The Parliamentary email system has been the subject of a cyber attack. Yesterday I was able to get access to my Parliamentary emails and to answer them. Today the system has been closed, so I have no access. I am therefore unable to provide the same day reply service I usually offer, and will answer them as soon as I have access again.
Anyone with an urgent query should notify me through this website and leave me a contact so I can get back to them.
11 Comments
Comments are closed.
June 25, 2017
MPs are top priority for our Security Services. One is sure they will l keep on top of it.
June 25, 2017
Like all government IT systems it’s probably rubbish and cost a fortune. Surely we should expect secure systems for our lawmakers.
June 25, 2017
You should expect almost nothing of government their fire & building control “experts” even allow the wrapping of council tower blocks in flammable insulation cladding, they fund absurd renewables, build HS2 and Hinkley C and even buy aircraft carriers with out arranging aircraft for them.
They care not what they do nor what value they get, so long as someone is paying and pensioning all of them well.
June 25, 2017
Soon to be lawmakers, hopefully.
June 25, 2017
Bad news but perhaps not unexpected, as cyber warfare has become a cheap option of getting into and perhaps take over another nation’s nowadays total reliance on data communications.
It gives others the potential to prevent normal traffic, to interfere with it and/or use it as a platform to spread misinformation, propaganda and so on. Let us hope that in this case a better prevention scheme can be quickly identified and set in place.
June 25, 2017
Doubtless the House of Commons’ email system was running the same unpatched version of Windows XP that our Trident strategic nuclear boats use – unbelievable, but true.
Meanwhile, you are correct in asserting that council tenants buying their own homes does not affect the total supply of social housing – but unfortunately, the councils were not allowed to spend the money on building new houses, central government made them use the proceeds to keep council tax down.
June 25, 2017
When the parliamentary system came under attack the steps taken by the authorities to protect the system resulted in external email access being denied. Not caused by obsolete OS.
June 25, 2017
Politicians are so full of themselves.. if they ard so concerned tgey should change back to writing mail by letter and sending by post..registered if necessary..jeez whst a load of proma donnas
June 26, 2017
As a man whose job it is to keep technical systems such as email servers operating, I wholeheartedly sympathise with the people running the House of Commons systems.
What would appear to be going on is that an attacker is trying to guess passwords (they may already know user names) for various members of the House of Commons. The simplest form of this attack is to run it from one IP address, but as the HoC system will undoubtedly have something listening for precisely this sort of attack which if detected then black holes that abusive IP, we can assume that something more sneaky is going on.
This will likely be the same sort of password-guessing, run from a huge number of different IP addresses, most likely compromised machines in all manner of places. As the same IP will then come up only once every hour or so, the server listening for wrong password tries has many fewer opportunities to spot and block abusive IPs.
Eventually, most if not all of the abusive IP addresses will be blocked, but not before some of the sillier users with poorer passwords will have been compromised. One way to mitigate this is a trick a UK university used to do, many moons ago, which was to run a standard dictionary attack against their own users’ passwords. Any user whose password was successfully cracked by this method got their account automatically locked.
Another way to mitigate this sort of attack is to use a second authentication factor (so-called two factor authentication). These are the number generator dongles, and the SMS number systems and so on which banks and indeed the likes of Google and Facebook use. 2FA systems seem not to have been in use by the House of Commons, since if they had been in use and correctly configured, the attack would have completely failed.
As to the future, implementing two-factor authentication for the HoC email system would seem to be the quickest fix going, and since this works for the big banks for online banking with little problem, it would seem to be the solution best suited for the collection of technophobes that the House of Commons largely seems to consist of these days.
June 27, 2017
I once mentioned to the son of a friend who had been to Russia fixing some IT problem for them “People believe hacking and the like cannot in absolutely every instance be traced” He smiled
🙂
Then I smiled
🙂
We had been drinking.
June 30, 2017
Interesting blog but not good for people associated with system. As they have to be very much careful and should take some important actions against cyber attack. Attack on cyber security means they are attacking on internal system which is more dangerous from soldiers fighting on border.
So, Its time to take action against cyber thread.
Thanks and keep blogging.