Advanced fee fraudsters have broken into the webmail account of UK Justice Secretary Jack Straw to mount an audacious, and potentially politically embarrassing, scam. Hundreds of Straw's contacts received a bogus (and frankly implausible) message on Thursday claiming the cabinet minister was stranded in Nigeria and in desperate …
All your email belong to us.
FFS Jack we all know to use fake info for DOB mother maiden name etc so to stop the old i forgotten my password ruse from working.
any evidence of his son still using the weed ?
Can you lent me 35 so I can get a quarter of green.
You can mark it down as bulbs for second home on your expenses.
Why does an MP need to use a service such as Hotmail. It's trivial to have your own domain name, and redirect email to another address. Yes, the constituency party needs an address which doesn't depend on a Westminster office, because they need to be able to read email after their candidate loses an election.
"We are checking all that and I am assured there's no evidence that confidentiality of constituents was affected,"
Well apart from their email addresses no doubt being syphoned off so they can be sent more spam.
wtf, a hotmail account
why the hell is he using hotmail, i would have thought that he would have had firstname.lastname@example.org or email@example.com. hasn't the labour it department heard of exchange (or dare i say it, gmail). where is the professionalism in using hotmail, if i see an advert for a company that uses a non company based email address (if they have a website i think its even worse) i will not deal with them because it looks like they dont give a s***.
Am I the only one...
Who is frankly aghast that a "Snr Politico" uses a bleedin' hotmail account to conduct serious Constituency business???
What was his password "IWASGOD"? Seems appropriate for a former Home Sec!
Pirates... well... goes without saying. All Straw needs is a peg leg and a Parrot.
"no evidence that confidentiality of constituents was affected"
Except that their email address are now being spread around spammer groups!
How strong was the password, I wonder?
Iluvtony1997 comes to mind
*hastens to hotmail*
I assume he either had a very simple password, or had real questions and answers in his security questions - yes really stupid for a high profile email address in the public domain, but not surprising.
But what a waste though! Imagine the fun that could have been had with this in the right hands. They probably didn't even know whose email it was...
Shame they didn't make better use of the opportunity to send encrypted information from his account (with an incriminating title) and then alert the authorities. This would allow Jack Staw's much beloved RIP Act to be used against him when he can't provide the keys to decrypt the contents.
A nice spell in the slammer may give him time to reflect on the potential for the abuse of such ill-conceived legislation.
"but rarely have they picked on such a conspicuous target."
I doubt that they did. More likely to have been a phishing victim, and that it was just one of many hacked accounts.
"no evidence that confidentiality of constituents was affected"? No evidence that it wasn't either probably.
A matter for the Information Commissioner? I'd be concerned if my MP or his staff was so casual about data security.
> "I am assured there's no evidence that confidentiality of constituents was affected"
So having a crap audit trail is a GOOD thing????
If the audit trail was any good he would be able to say "I am assured the evidence shows that confidentiality of constituents was not affected". That's not what he said.
(He's a politician; you have to read his words very carefully because politicians have been known to try to mislead without actually getting caught in a lie. See e.g. Bill "I did not have 'Sexual Relations' with that woman" Clinton - where 'Sexual Relations' was defined in the lawsuit & didn't include BJs).
you've got to love the lads from lagos...
They're really not the brightest - had they taken a different tack they might've drawn a few people in, but going for the standard 'send money to nigeria' line gave them away a little too soon.
No doubt the English was dire, there were references to god all over the place, and a few odd names that Nigerians seem to think all English people have (Charles Woodward the Second, etc).
Oh, that's ok then
"It was an issue for constituents, not the Government. We are checking all that and I am assured there's no evidence that confidentiality of constituents was affected," the former Home Secretary told The Telegraph."
Considering this account is the one advertised for constituents to use, I'd say that their confidentiality *was* affected - although one suspects the Lads from Lagos don't have too much interest in the state of the paving stones in Blackburn town centre.
Anyone interested in reporting this to the ICO?
Am I really the first to comment on this?
WHAT THE FECK IS A MINISTER DOING USING HOTMAIL FOR HIS CONSITUENCY EMAIL ACCOUNT??
*shakes head but giggles at these events and that one constituent actually replied*
Happened to a friend of mine
The same thing happened to a friend over the Christmas period. He said that he had an email that said his account needed something doing. He clicked on the link and it asked for username and password. We suddenly had an email saying that he was stuck in Nigeria, even though I spoke to him just a few days earlier. He was not really computer literate, however, he has now stopped using email completely. There is no way for him to really get the account back.
I'm seeing emails from hacked Hotmail accounts very regularly nowadays (sadly, not from Jack Straw though). Insufficient password strength, malware or other?
A crying shame
Of all the people you'd *want* to get stuck in Nigeria...
These are the pricks that pass laws.....
.... about how we all use the interweb and are spied upon. What an utter pillock.
This restores my faith in the intellect of our ministers.
He and all his idiot comrades should all become an hero.
In 1997 when Labour took office, they seemed to be very switched on regarding email security, even at cabinet level (I was a DoH civvy), so why the fuck is Jack Straw still using hotmail? OK, so all his consituency office staff probably have the password, but the party must, surely, have an email infrastructure that allows for each constituency, even ward, party to have its own address, even if it goes to a shared mailbox.
