Behind China's Hack Of UK's Electoral Commission
Date
3/28/2024 12:05:19 AM
(MENAFN- Asia Times) The UK government has accused China of hacking the UK Electoral Commission, gaining access to information about millions of voters.
In the aftermath of the incident, the UK and US governments have sanctioned a company that is a front for the Chinese Ministry of State Security (MSS), Wuhan Xiaoruizhi Science and Technology, and affiliated individuals for their involvement in the breach and for placing malware in critical infrastructure.
The UK and many other countries have growing concerns over cyber operations that target national security, technological innovation and economic interests. China has been linked to state-sponsored cyber espionage activities for some time. Targets have included foreign governments, businesses and critical infrastructure.
While China is not inherently a threat to the UK, the two countries have a complex relationship that is characterized by both cooperation and competition.
China has economic influence over the UK and the two compete on innovation. But China's military ambitions, human rights record and reputation for covert influence campaigns require careful diplomatic and strategic management.
It's not clear what precisely motivated the attack on the Electoral Commission but such attacks are generally linked to various strategic interests. States may target foreign electoral organizations with the aim of influencing election results or more generally to undermine democratic processes, including by damaging trust among voters. They may seek leverage with whatever information they gather, either economically or in terms of global positioning.
These activities are not unique to China. In a deeply connected and increasingly digitized world, many states are strategically motivated to engage in subterfuge of this kind.
Latest stories
S Korean trade, diplomacy trending away from China
China challenges United States' EV subsidies at WTO ![Connecting Indian cosmology, Western psychology and AI]()
Connecting Indian cosmology, Western psychology and AI How this kind of attack worksThe US Cybersecurity and Infrastructure Security Agency (CISA) has already detailed the methods deployed by affiliates of the MSS in their cyber espionage. They systematically exploit vulnerabilities in software and systems, penetrating federal government networks and commercial entities.
Their approach demonstrates a deep understanding of cyber warfare and intelligence gathering and a high level of expertise. It's clear that significant resources have been put at their disposal.
Central to their strategy is the active exploitation of vulnerabilities. They meticulously search for and take advantage of weaknesses across target systems and software. By identifying these security gaps, they manage to bypass protective measures and infiltrate sensitive environments, aiming to access and extract valuable information.
In gathering intelligence, these operatives scour publicly available sources – including the media and public government reports – to accumulate critical data on their targets. This could range from specifics about an organization's IT infrastructure and employee details to potential security lapses. Such intelligence lays the groundwork for highly targeted and effective cyberattacks.
Meanwhile, they scan for vulnerabilities in the system itself, uncovering essential details like open ports and the services running on them. This will include any software that may be ripe for exploitation due to known vulnerabilities.
The operatives then leverage all this information to gain unauthorized access. They exploit system flaws to induce unexpected behaviors, allowing for the installation of malware, data theft and system control.
The ultimate aim of these operations is the exfiltration of data, such as the names and addresses of British voters in the case of the Electoral Commission. They illicitly copy, transfer, or retrieve data from compromised systems, targeting personal information, intellectual property and government or commercial secrets.
Pencil mightier than the keyboardIt was known by August 2023 that the Electoral Commission had come under attack but the suspects have only now been named publicly.
Despite the breach, the Electoral Commission claims that the core elements of the UK's electoral process remain secure and that there will be “no impact” on the security of elections.
This is in part because so much of the British system is paper-based. People are processed by hand when they go to a polling station on election day, they use pencil and a paper ballot to vote, and their votes are counted by hand.
These factors make it very difficult to influence the outcome of a British election via a cyberattack, unlike in countries that use electronic voting machines or automated vote counting.
Paper ballots and records, being tangible and physically countable, provide a verifiable trail. So even in the event of a cyber intrusion, the fundamental act of casting and counting votes remains untainted by digital vulnerabilities.
Stronger systems are still neededThe attack nevertheless raises questions about the effectiveness of existing monitoring and logging systems for detecting data breaches. The attack accessed not only the electoral registers but also the commission's email and control systems. The data potentially accessed included UK citizens' full names, email addresses, home addresses and phone numbers.
Sign up for one of our free newsletters The Daily ReportStart your day right with Asia Times' top stories AT Weekly ReportA weekly roundup of Asia Times' most-read stories
Nor is the commission the only target in the British political system. The National Cyber Security Center (NCSC) assesses with a high degree of certainty that APT31, an advanced persistent threat group affiliated with the Chinese state, has engaged in reconnaissance activities targeting UK parliamentarians .
To secure its elections from cyber threats like those from APT31, the UK government is already improving the overall resilience of its elections cyberinfrastructure. It is working closely with the NCSC to identify threats and emerging trends.
These efforts are likely to include regular security audits, penetration testing and the adoption of secure software development practices to ensure that systems are robust.
What's perhaps most significant in the case of the Electoral Commission hack, however, is the fact that the UK government has called China out so explicitly. This is a strategy decided on with allies as a way of holding perpetrators more accountable.
Publicly attributing cyber attacks to specific state actors or groups sends a clear message that such activities are being monitored and will not go unchallenged. This strategy of transparency and accountability is pivotal in establishing international norms and expectations for state behavior in cyberspace.
Soraya Harding is Senior lecturer in Cybersecurity Intelligence and Digital Forensics, University of Portsmouth
This article is republished from The Conversation under a Creative Commons license. Read the original article .
Already have an account?Sign in Sign up here to comment on Asia Times stories OR Thank you for registering!
An account was already registered with this email. Please check your inbox for an authentication link.
MENAFN28032024000159011032ID1108030790
Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.