Published on February 7th, 2023 📆 | 4837 Views ⚑
0UK government ministers vulnerable to cyber attack
A large number of UK government ministers and civil servants have been warned that they are vulnerable to hackers after their personal information was posted online and remained visible for months.
The personal information for more than 45,000 civil servants was available until March 2020 via the Government Communication Service (GCS) website. The information included names, email addresses, phone numbers and job titles as well as links to social media profiles including Twitter and LinkedIn. The information was removed in March 2020 due to work on the site, although The Times newspaper reported that a message on the site says the information will be âback soonâ.
Concerns have been raised over the potential for the information to be used by malicious actors. In an interview with The Times, cyber security expert Richard De Vere explained that this information made government officials âprime for social engineering attacksâ. When surveyed by Cyber Security Hub, 75 percent of cyber security experts said that social engineering attacks were the âmost dangerousâ cyber security threat to both them and their businesses.
De Vere went onto explain that ministers could face phishing attacks themselves, potentially putting their devices and data at risk. De Vere also noted that malicious actors could pose as government officials themselves by using their official mobile number and attempt to commit more sophisticated social engineering attacks.
Hackers could attempt to do this either by using spoofing techniques which allow them to text and call others using an officially registered phone number (i.e., the phone number listed for a minister on the GCS database), or by creating an email address very similar to a civil servantâs and relying on the recipient to not sufficiently check the sender before replying.
Unfortunately, this is not the first time the cyber security efforts of the UK government have been called into question.
Former Prime Minister Liz Trussâ phone hacked
In late October 2022, shortly after she resigned from her position as Prime Minister, it was revealed that Liz Trussâ personal phone had been hacked while she was Foreign Secretary.
The Mail on Sunday reported that the hack had been discovered in summer of 2022, as Truss was campaigning for leadership of the Conservative party but was purposefully concealed by then Prime Minister Boris Johnson and other members of the party.
The Mail also reported that almost all the information on Trussâ phone had been accessed during the hack, including up to a yearsâ worth of messages. These messages reportedly included personal correspondences between Truss and her international partners as well as private conversations between Truss and Kwasi Kwarteng, who would go on to serve as chancellor in her government. These messages allegedly contained confidential information, including discussions on the war in Ukraine.
The tabloid newspaper also claimed that her personal mobile phone had been âhacked by agents suspected of working for the Kremlinâ, although how the hack happened was not explained.
The Mail on Sunday also alleged that Trussâ phone was âso heavily compromisedâ that it âhad to be placed in a locked safe inside a secure government facilityâ. The newspaper claimed to have sources for all information reported in the article, although no sources were officially named.
When news of the hack broke, a spokesperson for the UK government declined to comment on âindividuals' security arrangementsâ but said that there were ârobust systems in place to protect against cyber threatsâ. The spokesperson also stated that government ministers are briefed frequently on cyber security measures and given advice on how to protect their devices and personal data.
Shadow Home Secretary Yvette Cooper spoke to Sky News about the hack, saying: âItâs why cybersecurity has to be taken so seriously by everyone across government, the role of hostile states...But [it] also [raises questions] about whether a cabinet minister has been using a personal phone for serious government business and serious questions about why this information or this story has been leaked or briefed right now.âÂ
There were calls to investigate the hack after it was revealed, although as of the time of writing, no formal investigation has been launched.
Former Prime Minister Boris Johnsonsâ phone number available online for over a decade
In April 2021, it was revealed that then-Prime Minister Boris Johnsonâs personal phone number had been freely available online for the past 15 years.
The phone number was written at the bottom of a think tank press released and published in 2006 and was never deleted. The same number appeared to be the one Johnson used for personal correspondence.
It was reported by the BBC in April 2021 that the device attached to this number âappeared to be switched offâ and noted that Downing Street had yet to confirm if the number would be changed.
Following news of the issue breaking, Downing Street officials denied that Johnson had been urged to change his mobile number by senior officials.Â
Labour leader Keir Starmer criticized Johnson, saying that not only was this a âserious situation [that] carries a security riskâ, but that it highlighted serious questions about privileged access to government officials and âthose who can WhatsApp the prime minister for favorsâ.
âThere are also serious security questions around why and how this information has been leaked or released right now which must also be urgently investigated,â Starmer said.
Then-Chancellor of the Exchequer and now-Prime Minister Rishi Sunak defended Johnson, saying that to his knowledge, all security protocols concerning Johnsonâs personal phone had been followed. He said that Johnsonâs âincredibly approachableâ nature was what made him âspecialâ as a Prime Minister, and admitted he had not changed his personal phone number since being appointed as Chancellor of the Exchequer in February 2020.Â
Gloss