week warned.

"The caller is informing users that they have been employed by the digital service to help with thecyberattack. These calls are not from the digital service. We will never ask you for your password."

According to 'The Sunday Telegraph', parliamentary officials have said that hackers are still attempting to gain access after a "sustained" assault last week lasted for more than 12 hours as unknown hackers repeatedly targeted "weak" passwords of staff.

Security sources told the newspaper the attack was the biggest they could remember.

The network affected is used by every MP, including British Prime Minister Theresa May, and her Cabinet ministers, for dealing with constituents.

It remains unclear whether the hackers were successful in gaining access as the investigation is ongoing.

The UK Cabinet Office, which blamed human error for the breach, said the details were publicly available on data.Gov.Uk, which publishes charts and graphs of public data and is widely used across UK government circles.

A parliamentary spokesperson said: "On Thursday afternoon a small number of parliamentary users were telephoned and asked for their parliamentary username and password by a caller claiming to be employed by 'Windows' on behalf of the Parliamentary Digital Service to help with the cyber attack.

"No usernames or passwords were disclosed in these calls.

 

< Here >

 

[straycat19]

We have always told our users that we will never ask for their passwords and they should never give them out to anybody.  The funny thing is no one has ever asked us how we fix anything without being at their workstation and having them log in.  It's simple.  If you use Exchange/Outlook for mail, it isn't encrypted, any admin with server access can read it.  We changed from Groupwise to Exchange for that reason.   Groupwise mailboxes are encrypted and without knowing the users login you can't read their email easily.  Notice I said easily, not that it was impossible.  For everything else we can change their password, do what we need, and when we have them log back in they will get a reset password dialogue.  Even on their workstation, IT personnel have a special pre-boot account to login to the network that then gives them access to the encrypted workstation drive and the user's online storage.  So there is never a reason to ask for their password.  We have little reminders on our webpages and in emails to never give out login information to anyone and if anyone ever asks they are supposed to call the IT hotline so we can do a trace of the phone call, email, or person who asked for it.