igor - Fotolia
The passwords and email addresses of MPs, parliamentary staff, diplomats and senior police officers were sold, bartered and then made available for free on Russian-speaking hacking forums.
These included email addresses and passwords used by education secretary Justine Greening and business secretary Greg Clark, the head of IT at the Foreign Office, the director-general of the Department for Exiting the European Union and the former ambassador to Israel, according to The Times, which made the discovery.
The lists of stolen credentials included 1,000 MPs and parliamentary staff, 7,000 police employees and more than 1,000 Foreign Office staff.
According to The Times, the three most common passwords associated with the stolen police email addresses were “police”, “password” and “police1”. One senior politician used their country name followed by a number, while another used a relative’s surname. Peter Jones, chief operating officer at the Foreign and Commonwealth Office, apparently used a “highly insecure” password that showed up more than 3,700 times in one of the lists being traded online.
The National Cyber Security Centre confirmed that its digital security advice had been re-issued to government departments following the discovery.
A government spokesman said it was a “historical incident”, according to The Guardian, but he added that anyone who followed LinkedIn’s advice to change their passwords on the site and any other accounts that used the same credentials would have been safe.
The revelation comes just days after US officials revealed in testimony before the Senate Intelligence Committee that Russian hackers targeted voting systems in nearly 50% of states in the 2016 US presidential election.
Read more about cyber espionage
- A huge data breach at French naval defence contractor DCNS highlights the challenge of protecting intellectual property, say security experts.
- Russian state-sponsored hackers work office hours and target western governments, according to F-Secure report.
- A cyber espionage group has targeted high-profile technology, internet, commodities and pharmaceutical companies in the US, Europe and Canada.
- Abuse of credentials and watering-hole attacks are the main tactics used by a cyber espionage group.
Russia has repeatedly denied any involvement in election-related hacking, but US intelligence agencies and various independent cyber security researchers have attributed the cyber attacks that occurred during the 2016 US election to hacker groups linked to the Kremlin.
Russian hacking groups have also been linked to cyber attacks targeting French president Emmanuel Macron’s election campaign, the German political party Christian Democratic Union (CDU), the Turkish parliament, and the parliament in Montenegro.
Several other countries, including Ukraine, Norway, the Czech Republic, Bulgaria and Italy, have also reported recent cyber attacks targeting digital infrastructure that are believed to have been the work of Russian hacking groups.