An unsourced report by the Times claims that a “brute force” hack attack on the Parliament’s computers was attributed to Iranian hackers. The cyberattack that occurred on June 23 affected 9,000 email accounts, including those of UK Prime Minister Theresa May and other government members.
Citing “a secret intelligence assessment,” the Times wrote the June attack “is believed to be Iran’s first significant act of cyberwarfare on Britain and underlines its emergence as one of the world’s biggest cyberpowers.”
The Times’ sources referred to alleged Iranian perpetrators as “highly capable actors in the cyberworld.” One source said: “It was not the most sophisticated attack but nor did it need to be. It is possible they were simply testing their capability.”
The timing of the publication is particularly noteworthy as it comes only a day after Prime Minister May issued a joint statement on Friday together with German Chancellor Angela Merkel and French President Emmanuel Macron in support of the landmark 2015 Iran nuclear deal signed by six world powers plus Iran.
“We stand committed to the [Joint Comprehensive Plan of Action] and its full implementation by all sides,” the three leaders said, adding that preserving the agreement “is in our shared national security interest.”
The UK, Germany, and France said that the nuclear deal “was the culmination of 13 years of diplomacy and was a major step towards ensuring that Iran’s nuclear program is not diverted for military purposes,” and that they will “take note” of the Trump’s administration intent not to certify the deal by the deadline set for October 15.
May, Merkel, and Macron urged the Trump administration and Congress “to consider the implications to the security of the US and its allies before taking any steps that might undermine the JCPOA,” including imposing renewed sanctions on Iran lifted under the agreement.
Downing Street did not comment on the Times’ article, though the newspaper said senior British officials acknowledged that “the revelation had complicated Mrs. May’s response to Mr. Trump.”
The hack attack in question targeted the private email accounts of up to 90 members of the UK Parliament, and was designed to access parliamentary user credentials by identifying weak email passwords.
Later, it was announced the attack was likely masterminded by amateur hackers rather than a state entity. Cybersecurity experts familiar with the investigation said the perpetrators were only able to break into the accounts of MPs who set up simple and easily deducible passwords.
The revelation contradicted earlier claims that a foreign government was behind the hack, as many Western commentators immediately pointed the finger at Russia.
There is an ongoing investigation into the incident by the National Cyber Security Centre (NCSC) and the National Crime Agency. An NCSC spokesperson told the Times: “It would be inappropriate to comment further while enquiries are on-going.”