UK Parliament Email Hack

Library Info

Situation

Over the weekend, it appears that was a hacking incident at the UK Parliament. It appears that 90 accounts were hacked.

A parliamentary spokesman said, “Investigations are ongoing, but it has become clear that significantly fewer than 1% of the 9,000 accounts on the parliamentary network have been compromised, as a result of the use of weak passwords that did not conform to guidance issued by the Parliamentary Digital Service.”

“As they are identified, the individuals whose accounts have been compromised have been contacted and investigations to determine whether any data has been lost are under way,“ he said.

Options

The key fact here, is that they were weak password. It’s been understood for some time, that weak passwords when connected online are easier to hack than strong passwords on the same system. While, there are many different solutions to this problem, the simplest, is to use stronger passwords. Here are some of the different ways that we could make a system more secure:

  • Two Factor Authentication of 2FA as it is known
  • Limiting remote connections
  • Using stronger more secure passwords

Solution

DVANA have a system, called Security Codebooks, which provide a user with a large number of passwords which they can choose from. The security code books are precomputed easy to use, relatively long, strong easy to use and hard to crack password. The user simply chooses the coloured section and then a numeric value (a number) which creates a new PassKey which identifies a specific password in their Security Codebook. They are the only one who knows the resulting password.

The passwords are long, secure and easy to enter and if you use the Security Codebook Workstation they are even mobile phone friendly, which makes it easier to enter from a mobile device keyboard.

They make an excellent addition to a Security Process and will greatly help when the General Data Protection Regulation (GDPR) comes into force next year. It is never too early to be ready and more importantly, you are therefore protected from today and will have a fully functioning system when the GDPR comes in next year. No trials, no learning, simply productive.


Help

DVANA have a clear leadership in security. Contact us today to see how we can secure your business and infrastructure from inside or outside attack and what can be done when the inevitable happens.