Russia hacked Liam Fox's personal email to steal trade documents

Hackers accessed his account several times between July and October 2019 by gaining access using a spear-phishing attack

Hackers stole sensitive US-UK trade documents from the personal email account of the former secretary of state for international trade Dr Liam Fox in a spear-phishing exercise.

Documents leaked last year, and subsequently used by Labour during the general election to highlight discussions regarding the NHS, were initially obtained from the former government minister, according to Reuters.

Whitehall sources have indicated to The Guardian that they were not obtained from his parliamentary or ministerial accounts but a personal email account, prompting major security concerns in addition to the breach itself. 

Cyber criminals, said to be Russian-linked, reportedly accessed the Conservative MP's account multiple times between 12 July and 21 October last year, and stole information among which were six caches of documents revealing details behind trade negotiations with the US.

The nature of the breach, spear-phishing, would also raise major alarms. This method is deployed by hackers to obtain confidential information, such as account login details, illicitly by fooling the victim into providing them willingly. Such attacks often see cyber criminals pose as trusted or legitimate individuals when sending an email or on the telephone.

A spokesperson from the National Cyber Security Centre (NCSC) said the organisation has worked closely with parties and politicians on how to defend against cyber attacks. They also offered several links to support material, including guidance for individuals in politics, that aim to educate high-profile individuals about known cyber security risks.

“The NCSC works closely with political parties, local authorities and MPs, who are offered access to the best cyber security guidance and support,” the spokesperson said. “We have worked closely with political parties for several years on how to protect and defend against cyber attacks – including publishing advice on our website.

“There is an ongoing criminal investigation and it would be inappropriate to comment further at this stage.”

The government had only last month highlighted the incident as evidence that Russian state-linked cyber criminals were attempting to interfere in British politics. 

Related Resource

Close the gap in device security

Unprotected endpoints are quickly becoming a favourite attack vector

Download now

It isn’t at all uncommon for MPs and senior politicians to be targeted by phishing attacks, with the former shadow home secretary Diane Abbott having been targeted in November 2018, according to Metro.

Abbott admitted on Twitter she had initially been “taken in” by somebody claiming to be from her internet service provider, who was requesting remote access to her PC. This was in response to journalist Marcus Chown describing a similar ploy targeting him.

As for Liam Fox, the former international trade secretary actually resigned as defence secretary in 2011 after being found to have let a friend into sensitive defence meetings without appropriate security clearance.

Spear-phishing, meanwhile, has proven an effective means of targeting individuals and compromising security, after it was also the method hackers used in the recent infamous Bitcoin Twitter hack.

The company announced, following the attack, that it would review its security policies after confirming its staff were successfully targeted in a spear-phishing exercise. This allowed hackers to tweet from 45 high-profile accounts, and access direct messages of a subset of these individuals and organisations.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

Phishing attacks surge ahead of Black Friday and Cyber Monday
Security

Phishing attacks surge ahead of Black Friday and Cyber Monday

17 Nov 2020
Wisconsin Republican Party allegedly loses $2.3 million to hackers
hacking

Wisconsin Republican Party allegedly loses $2.3 million to hackers

30 Oct 2020
What is hacktivism?
hacking

What is hacktivism?

13 Oct 2020
Microsoft: Iranian hackers are exploiting ZeroLogon flaw
Security

Microsoft: Iranian hackers are exploiting ZeroLogon flaw

6 Oct 2020

Most Popular

80% of cyber professionals say the Computer Misuse Act is working against them
Security

80% of cyber professionals say the Computer Misuse Act is working against them

20 Nov 2020
Cisco acquires container security startup Banzai Cloud
Security

Cisco acquires container security startup Banzai Cloud

18 Nov 2020
Tech becomes Bristol's fastest growing industry
Business strategy

Tech becomes Bristol's fastest growing industry

24 Nov 2020