Fraudsters have hacked into Justice secretary Jack Straw's web email account.

The internet fraudsters sent out messages to hundreds of Straw's contacts that claimed he was stranded in Nigeria and needed $3,000 to return home.

The emails were sent from the Blackburn Member of Parliament's Hotmail account, claiming that Straw had lost his wallet whilst in Nigeria promoting a charity called Empowering Youth to Fight Racism.

The Telegraph reported the con artists sent up to 200 emails to constituents, Ministry of Justice officials, Labour members and council bosses. The emails carried the official heading The Right Hon Jack Straw MP.
Straw has confirmed the emails had been sent to a "significant number of people" in his address book but he said there were no security issues as it was his Blackburn e-mail address rather than his ministerial account that was targeted.

He added: "I started getting phone calls from various constituents asking if I was really in Nigeria needing 3,000 dollars.

"It was an issue for constituents, not the Government. We are checking all that and I am assured there's no evidence that confidentiality of constituents was affected," said Straw.

The Blackburn MP, who set up the National Hi-Tech Crime Unit to crack down on internet hackers when he was Home Secretary in 2001, said: "The internet is wonderful in many ways, but these gangs put a lot of effort in because they make money from it. In a lot of cases they do get people to cough up.

He added: "But I think it was so obviously ridiculous that I could go off trekking in Africa and I would lose my wallet."

Graham Cluely, senior technology consultant at Sophos said this type of scam is a growing trend. "We're seeing more and more reports of hackers breaking into web accounts (including Facebook profiles) to send out claims that the real account owner is stranded overseas and needs money for a safe return."

While it's unlikely that anyone would really believe that Jack Straw was stranded in Nigeria, the email compromise could have exposed information. "Whoever broke into Straw's account has had access to his address book and emails that he has sent and received in the past. That information could be very useful for identity thieves," said Cluely.

It is unclear how hackers accessed the account. Cluely speculated that hackers broke into the Straw's mailbox in a similar fashion to the attack used on Sarah Palin's Yahoo account last September, where hackers were able to reset passwords by guessing the answers to "secret questions". Another possibility, said Cluely, is that Jack Straw used a simple-to-guess dictionary word for his password, something which Sophos has historically warned was bad security practice.

Related articles:

Information Commissioner to gain tougher powers