Parliamentary staff warned of cyber dangers after suspected sexting honeytrap attacks

Genevieve Holl-Allen
Sir Lyndsay Hoyle, the Commons Speaker, held talks with staff over the cyber attacks
Sir Lyndsay Hoyle, the Commons Speaker, held talks with staff over the cyber attacks - Jonathan Brady/Getty Images

Sir Lindsay Hoyle, the Commons Speaker, has held talks with parliamentary staff following suspected sexting honeytrap attacks targeting MPs, staffers and political journalists.

At least 12 men working in and around Parliament, including a serving minister and other MPs, have been targeted on WhatsApp in a suspected spear phishing attack.

Attackers contacted their victims under the aliases “Abi” or “Charlie”, pretending to have met them before, and in several cases went on to send explicit photographs in an attempt to lure them in, Politico reported.

It is understood Sir Lindsay is concerned by the reports and had a discussion with staff on Thursday about possible further action. There was talk of a letter being sent from parliamentary security to MPs and staff, outlining the risk of cyber attacks and how to detect them.

Politico reported that the serving minister received a message on 11 March from “Charlie”, who claimed they had previously worked in Parliament and they had had “flirty” chats together. The minister replied before going on to block the number.

Another former MP was contacted by someone under the same alias on the same evening, who sent them a message to say “Long time no speak! Miss you in Westminster” and then later,: “I’m single again so making the most of the gays in Westminster.”

“Charlie” went on to provide a surname and name of an MP they said they worked for, and the next day sent an explicit photo, when the ex-MP blocked them immediately.

Spear phishing is a term to describe a targeted cyber attack on one or more victims to get them to reveal confidential information.

Gauging the full extent of the spear phishing campaign has been made more complicated by the fact that the reports emerged during the Easter recess, when MPs are not in Parliament.

Those targeted have been told to speak to Parliament’s security department for advice, with Politico reporting that three men had done so.

Alicia Kearns, who chairs the foreign affairs select committee, said that “without question” MPs and their staff needed better training on cyber security. She added that she believed a foreign hostile state “or those working in their interests” could be responsible for the attacks.

“It could also be a criminal actor working at the behest of a foreign state, or a lone actor seeking to embarrass or make a quick buck, but these are equally unlikely to be criminal masterminds and would also make similar errors or be lazy in their attempts,” Ms Kearns said.

“Even if this specific attack was not a foreign state, the reality is these are the most common group seeking to undermine democracy by attacking MPs and their staff.

“The challenge for MPs and our staff is that the barrier for entry is so low, and the volume of attacks is so high – no matter how cyber aware or cautious you are, it is too easy to be tricked, and those waging these attacks are always ahead of us in creating new avenues to attack us.”

Advertisement