Fears Russians are behind massive cyberattack that saw hackers access the names and addresses of tens of millions of voters on Britain’s electoral register

Russians are suspected of orchestrating a massive cyberattack that saw hackers access the names and addresses of tens of millions of voters on Britain’s electoral register. 

More than 40million voters may have had their data stolen after a raid on the Electoral Commission in the biggest data breach in UK history.

Officials revealed yesterday that ‘hostile actors’ had access to its systems for 14 months without being detected, meaning the hackers may have obtained the name and address of nearly every voter in the country.

David Omand, a former GCHQ director, said Moscow was the prime suspect.

‘Russians, and I point to them in particular, have been interfering with democratic elections for some years now – think of the 2016 US election, and then the French election, and then the German election, even our own 2019 election,’ he said.

‘They have been trying to interfere with the democratic process. It is not at all surprising that hostile agencies would try and hack into the Electoral Commission.’

More than 40million voters may have had their data stolen after a raid on the Electoral Commission in the biggest data breach in UK history 

Sir David told BBC Radio 4 he cited Russia because of the record of its military intelligence and civilian agents in interfering with Western elections.’

While investigations into the cyberattack are continuing, evidence has been identified suggesting Russian involvement, although there is no evidence of a link to the Kremlin, The Times reported.  

The commission admitted it still did not ‘know conclusively what files may or may not have been accessed’ and what data was downloaded or copied. The criminals were able to view electoral registers with the names and addresses of at least 40million people registered to vote between 2014 and 2022.

The attack also compromised its file sharing and email system, allowing access to the online addresses and data of anyone who messaged its staff. The National Cyber Security Centre, which is probing the incident, did not rule out the possibility of a foreign state attack.

Yesterday the commission stressed the data accessed would not allow anyone to meddle in parliamentary or council elections by impersonating voters. It also said it was confident the hackers did not edit or change the electoral registers.

But MPs called for the National Cyber Security Centre and Parliament’s intelligence and security committee to investigate how the data was being used.

Tory MP Simon Fell, chairman of the all-party parliamentary group on cyber security, said: ‘Frankly this attack has put us all at risk. What is so deeply concerning is the volume and scale of this data breach. 

While investigations into the cyberattack are continuing, evidence has been identified suggesting Russian involvement, although there is no evidence of a link to the Kremlin, according to reports

While investigations into the cyberattack are continuing, evidence has been identified suggesting Russian involvement, although there is no evidence of a link to the Kremlin, according to reports

GCHQ houses the National Cyber Security Centre, which is responsible for protecting against hacks

GCHQ houses the National Cyber Security Centre, which is responsible for protecting against hacks 

‘A lot of this information may be in the public domain elsewhere, but where it has real value to the people who may want to cause us harm is it is all in one place. It must be the biggest single data set breach in the UK.

‘Given the scale and complexity of this, there are very few groups capable of such an attack, the usual suspects would be Russia, China, Iran and North Korea.

‘But it is Russia that has a history of interference in elections.’

The attackers were able to access reference copies of the registers held for research purposes and for permissibility checks on political donations.

The registers included the name and address of anyone in the UK who was registered to vote between 2014 and 2022, as well as registered overseas voters.

The watchdog apologised yesterday, saying that although ‘much of the data’ was already in the public domain, it is possible ‘this data could be combined with other data in the public domain … to infer patterns of behaviour or to identify and profile individuals’.

Hackers infiltrated the commission’s systems in August 2021 but the security breach was not discovered until October 2022. The commission said the attack had ‘used a sophisticated infiltration method, intended to evade our checks’, which was why it had taken so long to detect.

Officials decided to delay informing the public while they removed the hackers and put additional security in place.

Police Service of Northern Ireland (PSNI) Assistant Chief Constable Chris Todd speaks to media about a data breach involving officers and civilian staff

Police Service of Northern Ireland (PSNI) Assistant Chief Constable Chris Todd speaks to media about a data breach involving officers and civilian staff

But Anthony Young, of cyber security firm Bridewell, said: ‘If the attackers had access to the commission’s email systems and controls for over 14 months, during this time they could have contacted other individuals, companies and government departments claiming to be part of the electoral commission. This could lead to further loss of data or finances.’

Shaun McNally, the chief executive of the Electoral Commission, apologised, saying: ‘The UK’s democratic process is significantly dispersed and key aspects of it remain based on paper documentation and counting.

‘This means it would be very hard to use a cyber-attack to influence the process. We know which systems were accessible to the hostile actors, but are not able to know conclusively what files may or may not have been accessed.’

It came as police in Northern Ireland revealed they were also at the heart of a data breach ‘of monumental proportions’, in this case affecting thousands of officers and civilian staff. 

The data was mistakenly divulged in response to a freedom of information request.

Some of the people named are officers working in intelligence. 

Source: | This article originally belongs to Dailymail.co.uk

Content source – www.soundhealthandlastingwealth.com

Leave a Comment

Your email address will not be published. Required fields are marked *