Thursday 6 August 2020 6:07 pm

Tory MPs in China Research Group targeted by phishing attacks

Cybersecurity experts have slammed Parliament’s online security training as “appalling” after members of the Sino-sceptic China Research Group of Conservative MPs have been targeted by phishing attacks.

China Research Group

Tom Tugendhat, chair of the Foreign Affairs Select Committee and cofounder of the China Research Group, last week revealed he believed Chinese state-sponsored hackers were behind a series of cyber attacks against him, including email impersonations and phishing attempts.

Read more: City View exclusive: Foreign Affairs Committee chief labels Chinese ambassador ‘bully’

Tugendhat said that while he could not prove Beijing was behind the attacks, researchers had been able to identify the campaign came from internet addresses in mainland China.

“That doesn’t mean it’s the Chinese state doing it… but it does seem rather unlikely that this is not in some way connected to the state,” he said.

Fellow Tory MP Neil O’Brien, who co-founded the China Research Group alongside Tugendhat, told City A.M. he has also been targeted by phishing attacks. 

O’Brien said that he had referred the attacks to the relevant parliamentary authorities, but that they had not been able to identify the source of the phishing attempts.

He added that attempted hacks on his email had managed to “get through parliamentary anti-phishing filters”.

Alicia Kearns, Tory MP for Rutland and Melton and another member of the China Research Group, said she had been the subject of “daily phishing attacks” just one week after joining the parliamentary group in April.

Members of the China Research Group are among the most vocal opponents of China’s growing power in the West, and were instrumental in pressuring Boris Johnson to U-turn on his 5G deal with Huawei.

Liam Fox

It comes after it emerged last week that classified US-UK trade documents were “stolen” from former trade minister Liam Fox’s email account through phishing attacks by Russian hackers.

Fox’s email account was hacked using a so-called spear phishing message, which fools the target into handing over their password and login details.

Several sources declined to name which Russian group or organisation they believed was responsible, but said the attack “bore the hallmarks of a state-backed operation”.

‘Appalling’ cybersecurity training

Cybersecurity experts have since slammed Parliament’s online security safeguards as “appalling”, and urged MPs to undertake wide-scale training to curb potential national security threats.

Philip Ingram, a former senior military intelligence officer and cybersecurity expert, told City A.M: “We’ve got probably the best cybersecurity in the world in the form of the National Cyber Security Centre and it’s not being used by MPs and ministers, which I think is appalling.”

“Cybersecurity training should be seen as as important as counterterrorism, because the single biggest vulnerability for espionage activity is through online.”

He added that phishing attempts have seen a large spike in recent months as they are considered the “preferred” hacking method of Chinese and Russian cyber criminals.

Though members of the China Research Group have flagged phishing attempts to the parliamentary authorities, Ingram warned that “for every 10 they recognise, one will probably get through.”

Dave Mount, European director of cybersecurity awareness firm Cofense added that vulnerability to phishing attacks has been especially high during the pandemic because MPs are not being reminded of the need to stay alert to potential threats.

“When we were all travelling on trains every day, we saw the posters: report it, and if you see something, say something. That’s constantly being reinforced into us from a counterterrorism perspective, and the same mindset’s got to apply to phishing.”

Mount added that guidance to MPs about phishing scams must be constantly updated, as “the phishing threat landscape evolves at such a rapid pace”.

Parliamentary advice

The Parliamentary Digital Service (PDS) website offering cybersecurity advice to MPs was last updated in 2017.

The website states: “Parliament is a high-profile target for cyber criminals, so we take cybersecurity extremely seriously.”

“We put in many technical systems to protect our staff, but ultimately we rely on good cybersecurity awareness and behaviours from everyone in Parliament to keep us safe.”

The website links to a series of animations using Guy Fawkes as an analogy for modern-day Parliamentary hacking.

“Guy Fawkes attacked Parliament over 400 years ago, but if he was around today, he probably wouldn’t need to leave his bedroom,” the PDS website states.

The videos were made as part of Parliament’s 2017 cybersecurity awareness campaign, after a series of high-profile phishing attempts on MPs and staff compromised around one per cent of all parliamentary email accounts.

Parliament  has since made efforts to remind MPs of cybersecurity threats, after alarms were raised over potential phishing attempts on MPs working from home during the pandemic. 

In February, PDS ordered the production of around 2,000 mouse mats for use by staff across the parliamentary estate working from home. 

The mouse mats, which cost almost £3,300 in total, were inscribed with cybersecurity advice reminding MPs to report suspected phishing attempts and to use different passwords for different accounts.

“It’s not a bad idea,” Ingram told City A.M. “But actually adequate training could be done with little or no cost and have a massive impact on providing additional security for our public servants operating in the digital age.”

“But the bottom line is that at the moment, ministers tend to get just a briefing,” Ingram added.

A Parliamentary spokesperson told City A.M: “The UK Parliament takes cybersecurity extremely seriously. We provide advice to users — including Members — to make them aware of the risks and how to manage their digital safety, however we do not comment on specific details of our cybersecurity policies”.

Before the Open: Get the jump on the markets with our early morning newsletter