The email accounts of MSPs in Scotland have been the targeted in a brute force attack by hackers trying to steal their credentials in a what is believed to be a nation-state cyber attack. It comes just weeks after MPs in Westminster were targeted in a similar fashion.
However, officials at Holyrood claim that no accounts were compromised, although they have warned MSPs to update and strengthen passwords.
"The parliament's monitoring systems have identified that we are currently the subject of a brute force cyber-attack from external sources," Sir Paul Grice, chief executive of the Scottish Parliament, warned in an internal bulletin to MSPs and staff.
He continued: "This attack appears to be targeting parliamentary IT accounts in a similar way to that which affected the Westminster parliament in June. Symptoms of the attack include account lockouts or failed log-ins.
"The parliament's robust cybersecurity measures identified this attack at an early stage and the additional security measures which we have in readiness for such situations have already been invoked. Our IT systems remain fully operational."
Intriguingly, perhaps, he claimed that IT staff at the Scottish Parliament had analysed passwords used and found that too many were ‘simple' and easy to crack in a brute force attack. "The number of simple passwords identified is too high for us to contact each individual personally," he said.
The attacks on Westminster MPs' email accounts in June, meanwhile, has been blamed on hackers linked with the Russian government. Up to 90 email accounts are said to have been compromised in that series of attacks, in which MPs were locked out of their accounts as a precaution in response.
A security source at the time told The Guardian: "It was a brute force attack. It appears to have been state-sponsored… [But] the nature of cyber-attacks means it is notoriously difficult to attribute an incident to a specific actor."
"A brute force attack is a tale as old as time and relies on one of the weakest areas of security - passwords," said Dr Jamie Graves, CEO at security firm ZoneFox, told Computing.
Graves continued: "That the Scottish Parliament's security measures were able to keep systems operational is a case in point of how important it is to be in a position to rapidly identify attacks and stop them in their tracks.
"The hackers may have been thwarted this time, but there's nothing to say they won't be back. That the IT department will force a change on weak passwords is a good, proactive measure.
"However, this isn't a failsafe... unquestionably all staff will heed Sir Paul Grice's request to remain vigilant. A united, digitally alert team is one of the greatest tools organisations can deploy in their fight against hackers."
Much of today's AI is narrowly focused on specific tasks - a far cry from the general AI envisioned by the early pioneers
US space agency believes the crater could have preserved ancient organic molecules from the water that flowed there billions of years ago
Valve quietly closes down hardware initiatives launched following Windows 8
Scientists create a virtual reality simulation of a black hole sitting at the centre of the Milky Way
Simulations like this can help people understand complicated systems in the universe in a better way