Did China hack Holyrood? 'Senior sources' in Scottish parliament link Beijing to cyberattack

Two "senior sources" from inside the Scottish parliament believe that state hackers linked to China were responsible for an August cyberattack on its systems.

At the time, government networks were hit by a "brute force" cyberattack, whereby hackers scan a target for weak security before exploiting any gaps found. Officials at Holyrood said that "external sources" were to blame.

The incident came just weeks after a similar attack at Westminster, home to the British parliament, when the accounts of up to 90 politicians with woeful password security were hit by hackers.

According to the Sunday Herald on 17 September, Holyrood officials said that following the incident, emails went offline and passwords had to be changed.

But ultimately, evidence that China was involved remains thin and is solely based on anonymous claims.

Experts told the Scottish newspaper that attribution in such instances is difficult to pin down, as criminals can often re-route or mask their internet IP addresses to make it seem like an attack is coming from elsewhere. Others said the attack may have been a test run.

It remains unclear what China would gain from infiltrating the Scottish parliament. In some ways, the assertion goes against the typical modus operandi of such groups.

Experts say that China's state hackers are sophisticated and in the past have indeed infiltrated government, military and corporate networks around the world.

Yet unlike others, Russia for example, China is typically more interested in intellectual property theft rather than political subterfuge.

And while anything is possible, a Scottish parliament spokesperson also declined to confirm the allegations from the unnamed Holyrood sources.

"We can see which countries across Europe and further afield the attack was routed through, but that doesn't confirm the place of origin," a statement read.

"We won't list those countries through which the attack was routed but we are liaising with the National Cyber Security Centre," it added, referencing a recently-opened fork of UK intelligence agency Government Communications Headquarters (GCHQ).

Ewan Lawson, a research fellow at the Royal United Services Institute for Defence and Security Services (RUSI), told the Sunday Herald there may be a degree of merit to the claims.

He said: "Whilst a load of emails from the Scottish Parliament to constituents might not seem particularly interesting, there will be nuggets. People say things on emails that they perhaps wouldn't necessarily if they thought the conversation was going to be overheard."

Political hacking has become a major talking point for governments within the past year, in the wake of the headline-grabbing allegations of cyberattacks during the US 2016 presidential election.

Multiple incidents, intelligence sources say, were the work of two Russian hacking groups. Both the Russian and Chinese governments have previously denied links to state cyber operations.

Commenters on the Sunday Herald story, however, had some fun with the China claim.

"Delusions of grandeur," wrote one person under the name John Thomas.

"Inevitably it was some random incompetent IT worker that messed up. Let's face it, China isn't going to bother hacking into what in essence is the equivalent of Yorkshire council, is it?"

Another commenter, under the name Alex Stoddart, added: "The Chinese huh; are they sure about that? Maybe it was those evil Russians in crypto-disguise. Or maybe the CIA who have been accused of using foreign malware. One never knows for sure."