China accused of Electoral Commission attack

China accused of Electoral Commission attack

With the compromise of the 2021 UK Electoral Commission now attributed to cyberattackers affiliated with the Chinese state, industry experts give us their opinions.

Jake Moore, Global Cybersecurity Advisor, ESET, told us that attacks from state groups are not often motivated by the data they steal, rather by the prospect of demonstrating their capabilities. He calls on the government to improve its cybersecurity provision ahead of the general election.

“With an election looming this year, this attack puts a great deal of pressure on the government to show the UK public that voting remains safe and can’t be tampered with,” he said.

“The Chinese have long been associated with sophisticated and stealth attacks but when linked with meddling with the electoral system, the attack becomes even more sinister.

“Most data compromising cyberattacks target and steal personal information but hostile state attacks are often more motivated by showcasing their threatening behaviour and highlighting what they can potentially achieve.

“Members of staff in government will be on heightened alert but hostile state attacks are relentless and often break down even the most secure defences. More robust measures are, however, essential for maintaining cyber-hygiene and are especially crucial during times of increased cyberthreats.”

Stephen Robinson, Senior Threat Intelligence Analyst at WithSecure, said: “Cyber operations provide nation states with the ability to (relatively) perform espionage remotely, with a certain level of deniability. Considering reporting in recent years which has alleged Chinese attempts to influence Canadian, Taiwanese, and even US elections, it likely comes as no surprise that the UK Electoral Commission compromise of 2021 is now reported to have been the work of cyberattackers working for the Chinese state.

“Similarly, the targeting of British politicians by a foreign power is almost certainly a known risk to domestic intelligence services. Indeed, recent reporting on the iSoon leaks has stated that organisations who were contracted to perform cyber operations for the Chinese government described the UK Foreign office and Treasury as priority targets for the Chinese government.

“The compromise of the Electoral Commission is reported to have led to the theft of Personally Identifiable Information (PII) on millions of UK voters, but while our minds may leap to make that connection, as yet there is no indication that it was a direct attempt to influence UK elections.

“China has previously been alleged to have been behind other large scale thefts or PII, such as the Equifax breach in the US. It is possible that data theft from the Electoral commission would be motivated by a desire for high-quality PII on UK citizens, rather than an attempt at direct electoral influence. In our modern world of big data and data driven insights, large quantities of accurate data on individuals could have any number of uses.”

Tom Kidwell, a former British Army and UK Government intelligence specialist, and Co-founder of Ecliptic Dynamics, said: “The proposed sanctions from the UK to China marks a huge shift in the rhetoric against the Chinese state by the UK. Publicly accusing another member of the UN security council of attempting to influence or disrupt your election process is significant.

“China won’t accept this or acknowledge they were involved, and providing hard evidence of a direct link to Chinese state involvement will be difficult to release into the public domain. This will likely just become a back and forth between the two states, with the UK making a public accusation and China inevitably denying involvement. Finding out the methodology of the attack or gaining a small insight into its scope, is the most we can hope to learn at this point.

“What is interesting is the point of the attack. If China was responsible, what did they seek to achieve? Was it to collect data, or to disrupt or influence the outcome? If it was to influence the outcome of future elections, what would be the best outcome from a Chinese perspective?

“If they were able to stop an election happening in an orderly fashion, it would cause the UK significant embarrassment at a time of transition. By throwing the political system into disarray at a key time, it would allow whoever lost or won to question the outcome, causing critical disruption and allow authoritarian regimes, such as China, to point at the UK and democracy, highlighting it as broken or corrupt.

“For me the key line in the reports I have seen are that the attacks targeted ‘control systems’. This likely means that the attackers attempted to gain access to these systems to lay in wait for a more impactful point in the future to deliver the intended payload and cause the desired disruption.

“We and the US have elections looming and this could be a crucial positioning moment for both states. It isn’t a coincidence that the UK is releasing this information in the build up to an election, and I would expect more of this in the coming months in terms of rhetoric from the UK and allies.”

Browse our latest issue

Intelligent CISO

View Magazine Archive