Russian hackers accused of election meddling attempt ‘tricked ex-Tory minister into handing over password’

Britain's first post-Brexit international trade secretary Liam Fox gives a press conference on July 17, 2020 in Geneva following his hearing before 164 member states' representatives, as part of the application process to head the World Trade Organization (WTO) as Director General. - The eight candidates battling to become the next head of the beleaguered World Trade Organization make their pitches this week, with three days of auditions started on July 15, 2020. (Photo by Fabrice COFFRINI / AFP) (Photo by FABRICE COFFRINI/AFP via Getty Images)
'Tricked': Liam Fox. (AFP via Getty Images)

A Conservative former minister was “tricked” into handing over his email password to suspected Russian hackers who stole classified documents in an apparent attempt to influence last year’s general election, according to a report.

Reuters has reported US-UK trade documents were taken from an email account of former international trade secretary Liam Fox ahead of the election.

Sources said Fox’s account was targeted using “spear phishing”, a hacking method which tricks the target into handing over their password and login details.

Fox was international trade secretary until 24 July last year, when he was sacked by Boris Johnson. The report said the email account was hacked “multiple times” between 12 July and 21 October.

The trade documents were leaked online and eventually used by then-Labour leader Jeremy Corbyn in the election campaign. At an event on 27 November, he used them to claim the NHS “was on the table” as part of the government’s negotiations.

RETANSMITTING AMENDING CAPTION TO UNREDACTED Labour leader Jeremy Corbyn holds an unredacted copy of the Department for International Trade's UK-US Trade and Investment Working Group readout as he delivers a speech about the NHS, in Westminster, London. (Photo by Dominic Lipinski/PA Images via Getty Images)
The documents, having been taken from Fox's account, were leaked online and eventually used by Jeremy Corbyn during the general election campaign. (Dominic Lipinski/PA Images via Getty Images)

Rob Pritchard, founder of The Cyber Security Expert consultancy and former deputy head of the UK Cyber Security Operations Centre, said questions need to be asked about which email account was hacked.

He told Yahoo News UK: “We don’t know if this was a personal account or not. I would expect, with the Department for International Trade, a government account to have some extra defences for phishing.”

Pritchard said “there’s a good chance” the documents could have been stolen from Fox’s personal account.

This website asked Downing Street which account was targeted, but the government didn’t answer.

A spokesman said: “There is an ongoing criminal investigation into how the documents were acquired, and it would be inappropriate to comment further at this point.

LONDON, UNITED KINGDOM - JULY 23: Secretary of State for International Trade and President of the Board of Trade Liam Fox arrives for Theresa May's final cabinet meeting as Prime Minister at 10 Downing Street on 23 July, 2019 in London, England. Today's announcement of a new Conservative Party leader and prime minister, most likely Boris Johnson, is expected to trigger ministerial resignations from critics of the no-deal Brexit approach ahead of a major Cabinet reshuffle. (Photo credit should read Wiktor Szymanowicz / Barcroft Media via Getty Images)
Liam Fox was international trade secretary between 2016 and 2019. (Barcroft Media via Getty Images)

“But as you would expect, the government has very robust systems in place to protect the IT systems of officials and staff."

Fox, currently a backbencher in parliament, is running to be director-general of the World Trade Organization.

What is spear phishing?

“It’s some sort of hook to drive you to a fake login page,” Pritchard explained.

“It’s typically the kind of thing that says ‘somebody tried to log in to your account, please click here to reset your password’. You’re taken to a page that looks real, you enter your user name and password and then you’ve handed over your details to the malicious actors.”

He went on: “They have got harder to do, because there are technical defences, which is why it comes back down to where [which email account] this actually happened.

“I would imagine the [government] would have two-factor authentication in place, which means you don’t just have the username and password to log in to the email. You get a text with a code, or something like that.”

However, he added: “Some of those methods are better than others, and certainly if you are targeted by Russia, then perhaps they did circumvent two-factor authentication.

“Without knowing more detail, it’s impossible to tell.”

‘Hallmarks’ of state-backed operation

Sources told Reuters the attack “bore the hallmarks” of a state-backed operation.

The revelation comes two weeks after the release of a House of Commons report addressing Russia’s influence on UK politics.

It said the UK is “clearly a target” for Russian disinformation campaigns and political influence operations “and must therefore equip itself to counter such efforts”.

The UK, the report added, is one of Russia’s top intelligence targets – behind only the US and NATO.