According to the UK’s elections watchdog – A Cyberattack caused the voting of millions of voters.
|Anonymous adversaries had occupied copies of the electoral registers from Aug, 2021.
The adversaries also made their move to the emails & control systems. However, the incident was not found till Oct, 2022.
The watchdog alarmed people to observe the suspicious moves of the hackers, which can cause data breaches.
Public Notice, Commission
|Adversaries steal copies of registers that were saved for research purposes & executing checks on political donors.
It is hard to determine exactly how many individuals could be impacted, although it is estimated that each year’s registration contains information on about 40 million individuals.
Political parties and registered campaigners’ financial information is stored in a system that is unaffected by this occurrence.
Shaun McNally, Chief Executive Officer
|The commission was aware of its systems’ unauthorized access by adversaries. However, it could not recognize the files which were stolen.
He acknowledged the public’s worry and expressed regret to the impacted parties.
|During the attack, he has been holding the following data related to the residents of the UK who signed up to vote around 2014 – 2022.
a) Names, and
This includes people who chose to keep their information off the public open register, which can be acquired, for example, by credit reference bureaus but is not visible to the general public.
The voters’ names abroad were also included in the accessed data, but not their addresses.
For reasons of safety or security, the information of those who were eligible to register anonymously was not accessible.
‘Very Sophisticated’ Attack
The personal data held on the registers name and address did not itself present a “high risk” to individuals, it added, although it is possible it could be combined with other public information to “identify and profile individuals.”
It had not said when exactly the hackers’ access to its systems was stopped but said they were secured as soon as possible after the attack was identified in October 2022.
Explaining why it had not made the attack public before now, the commission said it first needed to stop the hackers’ access, examine the extent of the incident and put additional security measures in place.
John Pullinger, Commission Chair
|He defended the delay by stating that “if you go public on a vulnerability before you have sealed it off, then you are risking more vulnerabilities.”
The “very sophisticated” assault utilized “software to try and get in and evade our systems.”
The electoral records themselves, which are kept up to date by registration officers around the nation, were unaffected by the hackers’ attempts to change or remove any data.
To safeguard its systems from new threats, it modified its firewall policies, warning system, and login limitations, among other security measures.
Nobody’s registration status or any elections were impacted by the computer hacks.
The UK’s Information Commissioner’s Office, which is in charge of data protection, announced that it was looking into the matter immediately.
This is about as serious as it gets on paper. One of the greatest concerns in the democratic world is the possibility of hackers meddling in elections.
However, there is little doubt that this is still a severe breach, and the attack’s nature is telling.
The attack will strengthen the argument made by proponents of the UK’s manual voting method against using electronic voting in the future.
Supporters of the status quo frequently assert that “pen and paper can’t be hacked” when modernization discussions arise.
It is clear from the fact that the hackers were using the Electoral Commission networks as early as August 2021 that this was not a malicious hacking operation trying to extort money. To have remained inside unnoticed for so long, this adversary had to be patient and skilled.
This operation appears to be a probing one that is looking for holes in the UK’s democratic process by gathering information about it. If the Electoral Commission knows who it was, they are not disclosing it.
Read More Article Here: