Shutterstock/Gago design
The British government has accused China of hacking the British Electoral Commission, gaining access to information on millions of voters.
In the aftermath of the incident, the British and US governments imposed sanctions on a company fronting China’s Ministry of State Security (MSS), Wuhan Xiaoruizhi Science and Technology, and affiliates for their involvement in the breach and planting malware . in critical infrastructure.
Britain and many other countries are increasingly concerned about cyber operations targeting national security, technological innovation and economic interests. China has long been associated with state-sponsored cyber espionage activities. Targets included foreign governments, companies and critical infrastructure.
Although China does not inherently pose a threat to Britain, the two countries have a complex relationship characterized by both cooperation and competition. China has economic influence over Britain and the two compete in innovation. But China’s military ambitions, human rights record and reputation for covert influence campaigns require careful diplomatic and strategic management.
It is not clear what exactly motivated the attack on the election commission, but such attacks are generally related to different strategic interests. States may target foreign electoral organizations with the aim of influencing election results or, more generally, to undermine democratic processes, including by damaging voter confidence. They can try to influence the information they collect, either economically or in terms of global positioning.
These activities are not unique to China. In a deeply connected and increasingly digitalized world, many states are strategically motivated to engage in this kind of subterfuge.
How these types of attacks work
The US Cybersecurity and Infrastructure Security Agency (CISA) has already detailed the methods used by MSS affiliates in their cyber espionage. They systematically exploit vulnerabilities in software and systems and penetrate federal government networks and commercial entities.
Their approach demonstrates a deep understanding of cyber warfare and intelligence gathering, and a high level of expertise. It is clear that significant resources have been made available to them.
Central to their strategy is actively exploiting vulnerabilities. They meticulously look for weaknesses in target systems and software and exploit them. By identifying these security holes, they manage to bypass protective measures and infiltrate sensitive environments, with the aim of accessing and extracting valuable information.
When gathering intelligence, these agents scour publicly available sources – including the media and government reports – to gather critical data about their targets. This can range from details about an organization’s IT infrastructure and employee data to potential security breaches. Such intelligence lays the foundation for highly targeted and effective cyber attacks.
Meanwhile, they scan for vulnerabilities in the system itself, uncovering vital details such as open ports and the services running on them. This includes any software that may be ripe for exploitation due to known vulnerabilities.
The agents then use all this information to gain unauthorized access. They exploit system flaws to cause unexpected behavior, allowing installation of malware, data theft, and system auditing.
The ultimate aim of these operations is to exfiltrate data, such as the names and addresses of British voters in the case of the Electoral Commission. They illegally copy, transfer, or extract data from compromised systems, targeting personal information, intellectual property, and government or commercial secrets.
The pencil is mightier than the keyboard
In August 2023 it was known that the electoral commission had been attacked, but the suspects have only now been publicly named.
Despite the breach, the Electoral Commission claims that core elements of the UK election process remain secure and that there will be “no impact” on the security of the election. This is partly because much of the UK system is paper-based. People are processed by hand when they go to a polling place on Election Day, they use pencil and a paper ballot to vote, and their votes are counted by hand.
These factors make it very difficult to influence the outcome of a British election through a cyber attack, unlike countries that use electronic voting machines or automated vote counting. Paper ballots and documents are tangible and physically countable and provide a verifiable trail. So even in the event of a cyber breach, the basic act of casting and counting votes remains unaffected by digital vulnerabilities.
Stronger systems are still needed
Nevertheless, the attack raises questions about the effectiveness of existing monitoring and logging systems for detecting data breaches. The attack accessed not only the voters’ registers, but also the commission’s email and control systems. The data that may have been accessed included the full names, email addresses, home addresses and telephone numbers of British citizens.
The committee is also not the only target in the British political system. The National Cyber Security Center (NCSC) assesses with a high degree of certainty that APT31, an advanced persistent threat group linked to the Chinese state, has engaged in reconnaissance activities targeting British parliamentarians.
To protect its elections from cyber threats such as those posed by APT31, the UK government is already working to improve the overall resilience of its electoral cyber infrastructure. It works closely with the NCSC to identify threats and emerging trends. These efforts will likely include regular security audits, penetration testing, and the implementation of secure software development practices to ensure systems are robust.
What is perhaps most significant in the case of the Electoral Commission hack is the fact that the British government has so explicitly called out China. This is a strategy decided together with allies to better hold perpetrators accountable.
Publicly attributing cyber attacks to specific state actors or groups sends a clear message that such activities are being monitored and will not go unchallenged. This strategy of transparency and accountability is critical in establishing international norms and expectations for state behavior in cyberspace.
This article is republished from The Conversation under a Creative Commons license. Read the original article.
The conversation
Soraya Harding does not work for, consult with, own shares in, or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.
