Finland Says Hackers Accessed MPs' Emails Accounts (zdnet.com) 17
The Finnish Parliament said on Monday that hackers gained entry to its internal IT system and accessed email accounts for some members of Parliament (MPs)fin. From a report: Government officials said the attack took place in the fall of 2020 and was discovered this month by the Parliament's IT staff. The matter is currently being investigated by the Finnish Central Criminal Police (KRP). In an official statement, KRP Commissioner Tero Muurman said the attack did not cause any damage to the Parliament's internal IT system but was not an accidental intrusion either. Muurman said the Parliament security breach is currently being investigated as a "suspected espionage" incident. "At this stage, one alternative is that unknown factors have been able to obtain information through the hacking, either for the benefit of a foreign state or to harm Finland," Muurman said. "The theft has affected more than one person, but unfortunately, we cannot tell the exact number without jeopardizing the ongoing preliminary investigation.
It was terrible (Score:5, Funny)
They collected enough information to propose legislation to fund a universal basic income experiment and provide socialized medicine for the population. They're monsters.
Ok... (Score:2)
Every government these days has some hackers snooping around in their systems. What's so special about it this time? Did they steal the MP's secret recipe for fish soup with meat balls?
Re: (Score:3)
Did they steal the MP's secret recipe for fish soup with meat balls?
It's even worse than that. They found evidence he likes some other country's fish [scandinaviastandard.com].
Re: (Score:2)
Did they steal the MP's secret recipe for fish soup with meat balls?
I don't think it is necessarily what the MP's wrote that is the most serious issue here as presumably the hackers gained access to both sides of the conversation. Constituents write to their MPs asking for help with all sorts of issues some of which might be very sensitive and personal. The security of such emails should therefore be taken seriously.
Re: (Score:1)
It's all in the wording (Score:2)
"The theft has affected more than one person, but unfortunately, we cannot tell the exact number without jeopardizing the ongoing preliminary investigation.
I'll (nearly) ignore the unmarried parenthesis to postulate that >1 person in this instance is a majority of the accounts. Since the vulnerability allowed the actors access to 2 or more accounts, it was likely wide open door, not a couple of careless individuals.
That, and the usual predisposition of the penetrated to downplay the damage.
Re: (Score:3)
Fully possible.
But it could also be some partial penetration. Many possible scenarios allow for only some be accessed but not all.
Something like they found some system where they could do brute force attacks so those MPs with weaker passwords were penetrated but not the strong ones.
They used some malware to access some of the workstations but those MPs that did not "click on the link" did not get infected and thus not exploited.
They had access to some subsystem like some committee system and could thus ac
Russians or Chinese? (Score:1)
Who to pin the blame on this time I wonder! Who might be the wonderfully convenient scapegoat...?
Re: (Score:2)
I fear worse. They put in relentless effort and we treat them worse than interns. We may have to pay them for their outstanding penetration testing.
Re: (Score:1)
Finland was going to squeal to the space cops (Score:1)
Oh no...Not Finland...
Password: (Score:1)
MFGA2021
basic failures no DANE or DMARC (Score:2)
they dont declare the TLS certificate in any way or have a decent SPF/DMARC/DNSSEC which is basic basic basic things
No DANE
best update to a provider that does those things like the netherlands gov