Scottish Parliament hit by “brute force” cyber attack

The Scottish Parliament, or Holyrood,  has been attacked by a “brute force” cyber attack, according to officials.

The attack from “external sources” is similar to the cyber attack that impacted the House of Parliament in Westminster this June.

A “brute force” attack describes a kamikaze-type approach, whereby hackers continually try to access systems using a range of different passwords; a form of trial and error.

>See also: A rule of 3: Three mobile network hacked by 3 men

Chief executive of Holyrood, Sir Paul Grice relayed the confirmation of the attack in a message to MSPs and staff with parliamentary email addresses.

Grice said “robust cyber security measures” identified the attack early, and systems “remain fully operational”.

This early identification can be attributed, in part, to the major the cyber attacks that have plagued organisations in recent months, namely the number of Scottish NHS boards affected in May.

Parliamentary corporate body member David Stewart told MSPs in June that as a result of this clearly escalating threat, an independent review of “cyber security maturity” had been carried out, and had “offered assurance that sufficient and effective arrangements are in place to manage cyber threats and risks”.

He further added that the Scottish Parliament was regularly taking advise from police, the security services and national cyber security centre.

>See also: Another day, another hack: Deutsche Telekom

In the aftermath of the attack, Grice conveyed in his email the need for MSPs to have strong, secure passwords and wrote that the parliament’s IT team would “force a change to weak passwords as an additional security measure”.

He wrote: “The parliament’s monitoring systems have identified that we are currently the subject of a brute force cyber attack from external sources.”

“This attack appears to be targeting parliamentary IT accounts in a similar way to that which affected the Westminster parliament in June. Symptoms of the attack include account lockouts or failed logins.”

“The parliament’s robust cyber security measures identified this attack at an early stage and the additional security measures which we have in readiness for such situations have already been invoked. Our IT systems remain fully operational.”

>See also: The world’s biggest data hacks revealed 

Following the cyber attack, Dr Jamie Fox, the CEO of an Edinburgh-based cyber security firm ZoneFox said “A brute force attack is a tale as old as time and relies on one of the weakest areas of security – passwords. That the Scottish Parliament’s security measures were able to keep systems operational is a case in point of how important it is to be in a position to rapidly identify attacks and stop them in their tracks.”

“The hackers may have been thwarted this time, but there’s nothing to say they won’t be back. That the IT department will force a change on weak passwords is a good, proactive measure. However, this isn’t a failsafe. What the Scottish Parliament has in its favour is a transparent, open culture and so unquestionably all staff will heed Sir Paul Grice’s request to remain vigilant. A united, digitally alert team is one of the greatest tools organisations can deploy in their fight against hackers.”


The UK’s largest conference for tech leadershipTechLeaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...