Scottish Parliament Accounts Under Brute Force Attack

Scottish Parliament Accounts Under Brute Force Attack

The Scottish Parliament has been hit by a brute force attack designed to crack MSP and staff passwords, it has emerged.

The external attack appears to be targeting online accounts like the one suffered by parliament in June.

Although there’s no official info on the Scottish Parliament website, MSPs and staff have been informed by email by CEO Paul Grice, according to the BBC.

"Symptoms of the attack include account lockouts or failed logins,” the missive reportedly notes.

"The parliament's robust cybersecurity measures identified this attack at an early stage and the additional security measures which we have in readiness for such situations have already been invoked. Our IT systems remain fully operational."

The additional security measures in question appear to involve forcing a change to weak passwords, which begs the question why they were allowed in the first place.

Bitglass CEO, Rich Campagna, argued that passphrases are a better bet than long and strong passwords.

“These will still be lengthy, but made up of real words, so easier to remember,” he added. “It might seem simple, but the truth is, if a password takes too long to crack, hackers will simply move onto the next batch."

Jamie Graves, CEO of Edinburgh-based ZoneFox argued that the Scottish Parliament is institutionally well prepared to cope with cyber-attacks.

“What the Scottish Parliament has in its favor is a transparent, open culture and so unquestionably all staff will heed Sir Paul Grice's request to remain vigilant,” he explained. “A united, digitally alert team is one of the greatest tools organizations can deploy in their fight against hackers."     

However, the use of password-based systems is still troubling given the high stakes at play here.

Security expert Graham Cluley recommended a switch to two-factor authentication; a simple step which would confound hackers, crackers and phishers.

“If it's good enough for the cast of Game of Thrones it should be good enough for you,” he explained, referencing a move designed to tighten up security on the hit TV show.

Back in June, less than 1% of 9000 parliamentary accounts were compromised in a similar attack, also prompting calls for 2FA to be introduced across the board.

Source: Information Security Magazine