UK minister confirmed as 12th target in Westminster ‘spear-phishing’ scandal

Posted by
Check your BMI

LONDON — A serving government minister is among 12 men now known to have been targeted in a suspected “spear-phishing” scandal enveloping Westminster politics.

POLITICO revealed Wednesday morning that at least six people working in Westminster — a senior Labour MP, four party staffers and a political journalist — had received unsolicited messages from two suspicious mobile numbers by users calling themselves alternatively “Abi” or “Charlie.”

In the hours after the story was published, six more people working in and around Westminster contacted POLITICO to say they had received near-identical messages from one or both of the numbers in question. Several of the 12 were sent naked pictures in an attempt to lure them in.

The latest targets include a serving minister in Rishi Sunak’s government; a backbench Tory MP; a former MP; another political journalist; a broadcaster; and the manager of an all-party parliamentary group.  All have asked to remain anonymous for now.

In a statement issued late Wednesday afternoon, the U.K. parliamentary authorities asked anyone affected to contact its security team.

POLITICO has now established the messages — which four cybersecurity experts have confirmed appear to be a targeted attack — have continued until at least late March.

The latest cases confirm the same pattern of behavior displayed in previous approaches, with the sender or senders revealing a startling level of personal knowledge about their targets.

The serving minister told POLITICO they first received a late-night message on March 11 from “Charlie,” who claimed they used to work in Parliament and had had “flirty” chats with their target. The minister briefly replied, before blocking the number.

‘Mmm you do look good’

The former MP was contacted on the same night by “Charlie”, who wrote: “Long time no speak! Miss you in Westminster.” The messages quickly escalated, with “Charlie” telling the ex-MP — who is gay — that “I’m single again so making the most of the gays in Westminster,” adding: “Mmm you do look good.”

When the former MP asked again who they were, the sender gave a surname and also the name of an MP they claimed to work for. “Now you know I’m not just a random popping up to compliment your ass,” they added. The next day the sender sent an explicit photo, at which point the former MP immediately blocked them.

“When you described the phishing techniques my heart started racing,” the ex-MP told POLITICO, having read the original story Wednesday morning. “I had [previously] put it down to Westminster having lots of weird people who work there.”

One of the journalists concerned was bombarded with messages that began with questions about how they and their boyfriend — whom the sender correctly named — were doing.

“Was v nice to hear you on the radio yesterday,” the sender said, before sending an explicit photo, then chasing on separate days saying “say something,” “hey,” “I’m really sorry” and “much planned for the long weekend?”

The other journalist was contacted on March 11 by “Charlie,” who claimed they had “swapped numbers after drinking one night”. The journalist quickly blocked that number — but a day later he received a message from “Abi,” using the other mobile number in question.

When the journalist replied that this was “clearly the same person as yesterday,” “Abi” responded: “I was sad you blocked me”. After being asked who they were yet again, the sender responded: “I was horny and I messaged you. That’s kind of it.”

‘Blackmail’

In a statement issued to POLITICO Wednesday, a U.K. parliamentary spokesperson said: “Parliament takes cybersecurity extremely seriously. We provide members and staff with tailored advice, making them aware of cyber risks and how to manage their digital safety — including on any personal devices and accounts. We would encourage any passholders who have concerns to contact the Parliamentary Security Department.”

A dossier of evidence from the first six targets, compiled by POLITICO, was previously reviewed by four cybersecurity experts who agreed people in key positions in parliament were being targeted with ill intent.

Dominik Wojtczak, head of the Cybersecurity Institute at the University of Liverpool, said he believed the messages were part of a “spear phishing attack” — a highly personalized form of “phishing,” meaning to gather compromising information on a victim.

“The purpose is most likely to simply obtain indecent images of the victims and then blackmail them,” Wojtczak said.