This article is more than 1 year old
Och. Scottish Parliament under siege from brute-force cyber attack
Unidentified hackers attempt to bust open email accounts
Hackers are trying to break into Scottish Parliament email accounts weeks after similar campaigns against Westminster.
MSPs and Holyrood staff were warned on Tuesday that as-yet unidentified hackers were running "brute-force" attacks on systems in the devolved assembly, The Guardian reports. Similar attacks on Westminster back in June, subsequently blamed on Russia by intel sources, led to the compromise of 90 accounts.
In an internal bulletin Sir Paul Grice, Holyrood's chief executive, warned: "The parliament's monitoring systems have identified that we are currently the subject of a brute-force cyber attack from external sources.
"This attack appears to be targeting parliamentary IT accounts in a similar way to that which affected the Westminster parliament in June. Symptoms of the attack include account lockouts or failed logins.
"The parliament's robust cybersecurity measures identified this attack at an early stage and the additional security measures which we have in readiness for such situations have already been invoked. Our IT systems remain fully operational."
Legislators and support staff have been advised to update their passwords with longer and stronger combinations of letters, numbers and special characters in response.
Left unexplained is why staffers are able to set substandard passwords and whether two factor authentication (2FA) technology – a well-established defence against exactly this type of malfeasance – is supported. ®
Updated at 14:53 UTC to add: El Reg has seen an update issued to all MSPs and staff at Holyrood that explains: "
- the cyber-attack remains ongoing
- there is no evidence to suggest that the attack has breached our defences
- our IT systems continue to be fully operational."