News in brief: Parliament hack ‘amateur attack’; ‘Humpty Dumpty’ in great fall; Google faces more EU fines

Your daily round-up of some of the other stories in the news

Attack on MPs ‘not a nation-state hack’

The attack on UK members of parliament at the end of June probably wasn’t a nation-state hack as first thought, Reuters reported on Thursday. Instead, it’s more likely to have been amateurs or private hackers, added Reuters.

The email accounts of 90 out of the 650 MPs in the House of Commons were accessed thanks to the owners of those accounts using “primitive and easily discovered passwords”, with Alan Woodward, a professor at the University of Surrey saying it was more likely to be script kiddies “arsing around” – and taking advantage of an absence of security precautions such as two-factor authentication.

Rob Greig, the director of the Parliamentary Digital Service, said at the end of June that the attack had gone on “for several hours as the attackers hit the network from servers all over the world”. Greig added that although they had started “to roll out a new multi-factor authentication system”, they stepped up efforts and it became “an intense period of activity to get every user account secured”.

At Naked Security we’d always advise using multi-factor authentication, picking strong passwords and using a password manager – now might be a good time to make sure your password hygiene is better than that of British lawmakers.

Head of Russian ‘Humpty Dumpty’ group jailed

Humpty Dumpty had a great fall, as the nursery rhyme goes, and so it has been for the leader of a Russian hacking group: Vladimir Anikeev, the leader of a group known as Shaltai Boltai – which means “Humpty Dumpty” – has been jailed for two years by a Moscow court.

With Russia usually under suspicion for hacking foreign politicians and political parties, there’s a certain irony in what’s led to Anikeev’s conviction: he has been jailed for leaking the hacked correspondence of senior Russian government officials, including Andrei Belousov, a presidential aide; Natalya Timakova, who is the press secretary to prime minister Dmitry Medvedev, and TV presenter Dmitry Kiselyov.

The trial of Anikeev, who is also behind the hack of Medvedev’s Twitter account, took place behind closed doors in Moscow, and no further details have emerged. Anikeev, a former journalist, argued that he was defending freedom of information and the internet.

Alexander Glazastikov, another member of the Humpty Dumpty group, told the BBC that it had originally been “a politically oriented project in opposition to the Kremlin”, but that Anikeev had then been approached by a senior member of the FSB, who had offered to co-operate with the group.

According to Glazastikov, the FSB agent had told the group: “We already have information about you and your project. But we want to co-operate. So we will cover for you – for your security … Maybe we will ask you to publish something.”

Google faces another EU fine

Less than a week after being slapped with a €2.4bn fine for unfairly favouring its shopping service, Google could be facing another huge fine from the EU, this time over its Android operating system, according to Reuters.

While Android is open-source and can be used by anyone, manufacturers who want to include Google’s Play store have to agree to include other Google apps and services and exclude third-party providers.

That’s unfair, alleged a number of providers including Russian search engine Yandex; FairSearch, an advocacy group, and Aptoide, a Portuguese app store. In response the EU’s competition authority has set up a panel of experts to examine the issue, which could well issue a fine that tops the amount levied on Google last week.

Google’s AdSense advertising service is also under scrutiny from EU antitrust regulators, and competition commissioner Margrethe Vestager has said that this year is her “G year”, during which she is seeking to conclude these cases against Google.

Catch up with all of today’s stories on Naked Security