A cyberattack targeting the UK Electoral Commission has exposed the data of up to 40 million citizens. British intelligence services have uncovered evidence linking the cyberattack to Russian hackers.
The attack, described as a “complex cyber attack,” targeted the Electoral Commission’s computer systems, gaining unauthorised access to sensitive information. The breach was not detected until 14 months after the initial intrusion, prompting questions about the organisation’s security measures.
Signs of ransomware – malicious software that can lock users out of their files – were also discovered during the investigation, raising concerns that vital voter lists might have been compromised.
Mark Jow, EMEA CTO at Gigamon, said:
“The Electoral Commission’s breach appears to have been an incredibly sophisticated attack, purpose-built to evade its specific security controls.
The image of the unseen threat lurking in your midst is one that keeps a majority of CISOs up at night, making the Electoral Commission’s 15-month gap in detecting the hack a nightmare scenario.”
Experts and former intelligence chiefs have voiced their concerns about the origin of the attack, pointing towards Russia due to its history of meddling in Western elections.
Sir David Omand, former director of GCHQ, told BBC Radio 4 that Russia would be the “first on my list of suspects,” while Sir Richard Dearlove, former head of MI6, told The Telegraph that “Russia would be at the top of the suspects list by a mile.”
The tension between the UK and Russia has been escalating since Russia’s invasion of Ukraine in early 2022, which prompted economic sanctions from the UK. Although the cyber attack predates this conflict, it is seen as part of a broader pattern of disruptive activities by Russia.
The compromised data includes electoral registers containing the names and addresses of individuals who registered to vote between 2014 and 2022, as well as those casting ballots from overseas. The breach also extended to the commission’s email system, potentially exposing sensitive information like bank records.
“It’s highly concerning that names and addresses appear to have been stolen in this attack – if this data is leaked then people can find citizens’ addresses just from their names,” commented Jamie Moles, Senior Technical Manager at ExtraHop.
While the breach exposed a vast amount of data, the commission has attempted to downplay the risk to individuals. However, experts stress that the attack highlights the vulnerability of organisations overseeing elections and the need for increased vigilance in securing electoral processes.
Brad Freeman, Director of Technology at SenseOn, said:
“For a democracy, the integrity of the electoral system is critical. Luckily in the UK, we use a paper-based system to collect and verify votes. Whilst a paper-based system causes delays for counting and a small margin of error due to human mistakes, the process is very resilient to wide-scale tampering.
The electoral roll itself is highly unlikely to be used directly in an attack on our democracy. However, large databases are valuable for information collection by nation-states—especially when they are used against other datasets to build more complete pictures of our nation and its citizens.”
The specifics of how the hackers managed to infiltrate the Electoral Commission’s systems for over a year without detection remain unclear. The delayed revelation of the breach was attributed to ongoing investigations and efforts to enhance security measures.
With democracy already facing numerous challenges in the digital age, this cyberattack serves as a stark reminder of the potential threats posed by hostile actors aiming to compromise electoral processes and sow discord within nations.
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The event is co-located with Digital Transformation Week.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.