SNP MP Stewart McDonald’s emails hacked by Russian group

An MP told the BBC his emails had been stolen and he feared they would be made public.

SNP’s Stewart McDonald said the hack happened in January and he wanted to block any posts she shared.

The group responsible would be linked to the Russian spy services.

Britain’s Cyber ​​Defense Authority has warned of targeted attacks on politicians in recent weeks.

On January 13, Mr McDonald was walking down the street when he received a notification on his phone.

There was a new message in the MP’s private email account.

He glanced at it – it was one of his employees.

There was nothing suspicious about it, and it came from the employee’s real email account.

The message said it came with a password-protected document containing a military update on Ukraine.

This made sense as the MP for Glasgow South had had a keen interest in Ukraine for several years and had received the Order of Merit from the Ukrainian government.

He was also the defense spokesman for the SNP until last year.

Mr. McDonald clicked on the document.

He opened a login page for the email account he was using. He entered his password.

Curiously, it then brought up a blank page.

Maybe it wasn’t loading properly on his phone, he thought?

He would ask the employee to send him back to the next conversation.

What he didn’t know was that a hacking group believed to be linked to Russian intelligence is now on his account – a group that has on other occasions published emails containing prominent figures in the public life.

A few days later, the employee mentioned to the MP that he had been locked out of his personal email account for suspicious activity and was having trouble verifying his identity and getting back.

“I wanted to ask you about the email you sent. I couldn’t open the attachment,” Mr McDonald recalled speaking to her.

“I didn’t send an email,” replied the employee.

Alarm bells were ringing now for MPs.

The advice was to contact the National Cyber ​​Security Center (NCSC), a branch of the British intelligence agency GCHQ.

Together with the parliamentary security team, they requested that the email and attachment be sent so that they could investigate.

The NCSC was already preparing to issue a notice about a hacking group called Seaborgium, which said it was responsible for a highly targeted campaign against individuals including politicians, activists and journalists.

This recommendation aligns very well with what Mr. McDonald has been through – compromising individuals like his employee so they can in turn be used to send emails to the primary destination.

These are highly targeted and sophisticated attacks against a small number of people, rather than the usual sending of malicious emails.

Sources say the consultation was planned for a long time and confirm that the same group was behind the hacking of Mr McDonald’s account.

The UK government has not officially accused the Russian state of being behind the group or the hacks, but within the wider cybersecurity community the group has been identified as being linked to Russian intelligence agencies.

The same group is said to have published hacked emails and documents belonging to others, including former MI6 chief Sir Richard Dearlove and journalist Paul Mason.

Mr McDonald says he decided to go public to warn others of the risks and limit potential damage while he waits and sees what hackers do with the stolen material.

“If this is indeed a state-sponsored malicious group, I expect that, consistent with what I’ve seen elsewhere, they will release some of the information online.

“And I can expect them to manipulate and tamper with some of that content and I want to anticipate that to make sure that any misinformation attack against me is discredited before it’s even made public,” he said. he told the BBC.

“An incident has been reported to us and we are supporting the person,” an NCSC spokesperson told the BBC.

“The NCSC regularly provides parliamentarians with security information and advice to help them defend against the latest cyber threats.

Mr. McDonald remains uncertain what, if anything, will happen to the stolen equipment. Although he was aware of the risks before the incident, he has since taken additional steps to secure his accounts.

“It can bring people, even those who are alive, to these threats,” he said.


#SNP #Stewart #McDonalds #emails #hacked #Russian #group