Sophos: Nigerian scammers hack into Jack Straw’s email account
February 2009 by Sophos
Sophos is reminding web email users to be vigilant over security issues following news that hackers have broken into the email account of UK Justice Secretary Jack Straw. According to media reports, the account was hijacked and the address book used to send hundreds of emails attempting to defraud the politician’s friends and constituents.
The emails were sent from the Blackburn MP’s Hotmail account, claiming that Straw had lost his wallet while in Nigeria promoting a charity called ‘Empowering Youth to Fight Racism’. The emails asked for USD 3,000 to help the politician return home.
“We’re seeing more and more reports of hackers breaking into web accounts and social networking profiles,” said Graham Cluley, senior technology consultant at Sophos. “You have to wonder if the hackers broke into Jack Straw’s mailbox in a similar fashion to the attack used on Sarah Palin’s Yahoo account last September, where cybercriminals reset passwords by guessing the answers to ’secret questions’. Another possibility is that the MP used a simple-to-guess dictionary word for his password – something we have advised against and which again is a bad idea. Either way, there’s bound to be embarrassment for the politician who founded the National High-Tech Crime Unit.
“Of course, it’s unlikely that anyone would really believe that Jack Straw was stranded in Nigeria with no method of returning to the UK,” added Cluley. “But, perhaps more worryingly, whoever broke into Straw’s account has had access to his address book and emails that he has sent and received in the past. That information could be very useful for identity thieves.”