Daily cyber threats and internet security news: network security, online safety and latest security alerts
February 26th, 2009

UK Justice Minister’s Email Account Used For 419 Scam

UK Justice Secretary Jack Straw had his web based email account compromised last Thursday. Jack Straw, former Home Secretary used a Hotmail account as his sole public email address.

In a variation of a theme currently being used on social networking sites, 419 scammers used the compromised account to send hundreds of email messages to Jack Straw’s constituents and others in his address book and inbox. The bogus message, purporting to be from Mr. Straw, claimed that he had lost his wallet while in Nigeria promoting a charity called “Empowering Youth to Fight Racism” and asked the recipient if the could help him our by sending $3,000 to fly home.

“It was an issue for constituents, not the government. We are checking all that and I am assured there’s no evidence that confidentiality of constituents was affected” the MP told the Telegraph newspaper in the UK.

Aside from the fact that constituent confidentiality was clearly breached, in that their email addresses were all available to, and used by, the hacker and clearly any emails in the Hotmail inbox or filed away in online folders would have been visible, it surprises me that he was using Hotmail in the first place. The service is routinely abused by e-criminals for this kind of email scam. Of course, as a past Home Secretary who set up the High Tech Crime Unit, you would have expected him to know better. But the real issue here is; why isn’t the UK Government adopting the same strict guidance given by the US Government – don’t use anything other than anything other than a government email address for parliamentary business?

These accounts are neither under the control, security protocols or jurisdiction of any government IT program, will not be backed up or indexed by government and almost certainly will not be subject to any Freedom of Information request made against the government data. In addition, shouldn’t privileged communication between Member of Parliament and constituents be routinely encrypted, especially given that Identity Based Encryption services now offer the opportunity to send encrypted email to anyone with no need for any kind of pre-enrolment or key management?

Credit: Rik Ferguson, Threat Marketing Communications, Trend Micro

Share this item with others:

More on CyberInsecure:
  • Paypal Is Being Used In Popular Nigerian 419 Scam
  • UK Prime Minister’s Health Records Breached In 2.5 Million People Database Attack
  • Turkish Prime Minister Website Hacked In Prostest Of Pay Increase Proposal
  • Hijacked High-Ranked Sites Serve Malicious, Illegal Content, Blacklisted By Google
  • Hackers Hijack Sarah Palin’s Yahoo Account, E-mails Published Online

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: UK Justice Minister’s Email Account Used For 419 Scam

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.