Internal security: unauthorised access to parliamentary email accounts

TVN24 News in English, TVN24,
Stanisław Żaryn, spokesman for special services minister-coordinator, says hackers targeted Polish MPs
Stanisław Żaryn, spokesman for special services minister-coordinator, says hackers targeted Polish MPsTVN24
wideo 2/4
TVN24Stanisław Żaryn, spokesman for special services minister-coordinator, says hackers targeted Polish MPs

Poland's Internal Security Agency has found out that the coordinated hacker attack on Polish officials also targeted the Sejm - spokesman for special services minister-coordinator Stanisław Żaryn informed on Friday. The day before media reported about alleged print screens showing Sejm email account of minister Michał Dworczyk. In recent weeks, alleged correspondence from Dworczyk's private email was published in the internet.

In the first half of June, minister Michał Dworczyk, Chief of Prime Minister's Chancellery, informed that his email account had been attacked. This was the beginning of the so-called email scandal of the PiS government.

Since early June, print screens have been appearing on Telegram communicator showing alleged correspondence from minister Dworczyk's account between him and PM Morawiecki and other officials. Although the email addresses were private, the discussed issues pertain to functioning of the state.

More photos appeared on one of the channels on Telegram on July 1, but this time allegedly showing parliamentary email account of Michał Dworczyk and information about received emails along with their titles, recipients and senders. This situation was reported and analysed by portal.

A day after many media outlets reported on the issue, spokesman for special services minister-coordinator Stanisław Żaryn released a statement in which he informed about "new information" found by the ABW.

"As part of the analysis of the ongoing Ghostwriter campaign, the Internal Security Agency has found out that the attack also targeted the Sejm" - the statement reads. It also was explained that "a detailed analysis detected unauthorised access to official email accounts of some members of the Polish Sejm".

"The incidents pertain to a dozen or so MPs from the following parliamentary clubs and groupings: the Left, Poland 2050, PiS, Civic Coalition, Confederation" - we read.

The authors added they "immediately sent their recommendations to the Chancellery of the Sejm". "MPs, whose emails have been attacked, were informed about the dangers, as well as about suggested actions that would offset the damage. Also cybersecurity training was organised for them" - Stanisław Żaryn wrote in the statement.

"The mentioned actions aimed against the security of email accounts of Polish MPs have been identified as part of a disinformation campaign launched against Poland" - we read.

The statement lacked information for how long the "unauthorised log-ins" have been going on and exactly how many MPs have been affected. We also could not find out since when the ABW has been informing MPs about the danger and when the said training took place.

There was also no information as to what the ABW recommended to the Sejm Chancellery in that regard.

Żaryn informed that new information gathered by the ABW related to the "ongoing Ghostwriter campaign". presented in detail the information in that case gathered by the Reporters Foundation. We wrote at the time about a "Ghostwriters" group that is believed to have worked for Russian special services.

In an interview for portal, published on June 20, Dworczyk said the emails that were to originate from his private email account fell into a number of categories: fully fake or falsified content, manipulated content - that is real one, but published after they had been tampered with, as well as real content. As of yet he has not explained which ones are which.

On June 18, Deputy Prime Minister and Poland's de facto leader Jarosław Kaczyński informed that top Polish government officials were hit by a far-reaching cyber attack conducted from Russian territory.

"The analysis of our services and the secret services of our allies allows us to clearly state that the cyber attack was carried out from the territory of the Russian Federation. Its scale and range are wide," he said on the government website.

On June 22, Żaryn informed that at least 4,350 email accounts belonging to Polish citizens were targeted by the hackers. He added that the services had information linking the attackers to Russian special services.

"At least 500 users replied to the information sent out by the attack orchestrators, which largely increased the likelihood of the attackers' success. Polish services possess reliable information linking operations of the UNC1151 group to those carried out by Russian special services" - special services said in a statement.


Źródło: TVN24 News in English, TVN24,

Pozostałe wiadomości