And to think these were the people who brought you the Excalibur rapid rebuttal database.
I like how they sent the plea for funds for his repatriation to "hundreds", and one replied. Maybe they should ebay him instead, it might get a few nonsense bids at least.
Government spams/scams right back .. with their own scam/spam.
I wonder how many of these the Lads in Lagos got back in return ......
."Thank you for your email. This acknowledgement has been triggered electronically and I have not yet had a chance to read your message. I receive a large number of emails and letters each day, but I will aimto respond as soon as I can. However, please do not be disappointed if
you do not receive an immediate reply. My office and I try to handle everything quickly and efficiently - but complex issues may need time.
So if you have an urgent constituency or diary query please ring my constituency office on 020 8892 0215.
Could you please ensure that you have included your full name and postal address in your e-mail (particularly if you are a Twickenham constituent). If you have not, please resend with your address as I cannot reply without it and this will also speed up a reply. (Please note, there is a strict Parliamentary rule within the House of Commons that MPs may only act upon the substance of communication from their own constituents).
Thank you for taking the time to write to me.
And I didn't know that Ministers could cop out of doing anything if you weren't living in their constituency?
UK Justice Secretary ?
How apt that the UK Justice Secretary receives some rough justice of his own from the Lads from Lagos !!!
I reiterate the utter astomishment of previous posters on the use of a public e-mail account (hotmail) by a sitting member of government - WTF was he thinking ? Didn't the Sarah Palin e-mail incident ring any alarm bells ? And if not with him, then with someone who has an inkling of an idea on how to protect constituency, party and governmental information ?
He has some??
If hes anything like my Labour MP, he just ignores it anyway.
Or maybe thats just becuase it was a difficult question on where she stood over the whole Mrs Smith affair.
I don't think we can pin this one on Anonymous
as they wouldn't bother with anything so trivial as fraud when the substantially more glittering prize of Goatseing the entire Cabinet was laid out before them
Shock new. Minister only uses private email account for business
Rather that stashing any any corrospondence about previous company directorships, company directorships they are planning to take when they "Retire," or how they plan to get their mate out of that embarrasing tax/sex/land development/stock fraud investigation that is really a big misunderstanding and its not what you think honest.
I'm shocked. Truly shocked.
I know British politicos don't get the internet. But hotmail? Seriously? I bet he also has word 97 running on Windows ME.
The sum lacks at least three zeroes to be plausible.
Also, they missed the obvious Holy Grail of scam:
I found your address on the internet and I am contacting you because of your very good reputation. I currently occupy a very high-profile position in Her Majesty's Government (UK), and I need to get 3,250,000,000 (3 milliard 2 hundred and fifty million) out of the country before I get kicked out. I need you to cash this sum on my behalf. For your trouble, you will receive 10% of the total sum (325 million pounds). If you agree, please send $3000 for administratiive fees and government taxes, directly to our lawyer located somewhere in Uganda for some reason. Please answer me on my personal address (firstname.lastname@example.org)
God bless you
@ you've got to love the lads from lagos...
The scammers really missed a trick here.
"Send $10,000 by Western Union, or we'll send him back."
Yes, having a crap audit trail is a good thing if the first question you asked when the problem was found was "Can anyone prove we've given away lots of confidential information?"
Having a crap audit trail is a bad thing if the first question you asked when the problem was found was "Will this be a problem for any of my constituents and is there anything we can do to minimise the damage?"
Guess which question is more important to a politician?
Does Mr Straw have a presence on Facebook by any chance?
The reason I ask is because I know 3 people (my wife included) who all had this happen to them and the one thing they had in common was that they all stupidly used the same email address with their Facebook account and used the same password to log into both.
Not that I'm saying Facebook is insecure or anything.
Radio 4 news this morning
and I paraphrase
"no one was taken in and no money was sent"
How do they know? Isn't it more likely the report should have been
"Many peepl may have been taken in. No one sent any money. Nigeria, please keep him."
No evidence that constituents were affected?
At least none yet, but that assumes none of his constituents had written to him for help or advice with banking or other financial services problems, or any other confidential matters. So no account numbers mentioned, no social engineering goldmine there either and absolutely nothing embarrassing to blackmail constituents with ? It must be so reassuring for Boot that his constituents will be unable to prove that any exploitation of anything confidential or sensitive they sent to their MP was a result of this compromise.
Like good ol' Sarah Palin, the lack of GOVERNANCE here by Jack.
On 28 June 2007 he was appointed to the offices of Lord High Chancellor of Great Britain and Secretary of State for Justice (Wikipedia)..... now I have to ask how the fuck anyone in such a position can be permitted to conduct business using a public webmail account of any kind.
We don't even allow our lowest-ranked staff to do that and they know and understand the reasons behind the policy. And we're just white collar numpties!!
How is he complying with electronic archiving requirements? Accountability? Transparency?
Is a vote for nuLabour in Blackburn effectively a vote for the Monster Raving Loonie Party?
Paris - because she conducts official business on video camera. Now that's transparency!
Yet another fine example of Government IT Security
And they want to access anything/everything I put on computer? Thank the Flying Spaghetti Monster I'm such a philistine (hold on, isn't that racsim??) that I still talk to people face-to-face rather than just emailing them.
Which icon is most suitable for a complete waste of oxygen with absolutely NO idea of IT Security?