UK ministers are tempting Russian hackers to strike again by using shoddy email security, former natsec official warns

Advertisement
UK ministers are tempting Russian hackers to strike again by using shoddy email security, former natsec official warns
Russian President Vladimir Putin in Moscow, Russia March 17, 2021. Sputnik/Alexei Druzhinin/Kremlin via Reuters
  • UK ministers using private emails are vulnerable to email hacking, a former security official said.
  • At least 2 former ministers recently admitted to using private emails for government business.
  • Suspected Russian hackers stole the entire inbox of a former UK cabinet minister in 2019.
Advertisement

Poor email security among senior UK ministers is making them prime targets for hackers, a former national security official has warned.

The official suggested that ministers had not adequately protected themselves in the two years since suspected Russian cyber-attackers stole the entire contents of a former Cabinet minister's email account.

Secretive trade documents leaked on Reddit were used during the 2019 general election campaign by former Labour leader Jeremy Corbyn as evidence the ruling Conservative party was plotting to sell off Britain's much-loved National Health Service.

The National Crime Agency launched a criminal investigation into the hack and Reuters reported that the documents were stolen by a "phishing attack" from an email account belonging to Liam Fox, the former trade secretary, who confirmed the documents were genuine.

More than a year after the National Crime Agency launched a criminal investigation into the suspected Russian hacking, however, a spokesperson for the organization told Insider that the inquiry was still "ongoing."

Advertisement

Sources told Reuters that the operation bore the hallmarks of a state-backed cyberattack, but that remains unconfirmed.

Some ministers have also continued to use private emails accounts to conduct government business, with former Health Secretary Matt Hancock and former junior health minister James Bethell both confirmed to have used personal email addresses to conduct government business relating to sensitive issues including vaccine contracts.

Hancock has been ordered to hand over his personal emails and WhatsApp communications as part of a court case by the Good Law Project into contracts awarded during the pandemic.

A former senior UK national security official, who asked not to be named in order to speak candidly, told Insider that poor email security from ministers remained a concern. The official said that using private accounts increases the risk of hacking by foreign intelligence services.

"On more sensitive issues that might be of interest to foreign intelligence services - vaccines and so forth - forwarding things to your personal email address is most unwise," the former official said.

Advertisement

"It takes you off departmental protection. Prominent politicians, unlike the rest of us, will have their personal emails targeted. Gmail, for example, is reasonably secure. But it's not secure if the phone or laptop you're working off has been compromised.

"For most people, that's not an issue. The Russians don't target most people. But they are interested in Cabinet ministers."

Jack Stubbs, director of investigations at social media analytics firm Graphika, said the hack of Fox's emails showed the danger of Russian hacking.

It was, he said, the closest a suspected Russian cyber-attack had actually come to influencing the outcome of a UK general election.

"The United Kingdom dodged a bullet in 2019," he told Insider.

Advertisement

"The hack-and-leak operation targeting that year's general election is one of the most direct examples of suspected Russian attempts to meddle in British politics.

"If the vote had been more closely contested, or even gone the other way, there would have been serious and difficult questions to answer about the impact those leaked documents had on the final election result."

The former security official said that it was unsurprising that the investigation into Fox's hacking had "dragged on" for over a year because the purpose of announcing an investigation was to embarrass Russia, rather than to bring criminal charges against individuals.

The official said the practice of high-profile investigations was inspired by the US, where a more politicized Justice Department made it easier to bring high-profile indictments against Russian actors.

Asked by Insider if the government was confident that private communications were secure, the Prime Minister's spokesperson said ministers "use a range of modern forms of communication for discussions, obviously sensitive discussions would be done in the way that is set out under protocol."

Advertisement

The spokesperson declined to expand on the specifics of the protocols.

"We don't get into specifics of security matters but there are appropriate arrangements and guidance in place for the management of electronic communication and Ministers are given advice on their security," he said.

He did not address instances, like with Hancock and Bethell, where ministers ignored the guidance to use private emails anyway.

The most recent document published by the government on ministers' use of private emails was issued by the Cabinet Office in June 2013. It makes almost no mention of security.

{{}}