CHINA has been accused of being behind the recent cyber attack on the Scottish Parliament by senior Holyrood figures.
What was described as a 'brute force' attack last month caused days of disruption, just weeks after a similar attack on email accounts at Westminster.
Senior Holyrood sources told the Sunday Herald that China, which is estimated to have a “hacker army” of up to 100,000 people, is suspected of being behind the attack.
Experts suggest that 'hack attacks' of this sort can be a “test” designed to learn about foreign governments' IT security systems.
At the time of the attack it was said only that “external sources” had tried to hack Holyrood email accounts by attempting to crack their passwords.
No accounts were compromised, but the prolonged attack meant that MSPs could not access their emails remotely and passwords had to be changed.
In a message to staff, Holyrood chief executive Paul Grice said "robust cyber security measures" identified the attack early, and systems remained “fully operational".
David Stewart of the Parliamentary Corporate Body (the PCB is responsible for the running of Parliament) had previously reassured MSPs that a review of cyber-security had been undertaken, which had "offered assurance that sufficient and effective arrangements are in place”.
It was also revealed on Friday that hackers had made repeated attempts to break into the Scottish Government's networks over the last two years, forcing Ministers to spend £2 million to protect the public.
The Holyrood attack was similar to the one carried out on Westminster in June, in which up to 90 email accounts with weak passwords were believed to have been targeted.
According to several reports, the Russian Government was suspected of being behind the Westminster breach.
However, two Holyrood sources told this newspaper that the Scottish Parliament incident was linked to China, not Russia.
While Russia is known for deploying hacking as a way of gathering intelligence – the recent US presidential election being the prime example – China has a track record in corporate cyber-espionage.
China is considered to be the world’s hacking superpower and Western countries have entered into loose agreements on combating the cyber-threat from Beijing.
Experts told the Sunday Herald that finding conclusive evidence which links a country to a cyber attack is notoriously difficult.
They also cited a variety of reasons for why countries engage in cyber-hacking parliaments and other state institutions.
Dr Omair Uthmani, who is the Programme Leader of the Networking and Security degrees at Glasgow Caledonian University, said: “It might simply be blind probing, to see how strong the defences are on a certain infrastructure.
“Certainly the fact [that the attack] has been detected is one way of saying ‘we probed the defences in one area, and we had a reaction, so that is probably not the way to do it the second time around’.”
Dr Daniel Dresner, a cyber security expert at Manchester University, echoed the GCU academic’s view: “People will often carry out an attack as a bit of experimentation, to see how far they can get, or see what the reactions are. Or, carry out an attack on one part of the system, while they are infiltrating something else completely.”
Dr Phillips O'Brien, a defence expert based at St Andrews University, said that the cyber attackers could have been “testing vulnerabilities”.
He said: “Scotland could be an easy target to try and see how vulnerable it is, what systems they have, what defences they have.”
O’Brien also said of cyber-hacking: “You can bring a country to its knees very quickly.”
Ewan Lawson, a senior research fellow at the Royal United Services Institute for Defence and Security Services, said there are two aims behind such attacks: “One, gathering up information as available there and then. But, two, if you are cracking passwords and don’t get caught, then of course you can be streaming the data on a continual basis until such time as you are caught.”
Lawson said that hacking was "very, very widespread". He added that most major businesses, as well as government were "confronting a problem daily...in part, because it is not too difficult to do.
“Whilst a load of emails from the Scottish Parliament to constituents might not seem particularly interesting, there will be nuggets. People say things on emails that they perhaps wouldn’t necessarily if they thought the conversation was going to be overheard.
“If you were a member of party A, and you are criticising your leader, and that information becomes available, that has a value to somebody.”
A Scottish Parliament spokesperson said: “We can see which countries across Europe and further afield the attack was routed through, but that doesn’t confirm the place of origin. We won’t list those countries through which the attack was routed but we are liaising with the National Cyber Security Centre.”
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereLast Updated:
Report this comment Cancel