A Conservative former minister was “tricked” into handing over his email password to suspected Russian hackers who stole classified documents in an apparent attempt to influence last year’s general election, according to a report.
Reuters has reported US-UK trade documents were taken from an email account of former international trade secretary Liam Fox ahead of the election.
Sources said Fox’s account was targeted using “spear phishing”, a hacking method which tricks the target into handing over their password and login details.
Fox was international trade secretary until 24 July last year, when he was sacked by Boris Johnson. The report said the email account was hacked “multiple times” between 12 July and 21 October.
The trade documents were leaked online and eventually used by then-Labour leader Jeremy Corbyn in the election campaign. At an event on 27 November, he used them to claim the NHS “was on the table” as part of the government’s negotiations.
Rob Pritchard, founder of The Cyber Security Expert consultancy and former deputy head of the UK Cyber Security Operations Centre, said questions need to be asked about which email account was hacked.
He told Yahoo News UK: “We don’t know if this was a personal account or not. I would expect, with the Department for International Trade, a government account to have some extra defences for phishing.”
Pritchard said “there’s a good chance” the documents could have been stolen from Fox’s personal account.
This website asked Downing Street which account was targeted, but the government didn’t answer.
A spokesman said: “There is an ongoing criminal investigation into how the documents were acquired, and it would be inappropriate to comment further at this point.
“But as you would expect, the government has very robust systems in place to protect the IT systems of officials and staff."
Fox, currently a backbencher in parliament, is running to be director-general of the World Trade Organization.
What is spear phishing?
“It’s some sort of hook to drive you to a fake login page,” Pritchard explained.
“It’s typically the kind of thing that says ‘somebody tried to log in to your account, please click here to reset your password’. You’re taken to a page that looks real, you enter your user name and password and then you’ve handed over your details to the malicious actors.”
He went on: “They have got harder to do, because there are technical defences, which is why it comes back down to where [which email account] this actually happened.
“I would imagine the [government] would have two-factor authentication in place, which means you don’t just have the username and password to log in to the email. You get a text with a code, or something like that.”
However, he added: “Some of those methods are better than others, and certainly if you are targeted by Russia, then perhaps they did circumvent two-factor authentication.
“Without knowing more detail, it’s impossible to tell.”
‘Hallmarks’ of state-backed operation
Sources told Reuters the attack “bore the hallmarks” of a state-backed operation.
The revelation comes two weeks after the release of a House of Commons report addressing Russia’s influence on UK politics.
It said the UK is “clearly a target” for Russian disinformation campaigns and political influence operations “and must therefore equip itself to counter such efforts”.
The UK, the report added, is one of Russia’s top intelligence targets – behind only the US and NATO.