A Times investigation claims that the hacked passwords of top UK politicians, diplomats, and police officers have been sold or bartered on a private Russian-language forum.
Credentials reportedly belonging to tens of thousands of Britain’s top officials, including some 1,000 ministers, 7,000 police officers, and 1,000 members of Parliament or parliamentary staff, are thought to have ended up in two lists of hacked data that were traded on a Russian website before becoming freely available.
There is no evidence the hackers were of Russian origin, but the Times speculates that, since one of the lists first appeared on a private Russian-language forum, they may have been Russian.
Passwords for Prime Minister Theresa May’s close colleagues – Education Secretary Justine Greening and Business Secretary Greg Clarke – are among those allegedly hacked and sold online.
In light of the recent revelation, the National Cyber Security Centre (NCSC), which was set up to protect Britain from cyberattacks, said it will re-brief government officials on measures needed to protect them from falling victim to hacks.
Security experts have cautioned that the hackers may use the information to get into government accounts.
There is also concern that the victims may become targets of blackmail and intimidation if the stolen passwords give hackers access to embarrassing content in emails or social profiles.
“If these people used the same credentials... elsewhere – potentially on government systems – that’s not good,” said Rob Pritchard, a cybersecurity specialist at the Royal United Services Institute (RUSI), according to the newspaper.
The investigation found that a large bulk of the data came from a massive 2012 cyberattack on the professional networking platform LinkedIn, in which information on millions of users was stolen.
It also revealed that former Cabinet Officer Brooks Newmark, who worked closely with former PM David Cameron, had used the same word “for quite a while as my password, including as my parliamentary one.”
It later emerged that he had sent sexually explicit messages to an undercover reporter from the Sunday Mirror.
“There’s hacks going on all the time... we’re incredibly vulnerable,” Newman said, the Times reports. Newmark is now working as a cybersecurity researcher at Oxford University.
The NCSC, which last year warned about hackers potentially “compromising databases containing large numbers of user passwords,” advised that passwords used at home should be different from those used work.
The list also included the password of former Detective Chief Inspector Andy Redwood, who oversaw the investigation into the disappearance of Madeleine McCann.
According to the Times, the three passwords associated with police officers that recurred the most in the list were “police,” “password,” and “police1.”
The latest revelation follows an international ransomware attack that paralyzed National Health Service (NHS) hospital networks throughout the country earlier this year. That hack was thought to have originated in North Korea.
Meanwhile, at the beginning of the year, the US government accused Russia of hacking into Democratic Party computers.
Without providing any actual proof to back their claims, with US intelligence agencies concluding that Russian President Vladimir Putin had personally sought to swing the election against Democratic Party candidate Hillary Clinton.
In a recent interview with Oscar-winning Oliver Stone, Putin dismissed those allegations as a “lie,” saying that US-Russia relations are being held hostage to US domestic squabbles and used to “derail the legitimacy of President Trump.”