A huge number of ministers and government workers have been cautioned that they are susceptible to hacking after personal information was left online.
Experts have expressed concern that ministers could be duped into divulging critical information using a contact database.
The Government Communication Service (GCS) website had the names, job titles, and email addresses of 45,000 federal officials.
According to The Times, the contacts were removed in March 2020 due to site maintenance, but a statement claims they will return soon.
In 3,000 instances, mobile phone numbers were given, whilst in others, Twitter and LinkedIn profiles were included.
The Government Communication Service (GCS) website had the names, job titles, and email addresses of 45,000 federal officials.
Online security specialist Richard De Vere told The Times that the documents left the government “ripe for social engineering attacks” – another word for human hacking (file photo)
Richard De Vere, a specialist on cyber security, told the newspaper that the documents left the government “ripe for social engineering attacks,” which is another word for human hacking.
“Social engineering feeds on information: the more you can give it, the more effective it becomes,” he explained.
Using the data, he warned, thieves may mimic top government officials and then approach ministers.
As the messages would appear to originate from the civil workers’ cell phone numbers, they could be persuaded to click on links that would grant criminals access to their networks.
‘These messages originate from people’s phones, so if you’ve corresponded with them in the past, the message will appear alongside the rest. We can still readily forge messages,” Mr. De Vere stated.
On the database were department heads from the Cabinet Office, personnel from the Ministry of Defence and the National Nuclear Laboratory, and directors from the British Council.
Mr. De Vere reported that he raised the problem with the National Cyber Security Centre in 2019, but was informed that the GCS was “supposed to have a public directory.”
He said that a hacking attack on Liz Truss while she was secretary of state was the result of “social engineering.”
The administration takes cybersecurity extremely seriously, a government spokesperson told The New York Times. The National Cyber Security Centre provides ministers with regular security briefings and guidance, including on securing their personal data and reducing cyber risks.
Mr. De Vere said that a hacking attack on Foreign Secretary Liz Truss could have been the result of “social engineering.”
»Thousands of ministers and federal workers are susceptible to cyberattacks«