The scale of Russian interference in the political affairs of foreign nations has been revealed after it was reported that the personal email account of former UK trade minister Liam Fox MP had been hacked.
The suspected Russian hackers reportedly stole classified US-UK trade documents that was leaked ahead of the UK’s general election last December.
The stolen documents – said to be a 451-page dossier of emails – ultimately ended up in the hands of then Labour leader Jeremy Corbyn, who used the material to try and discredit the government about an alleged plot to sell off the NHS.
Reuters, citing two sources with direct knowledge of the matter, reported that suspected Russian hackers had stolen the classified US-UK trade documents from the email account of former trade minister Liam Fox.
The sources, who spoke on condition of anonymity because a law enforcement investigation is underway, said the hackers accessed the account multiple times between 12 July and 21 October 2019.
The sources reportedly declined to name which Russian group or organisation they believed was responsible, but said the attack bore the hallmarks of a state-backed operation.
Last month foreign secretary Dominic Raab said that “Russian actors” had sought to interfere in the election “through the online amplification of illicitly acquired and leaked Government documents”.
The Kremlin did not immediately respond to a request from Reuters for comment on Monday.
It is reported that among the stolen information were six tranches of documents detailing British trade negotiations with the United States.
Reuters was not able to determine which of Fox’s email accounts was hacked, but the Guardian newspaper, citing Whitehall sources, reported it was a personal email account of Fox, and not a parliamentary or ministerial one.
It is thought that Fox’s email account was hacked using a so-called “spear phishing” message, which tricks the target into handing over their password and login details.
If accurate, this could lead to questions as to why a government minister did not use a secured email account.
“There is an ongoing criminal investigation into how the documents were acquired, and it would be inappropriate to comment further at this point,” a British government spokeswoman was quoted as saying by Reuters.
She added that the government had “very robust systems in place to protect the IT systems of officials and staff.”
Representatives for Fox declined to comment on the details of Reuters findings.
Spear phishing attacks are becoming increasingly sophisticated and will be sent out multiple times, security experts have warned.
“Spear phishing is not necessarily growing in frequency, but the attack vector is clearly being conveyed in more ingenious and craftier ways than we have seen before,” explained Jake Moore, cybersecurity specialist at ESET.
“Victims are highly likely to be aware of such tactics, which goes to show the level these hackers are now at,” said Moore. “Moreover, the emails targeting these high profile figures rarely stop at just one attempt either.”
“These will flood in and many will be masqueraded as a known contact to the victim,” said Moore. “The language and tone will fit perfectly and the demands will sound convincing. Even astute, savvy victims can often trip up when enough pressure is mounted.”
“Although it may be time consuming, those at risk in high profile positions must double check everything before entering confidential data such as passwords and one time passcodes,” cautioned Moore. “ An easy slip up can be extremely costly, and powerful hackers are not giving up easily, so we must remain more vigilant than ever to beat them.”
Another expert agreed that this example showed how sophisticated these attacks have become, and how they are a lucrative attack vector for criminals.
“It shows just how destructive a spear phishing email can be,” noted cyber security expert Tim Sadler, CEO of Tessian. “Attackers reportedly tricked Mr Fox into sharing his account login details so that they could access his account, multiple times over the space of many months, in order to steal politically sensitive and classified documents.”
“Spear phishing is fast becoming a lucrative and attractive method of attack for cybercriminals,” said Sadler. “It’s not surprising; it’s relatively simple to do, highly effective and has a high ROI, especially when the target is a high-profile individual. What’s more, targets of spear phishing and social engineering scams like this often do not even realise they’ve been tricked or have done anything wrong until it’s too late.”
“Ahead of the US election, today’s news will act as a warning for security teams in government organisations to ensure they have addressed any concerns over email security and put measures in place to detect advanced impersonation scams and protect their staff,” Sadler concluded.
Another expert warned that social engineering attacks are difficult to control and odds tend to be on the criminal side.
“Practitioners in cyber security won’t be surprised in the slightest that documents leaked before the 2019 general election were stolen from Conservative MP Liam Fox’s email via a spear phishing attack,” said Stuart Reed, UK director at Orange Cyberdefense,
“Given the complexity and ever evolving nature of the threat landscape, these kinds of acts are to be expected,” said Reed. “Our recent Security Navigator report showed that organisations, no matter how large or small, are going to find themselves in a state of constant conflict with adversaries that are buoyed by geopolitical motivations and huge financial clout.”
“Despite robust technical countermeasures against phishing attempts, social engineering attacks such as this, in which hackers prey on human vulnerabilities, are difficult to control,” Reed warned. “This incident underlines the critical importance of training employees and the role they play in a business’ strong cybersecurity posture.”
“Unfortunately, the odds are always stacked in favour of the cyber criminals, and while the threat is evolving, attack is inevitable,” said Reed. “However, it is vital that organisations employ a layered approach of people, process and technology for optimal cybersecurity, emphasising detection, response and recovery. This is vital to restoring trust when the inevitable compromise happens.”
Do you know all about security? Try our quiz!