An SNP MP who was at the centre of a mysterious Russian hacking attack has revealed his office was targeted a second time in an approach from a “hostile foreign state”.
Stewart McDonald said his emails were stolen in January by a group linked to Russia’s ruthless security services. He reported the theft to the National Cyber Security Centre, part of the UK’s intelligence agency, GCHQ.
Now he has revealed that around the same time, his Westminster researcher was “contacted on LinkedIn by an organisation which described itself as an independent think tank”. He said: “The message said that they were ‘looking for paid contributors to a non-partisan British publication which aims to raise the profile of the devolved administrations’ political news’, and asked if he would be interested in writing for them. He did not reply.
“That message, as the National Cyber Security Centre has stated, is exactly the kind of introduction that hostile foreign states use to cultivate their sources.”
READ MORE: SNP MP Stewart McDonald falls for phishing scam with Russian-backed hackers suspected
Writing in the Scotsman, Mr McDonald said “insidious state-linked actors spend months slowly building relationships with [MPs’ aides] through flattery and finance, ensuring, all the while, a steady trickle of information”.
The Glasgow South MP and his researcher found the LinkedIn profile that had made the approach was connected to “parliamentary researchers, party officials and even government officials”. He added: “This profile, I have no doubt, is just one among a sea of fronts used to contact and engage with targets.”
Mr McDonald was the SNP’s defence spokesman until last year when he found himself out in the cold following Stephen Flynn’s leadership coup to remove fellow Sturgeon loyalist Ian Blackford. He has been a staunch ally of Ukraine, receiving the country’s order of merit in 2019.
According to reports by the BBC and the Guardian, the group that hacked his emails is called Seaborgium. It has been linked to Russian security services and has conducted a targeted campaign against western figures such as politicians, activists and journalists.
The sophisticated phishing scam happened when Mr McDonald opened an email on January 13 from a staff member’s genuine account. It claimed to contain a password protected document with a military update on Ukraine and brought up the log-in page for his email account, which he filled in.
READ MORE: Humza Yousaf called out over ‘flight of fancy’ to New York to speak at climate event
The document turned out to be a blank page and when, a few days later, the staff member was locked out of his personal account because of suspicious activity, they spoke and discovered he had never sent the email.
After the MP spoke out about the hack in February, former diplomat Craig Murray claimed he had obtained copies of the stolen emails and was preparing to publish them.
He said: “I have obtained access to all of Stewart McDonald’s emails, after approaching a number of people to find out who might have them. I had no hand in obtaining the emails nor prior knowledge. I am grateful they have been so generously shared.”
Mr Murray said the cache included emails between Mr McDonald and then First Minister Nicola Sturgeon, who resigned just a few days later. After he was visited at home in Edinburgh by Police Scotland officers, he said he was temporarily relocating to the Outer Hebrides to avoid “intimidation”.
He said he had instructed lawyers to prepare a counsel’s opinion on the legality of publishing the content of the emails. However, nothing has yet been forthcoming.
For more news, follow us on Facebook and Twitter but never miss the latest top headlines and sign up to our daily newsletter here.