Sign in / up

back to article Russian hackers selling login credentials of UK politicians, diplomats – report

Russians hackers are trading the email addresses and passwords of top UK politicians and diplomats. The login credentials of thousands of British politicians, ambassadors and other top officials are getting traded on the dark net, The Times reports. Even though the data is old and in some ways past its sell-by date, it still …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *

  1. This post has been deleted by its author

    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: What Is The Policy For MP's E-Mail ?

      "This managed service ensures that communication which should be confidential between MP and constituents, [...]"

      Sent my Labour MP an email through their web site about one of the then NuLabour's attacks on internet privacy. Probably about the time Home Secretary David Blunkett was advocating random searches of anyone's home PC. "No one who has nothing to hide should worry about being investigated".

      Received a snail-mail reply in the usual crested HoC envelope. It quoted a pro forma statement on a similar but different issue by an appropriate minister.

      The document was actually a photocopy of a letter sent to another person in our constituency. The constituent's name and address had been redacted with black marker pen. However if you tilted the paper at an angle - the reflected light made those details perfectly readable.

      6 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: What Is The Policy For MP's E-Mail ?

      The local council governing Labour Party had a long-running feud with the Tory county council.

      The local Labour councillor asked for feedback on problems with local roads - which were the county council's remit.

      Sent them a sample of a safety "improvement" that had actually increased risks to the school children. You could not submit the web form without giving them name, address, and email address - so the latter was generated just for them. One result was then on-going spam from the Labour Party as if I was a party supporter.

      What was surprising was the acknowledgement I later received from the county council roads department. The Labour Party had not amassed a body of complaints - but had filled in individual web forms as if they were from the individuals. Basically they forged my name, address and email address on the county council web site - with an extract from my original text.

      6 0 Reply
    3. handleoclast
      Reply Icon

      Re: What Is The Policy For MP's E-Mail ?

      My previous MP had surname suffixed by initials @parliament.uk.

      Dunno what the new one has.

      Your presumptions about confidentiality show a lack of knowledge about SMTP. Mail is often transferred between MTAs in the clear. Your MUA may be able to connect to your MTA to send and receive mail securely, and two MTAs may be able to relay mail securely, but this behaviour is not mandatory. Unless all the MTAs in the chain support STARTTLS and sending MTAs are configured to use it where possible, your mail can be eavesdropped somewhere along the way.

      Apart from confidentiality, I'd have hoped that parliament required MPs to use @parliament.uk both to reassure people they weren't mailing a spoof address and so that all official communications could be recorded (as happens in the US).

      3 0 Reply
      1. Doctor Syntax Silver badge
        Reply Icon

        Re: What Is The Policy For MP's E-Mail ?

        "My previous MP had surname suffixed by initials @parliament.uk."

        Mine had $FirstName.$Surname.mp@parliament.uk so the format isn't fixed.

        "Apart from confidentiality, I'd have hoped that parliament required MPs to use @parliament.uk both to reassure people they weren't mailing a spoof address"

        With you so far.

        "and so that all official communications could be recorded"

        Nope. Let's say you have a woman suffering from an abusive husband not getting sufficient help from Social Services or the Police who contacts her MP. It's a privileged communication so should not become a matter of official record. That's why the intelligence services are not supposed to tap MPs' communications; a point which is widely misunderstood.

        4 0 Reply
        1. handleoclast
          Reply Icon

          Re: What Is The Policy For MP's E-Mail ?

          @DoctorSyntax

          I understand about privileged communications. And agree that they're necessary. Even so, they should be recorded. Preferably in a way that it takes a court order for anybody else to get at them.

          It's a fine line to draw. If you're paranoid, move the conversation to a private e-mail address after the initial contact. And even then it ought to be an offence for the MP to delete such messages and it should be possible for a court order to get at them.

          And note that it wasn't always the case that MPs phone calls were theoretically inviolable. That only happened when Harold Wilson got paranoid (and rightly so) about the intelligence agencies tapping him. And ISTR that more recent legislation has degraded that inviolability.

          1 0 Reply
        2. Bernard M. Orwell
          Reply Icon

          Re: What Is The Policy For MP's E-Mail ?

          "It's a privileged communication so should not become a matter of official record. That's why the intelligence services are not supposed to tap MPs' communications; a point which is widely misunderstood."

          If this were true, then doctors and other medical professions should be exempt, and, arguably, so too should lawyers, priests (inc. Imam) and financial advisors.

          That rule ONLY serves MPs.

          1 0 Reply
  2. mark 120

    It's an old password, but it checks out.

    4 0 Reply
  3. Doctor Syntax Silver badge

    Let's hope it helps them understand what we keep telling them about encryption?

    4 0 Reply
    1. Destroy All Monsters Silver badge
      Reply Icon

      Do you suffer from delusion?

      0 0 Reply
  4. NonSSL-Login
    Holmes

    Still useful if when forced to change password they changed it for example from 'kykuzili' to 'Kykuzili1' after also being forced to add a capital and a number in the password reset.

    Most users tend to take the path of least resistance to get their new passwords accepted.

    altona yossarian

    2 0 Reply
  5. Anonymous Coward
    Anonymous Coward

    "...key members of Parliament..."

    Isn't that an oxymoron?

    0 0 Reply
  6. Captain Badmouth

    Lockdown

    just announced for Houses of Parliament email - BBC.

    1 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Lockdown

      They'll be glad about that.

      It means they won't have to communicate with those pesky things called constituents.

      1 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Lockdown

      The Maybot will shortly be demonstrating her complete understanding of all things interweb. And no doubt calling for encrypted email.

      Oh. No she won't. On both counts.

      1 0 Reply
  7. Anonymous Coward
    Anonymous Coward

    Passwords

    Conservatives: The phone number of their dominatrix/dungeon master

    Labour: The bank account number of their union slush fund

    1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like