Scots parliament hit by hackers
Holyrood targeted by ‘brute force’ cyber attack
A cyberattack on the Scottish parliament could take several days to resolve, according to IT experts.
A “brute force” attack systematically attempted to crack passwords and was identified early on Tuesday.
It is similar to one which targeted Westminster in June and is likely to leave some users locked out of their email accounts.
Parliament chief executive Sir Paul Grice told MSPs and staff on Wednesday that the systems remain under attack but there is no indication that defences have been breached.
Staff are working with the National Cyber Security Centre (NCSC) to contain the attack. In an email, he said: “At this point there is no evidence to suggest that the attack has breached our defences and our IT systems continue to be fully operational. Users should be aware, however, that this attack remains ongoing.”
Mr Grice added that it is “not uncommon for brute force attacks to be sustained over a period of days”, and he urged users to remain vigilant.
A brute force cyber attack involves hackers making repeated attempts to log in to a system using a series of different passwords, to effectively guess the passcode.
Jamie Graves, CEO at cyber security firm ZoneFox said: “A brute force attack is a tale as old as time and relies on one of the weakest areas of security – passwords.
“That the Scottish Parliament’s security measures were able to keep systems operational is a case in point of how important it is to be in a position to rapidly identify attacks and stop them in their tracks.
“The hackers may have been thwarted this time, but there’s nothing to say they won’t be back. That the IT department will force a change on weak passwords is a good, proactive measure. However, this isn’t a failsafe.
“What the Scottish Parliament has in its favour is a transparent, open culture and so unquestionably all staff will heed Sir Paul Grice’s request to remain vigilant. A united, digitally alert team is one of the greatest tools organisations can deploy in their fight against hackers.”