UK blames China for cyber-attack on voter data

The government revealed that National Cyber Security Centre concluded that the country’s Electoral Commission systems were “highly likely” compromised by a Chinese entity between 2021 and 2022…reports Asian Lite News

The government on Monday accused China state-affiliated cyber organisations of at least two “malicious” and “reprehensible” cyber campaigns targeting Britain’s voter data and parliamentarians.

In a statement in the House of Commons, the government revealed that the UK’s National Cyber Security Centre (NCSC), a part of its Government Communications Headquarters (GCHQ), concluded that the country’s Electoral Commission systems were “highly likely” compromised by a Chinese entity between 2021 and 2022.

The NCSC also claims that it is “almost certain” that the China state-affiliated APT31 conducted reconnaissance activity against British parliamentarians during a separate campaign in 2021. All such attacks to interfere with UK democracy and politics are said to have been unsuccessful, but it has led to two individuals and one company linked to APT31 being sanctioned.

“The UK will not tolerate malicious cyber activity targeting our democratic institutions. It is an absolute priority for the UK government to protect our democratic system and values,” said Oliver Dowden, Deputy Prime Minister.

“I hope this statement helps to build wider awareness of how politicians and those involved in our democratic processes around the world are being targeted by state-sponsored cyber operations. We will continue to call out this activity, holding the Chinese government accountable for its actions,” he said.

Dowden told the Commons that the malicious cyber activity had not impacted electoral processes or affected the UK electorate’s rights or access to the democratic process or electoral registration. The Electoral Commission has since taken steps to secure its systems against similar activity in the future.

“It is completely unacceptable that China state-affiliated organisations and individuals have targeted our democratic institutions and political processes. While these attempts to interfere with UK democracy have not been successful, we will remain vigilant and resilient to the threats we face,” stated Foreign Secretary David Cameron, who said he has raised the issue directly with Chinese Foreign Minister Wang Yi.

“One of the reasons that it is important to make this statement is that other countries should see the detail of threats that our systems and democracies face,” he said.

The majority of the UK parliamentarians targeted include those calling out the malign activity of China, but the Foreign, Commonwealth and Development Office (FCDO) said no parliamentary accounts were successfully compromised.

“It is reprehensible that China sought to target our democratic institutions. China’s attempts at espionage did not give them the results they wanted and our new National Security Act has made the UK an even harder target,” said Home Secretary James Cleverly.

“Our upcoming elections, at local and national level, are robust and secure. Democracy and the rule of law is paramount to the United Kingdom. Targeting our elected representatives and electoral processes will never go unchallenged,” he said.

The UK’s statement is said to be supported by allies across its Five Eyes alliance, which includes Australia, Canada, New Zealand and the United States. The British government said the international community is calling on the Chinese government to demonstrate its credibility as a responsible cyber actor and welcomed the expression of solidarity from across the Indo-Pacific and Europe.

Through the Defending Democracy Taskforce and National Security Act, the NCSC has also published guidance on its website to help high-risk individuals, including parliamentarians, to bolster their resilience to cyber threats, as well as advice to help organisations improve their security.

The UK’s Elections Act 2022 also clarified the offence of undue influence, which it claims better protects voters from improper influences to vote in a particular way or to not vote at all, including activities which deceive an elector about the administration of an election or referendum. These electoral offences fall within the scope of the Online Safety Act’s illegal safety duties, requiring online platforms to swiftly take down such content when they are alerted to it.

The commission previously said that the data contained in the electoral registers was limited and noted that much of it was already in the public domain. However, it added that it was possible the data could be combined with other publicly available information, “such as that which individuals choose to share themselves, to infer patterns of behavior or to identify and profile individuals.”

In addition to the infiltration of the Electoral Commission, Dowden confirmed that the Chinese attempted unsuccessfully to hack email accounts belonging to several members of Parliament.

Although he did not name the individuals, they are thought to include Iain Duncan Smith, a former leader of the Conservative Party; Tim Loughton, a former Conservative education minister; and Stewart McDonald, a member of the Scottish National Party — all of whom have a record of making hawkish statements about China.

Dowden said that British officials had determined that it was “almost certain” that a state affiliated group, APT31, conducted reconnaissance against the lawmakers in 2021. “The majority of those targeted were prominent in calling out the malign activity of China. No parliamentary accounts were successfully compromised,” he added.

Speaking to the media on Monday, Duncan Smith said that China should “immediately be labeled as a threat,” something that would go significantly beyond the language used in a British foreign policy review which last year said that Beijing “poses an epoch-defining and systemic challenge.”


Leave a Reply

Your email address will not be published. Required fields are marked *