British Voters Wide Open To Attack

Uploaded on 2023-09-11 in GOVERNMENT-National, FREE TO VIEW, TECHNOLOGY--Hackers

Britain’s natonal Electoral Commission faced significant cyber security failings shortly before a major data breach, where hackers potentially accessed the data of millions of voters, including sensitive information not available on public registers. Now the UK’s Electoral Commission itself has confirmed it failed a basic cyber security test at about the same time some hackers attacked the organisation.

This follows previous warnings that the UK’s Election Commission had failed the Cyber Essentials test in multiple areas, including the use of outdated and vulnerable devices and software.

The unnamed attackers accessed Electoral Commission email correspondence and could have viewed databases containing the names and addresses of 40 million registered voters, including millions of those not on public registers.

The Commission has said that "hostile actors" hacked into its emails and potentially the data of 40 million voters.
The hackers obtained the “name and address of anyone in the UK who registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters.” Government officials pointed the finger of blame at Russia with Sir David Omand, a former director of GCHQ, reported as saying that Russia was the prime suspect.

The Commission has now determined that the attack started in August 2021, although it was not detected until October 2022. The commission has since disclosed that it did not pass the test due to two issues which it contends are unrelated to the hack:

  • An earlier version of Windows software found running on some Commission laptops 
  • An outdated version of operating system software on staff mobiles.

It said these problems were not linked to the attack, which affected the organisation’s email servers.

Cyber Essentials is voluntary but widely used by organisations as a way to show customers they are security-aware. The government requires all suppliers bidding for contracts involving the handling of certain sensitive and personal information to hold an up-to-date Cyber Essentials certificate. But the Commission failed in multiple areas when it tried to get certified in 2021.

When the hack was first disclosed, the Electoral Commission said that the data hacked from the full electoral register was "largely in the public domain". However, less than half the data on the open register, which can be purchased, is publicly available, so the hackers would have accessed data belonging to tens of millions of people who opted out of the public list.

Cyber Essentials is a standard that UK government requires of all suppliers, however, it was originally created to help small businesses, not large corporates.

Electoral Commission:    Safety Detectives:     BBC:      Guardian:       Silicon:    CSO OnlineComputer Weekly

Cybernews:      

You Might Also Read: 

Penetration Testing For An Effective Cyber Security Defence:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Red Teaming Is More Relevant Than Ever
The Security Aspects Of Open Banking »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Advent IM

Advent IM

Advent IM is one of the UK’s leading independent cyber security specialists, with a unique approach to providing holistic security management solutions.

PCI Pal

PCI Pal

PCI Pal’s secure cloud payment solutions are certified to the highest level of security by the leading card companies.

th4ts3cur1ty.company

th4ts3cur1ty.company

th4ts3cur1ty.company specialize in delivering intelligence lead adversary emulation purple teaming & the bespoke building of Security Operation Centers.

National Cybersecurity Student Association (NCSA) - USA

National Cybersecurity Student Association (NCSA) - USA

The National Cybersecurity Student Association is a one-stop-shop to enhance the educational and professional development of cybersecurity students through activities, networking and collaboration.

Cambridge Cybercrime Centre

Cambridge Cybercrime Centre

The Cambridge Cybercrime Centre is a multi-disciplinary initiative combining expertise from the Department of Computer Science and Technology, Institute of Criminology and Faculty of Law.

UltraSoC Technologies

UltraSoC Technologies

Wolf Hill Group

Wolf Hill Group

Wolf Hill Group, a Slone Partners company, is a national recruitment firm focused on Cybersecurity.

Trilateral Research

Trilateral Research

Trilateral Research provide regulatory and policy advice; develop new data-driven technologies and contribute to the latest standards in safeguarding privacy, ethics and human rights.

Citadel Cyber Security

Citadel Cyber Security

Citadel is a leading 'One Stop Shop' provider of consulting services in cyber and information security. Our experts operate in hundreds of business organizations in Israel and around the world.

Resilience Cyber insurance

Resilience Cyber insurance

Resilience helps to improve cyber resilience by connecting cyber insurance coverage with advanced cybersecurity visibility and a shared plan to reinforce great cyber hygiene.

Chugach Government Solutions (CGS)

Chugach Government Solutions (CGS)

CGS performs work for the Federal Government across 4 unique core lines of business, including: Facilities Management and Maintenance, Construction, Technical IT and Cyber Services, and Educational Se

Theta

Theta

Theta is a New Zealand owned technology consultancy. Our team of over 330 experienced professionals help organisations transform with technology.

Cyabra

Cyabra

Cyabra is leading the fight against disinformation. Our AI shields companies and the public sector by uncovering malicious actors, bot networks, and GenAI content.

The Aerospace Corporation

The Aerospace Corporation

The Aerospace Corporation is playing a key role in advancing space cybersecurity through innovative prototypes that can quickly detect and mitigate cyber threats.

Highway Ventures

Highway Ventures

HIGHWAY Ventures is a startup studio that builds cybersecurity and vertical AI companies in Northwest Arkansas from technology developed within the federal lab ecosystem.

Transportation Security Administration (TSA) - USA

Transportation Security Administration (TSA) - USA

TSA is a component agency of the U.S. Department of Homeland Security (DHS), committed to securing the nation’s transportation systems.