SNP MP fears ‘disinformation attack’ after emails hacked

SNP MP Stewart McDonald has said he fears he may be the victim of a “disinformation attack” as he claimed his personal email account has been hacked by Russia.

The Glasgow South MP told the BBC he was targeted in a phishing attack on January 13, in the form of a password-protected attachment sent in an actual email account for a member of his staff, purporting to be about Ukraine.

After clicking on the link and entering his log-in details, he was redirected to a blank page, the MP said, and when he asked the member of staff about it, he responded: “I didn’t send any email.”

Stewart McDonald
MP Stewart McDonald voiced concern that access to his account could lead to a ‘disinformation attack’ (Chris McAndrew/UK Parliament/PA)

Several days later the same staff member informed Mr McDonald he had been locked out of his personal email account because of suspicious activity – and that he had never sent him the email with the log-in page.

Mr McDonald, formerly his party’s defence spokesman and someone with a keen interest in Russia, said he is concerned about what may be done with personal emails that could have been taken from his account.

“If it is indeed a malicious state-backed group, then, in line with what I’ve seen elsewhere, I expect them to dump some of the information online,” he told the BBC.

“I can expect them to manipulate and fake some of that content and I want to get out ahead of that to ensure any disinformation attack against me is discredited before it’s even published.

“It can catch people, even those who are alive to these threats.”

Speaking to BBC Radio Scotland on Wednesday, Mr McDonald said he wanted to “raise awareness of the threat”.

He added: “This is a phishing campaign that was long-planned, and was targeted against me. I know it was targeted against some others also.

“Unfortunately the hackers managed to breach the private email address of one of my staff team as well, so I would recommend to all of your listeners to read the National Security Cyber Centre’s guidance on spear phishing.

“These are more sophisticated than general phishing emails that I am sure all of us have received from time to time and ensure you don’t fall victim to it.

“It is a deeply unpleasant experience.”

The incident came in the weeks after an advisory was issued by the National Cyber Security Centre (NCSC), a wing of the intelligence agency GCHQ, which warned of “spear-phishing attacks” – which are targeted at specific people using tailored content more likely to deceive – from actors in Russia and Iran.

The advisory did not explicitly say the groups – known as Seaborgium and TA453 – were backed by any government.

A spokesman for the NCSC said: “An incident has been reported to us and we are providing the individual with support.

“The NCSC regularly provides security briefings and guidance to parliamentarians to help them defend against the latest cyber threats. This includes expert advice for MPs and their staff available on the NCSC website.”