British Parliament Hit by Cyberattack, Affecting Email Access

Based on the names mentioned I searched for their email addresses in password dumps and they all match the large 500M+ lists (anti public and exploit.in - covered here[0]) that have been available on some of the credential-stuffing and hacking forums since late last year. They are aggregate lists composed of MySpace, LinkedIn and other breaches.<p>It appears someone has grepped out parliament.uk emails from those leaks and then published it separately, the earliest mention of such a list that I can find online is from mid-May.<p>The credential stuffing and darkweb markets are full of such lists as the scammers attempt to make a dollar or two from content that is otherwise publicly available by slicing it in interesting or appealing ways.<p>I doubt any of the credentials would have worked against the parliament Office 365 login[1] as either the IT admins would have noticed, and&#x2F;or the list is old enough where it would have been noticed far earlier plus Office 365 even without MFA enabled or enforced will usually require an email or SMS confirmation for a new device login or a login that doesn&#x27;t match user pattern.<p>The story mentions they disabled logins, but it appears to still work. This is likely just a precaution from the IT department over what is a relatively minor issue since it is easier to pretend you&#x27;re doing something rather than having to explain to the media that this is an old issue and not that big a deal.<p>[0] <a href="https:&#x2F;&#x2F;www.cert.govt.nz&#x2F;businesses-and-individuals&#x2F;recent-threats&#x2F;anti-public-and-exploit-in-release&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.cert.govt.nz&#x2F;businesses-and-individuals&#x2F;recent-t...</a><p>[1] <a href="https:&#x2F;&#x2F;intranet.parliament.uk" rel="nofollow">https:&#x2F;&#x2F;intranet.parliament.uk</a>

Why don&#x27;t these people use 2 factor auth like a yubikey? And not sms because it can be hacked and redirected. I know the reason, they are not wanting these non-technical foofaws to be slightly inconvenienced. And they&#x27;d lose their second factors even if they had them - too bad, you shouldn&#x27;t be able to get an official email without it. Give everyone a couple of those keys, put one on their keychain, one in their computer at home, one in their work computer. They&#x27;d be so much safer.

In what way have they been &#x27;hacked&#x27;?<p>Constituents can email their MPs and I&#x27;d imagine they all share the same few email servers. It&#x27;s not hard to imagine that someone thought they&#x27;d &#x27;have a go&#x27; (as was the case during the election period), and the reaction by Parliament has so far been a precautionary one.

To what extent are our security problems the result of feature creep and an inability to lock down simple protocols? For all the bloviating about national borders and so on, if a country can&#x27;t secure its own legislature then its institutions are broken.

They should ban encryption to catch those hackers!

National institutions have indeed begun their long slide into irrelevance. Ray Kurzweil, a big shot at Google, already wrote about that. Anything that existed before the widespread commercialization of the internet cannot remain the same, after. I am waiting for news of the inevitable to break loose. A group of disgruntled people setting up internet infrastructure to literally organize the decimation of state officials. They will end up dying like flies. As soon as the first guys do that, there will be no stopping it. The national state uses force to enforce its views, while they no longer have a credible monopoly on the use of force.

They&#x27;ve just got hacked, yet the NYT is already blaming the Russians.

Real title:<p>&gt; British Parliament Hit by Cyberattack, Affecting Email Access<p>Clickbait title. Access to email has been disabled as a precaution because passwords were being trafficked and there were attempts to access accounts.

&quot;Bugger! My hard drive is encrypted and they&#x27;re demanding bitcoins! Do any of you blokes know the pounds to bitcoins rate?&quot;