Senior Holyrood officials are suspecting China of being behind a powerful cyber attack on the Scottish Parliament in August.
The cyber attack in August locked out email accounts belonging to several Scottish MPs but failed to disrupt Holyrood’s IT systems.
Last month, a brute force cyber attack on the Scottish Parliament, which was followed by a similar one on Westminster, was conducted by suspected hackers to exploit weak passwords associated with email accounts of Holyrood officials.
Even though none of the email accounts were compromised, several were locked out following multiple login attempts by the suspected hackers.
“The parliament’s monitoring systems have identified that we are currently the subject of a brute force cyber-attack from external sources. This attack appears to be targeting parliamentary IT accounts in a similar way to that which affected the Westminster parliament in June. Symptoms of the attack include account lockouts or failed log-ins,” said Sir Paul Grice, chief executive of the Scottish Parliament.
“The parliament’s robust cybersecurity measures identified this attack at an early stage and the additional security measures which we have in readiness for such situations have already been invoked. Our IT systems remain fully operational,” he added.
According to the Sunday Herald, a number of Scottish parliamentarians, as well as Holyrood officials, are now suspecting China of being behind the cyber attack in August. However, Holyrood has neither backed their assertions officially nor has it named China in any of its statements.
‘We can see which countries across Europe and further afield the attack was routed through, but that doesn’t confirm the place of origin. We won’t list those countries through which the attack was routed but we are liaising with the National Cyber Security Centre,’ said a Scottish Parliament spokesperson.
It remains to be seen if Holyrood’s liaising with the UK’s cyber security agencies will bring up concrete evidence on China’s involvement in last months cyber attack. It is though a well-known fact that Chinese hackers have been conducting corporate cyber espionage for years to dig out trade secrets from countries in Europe, the United States and other targeted regions.
Back in September 2015, Barack Obama and Xi Jinping entered into a cyber security agreement that mandated that neither US nor the Chinese government would knowingly support cyber theft of commercial secrets to aid domestic businesses, although neither party agreed to limit spying to acquire government secrets and information held by private contractors.
Despite the agreement, security firm CrowdStrike detected and defended against as many as seven attacks inside the next three weeks on technology and pharmaceutical firms in the US. The firm said that the attacks came from hackers associated with the Chinese government.
According to Ewan Lawson, a senior research fellow at the Royal United Services Institute for Defence and Security Services, there are several reasons why state-sponsored Chinese hackers would want to target thr Scottish parliament.
‘One, gathering up information as available there and then. But, two, if you are cracking passwords and don’t get caught, then of course you can be streaming the data on a continual basis until such time as you are caught,’ he told the Sunday Herald.
‘Whilst a load of emails from the Scottish Parliament to constituents might not seem particularly interesting, there will be nuggets. People say things on emails that they perhaps wouldn’t necessarily if they thought the conversation was going to be overheard.
‘If you were a member of party A, and you are criticising your leader, and that information becomes available, that has a value to somebody,’ he added.