Russians blamed for shock cyber attack hitting millions of UK voters
Moscow-linked hackers ‘top of the suspects list by a mile’, says ex-MI6 boss
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Russia is suspected of being behind the cyber attack on the Electoral Commission which left the data of 40 million UK voters exposed, sparking fears of an attempt to “interfere” with British democracy.
The elections watchdog apologised after revealing that it first detected the “complex” hack in October 2022. But the breach had happened more than a year before, in August 2021.
Britain’s intelligence services have detected evidence linking the attack to Russians, according to The Times and The Telegraph, after the commission asked GCHQ to investigate the breach.
Former GCHQ director Sir David Omand told BBC Radio 4’s PM that Moscow would be “first on my list of suspects”, while Sir Richard Dearlove, the former head of MI6, said Russia “would be at the top of the suspects list by a mile”.
Mr Omand said: “Russians – and I point to them in particular – have been interfering with democratic elections for some years now. Think of the 2016 US election, and then the French election, and then the German election, even our own 2019 election.”
Signs of ransomware – software designed to block an organization accessing its own files – were reportedly found. It has sparked concerns that the watchdog could have been blocked from accessing its own voter lists.
The hack, publicly confirmed on Tuesday, allowed the cyberattackers to access reference copies of electoral registers containing names and addresses of everyone registered to vote between 2014 and 2022.
The Electoral Commission apologised and insisted that there was little risk of “hostile actors” influencing the outcome of a vote.
But the commission’s chief executive Shaun McNally admitted that his organisation did not know yet exactly which files had been accessed.
“We know which systems were accessible to the hostile actors, but are not able to know conclusively what files may or may not have been accessed,” he said.
“While the data contained in the electoral registers is limited, and much of it is already in the public domain, we understand the concern that may have been caused by the registers potentially being accessed and apologise to those affected.”
The watchdog chief said measures had been taken to improve security on the commission’s IT systems – playing down the risk of election interference because of paper-based voting.
“It would be very hard to use a cyberattack to influence the process,” said Mr McNally.
The hackers were able to access reference copies of the electoral registers, held by the commission for research purposes and to enable permissibility checks on political donations.
The registers held at the time of the cyberattack include the name and address of anyone in the UK who was registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters.
The exposed files included those who opted to keep their details off the open register, but can still be credit agencies and other. But they did not include the details of those who have registered completely anonymously.
Senior Labour MP Chris Bryant, responding to criticism online that it took almost one year for the commission to reveal the hack, said it raised fresh questions about the intelligence and security committee’s report into Russia influence.
“Why did the government refuse to publish the unexpurgated Russia Report?” the standards committee chair tweeted.
The Information Commissioner’s Office (ICO) has launched an investigation “as a matter of urgency”, saying voters would be alarmed by the news.
Labour’s deputy leader Angela Rayner said: “This deeply concerning attack serves as a reminder of the critical importance of Britain’s resilience to cyber-attacks. This serious incident must be fully and thoroughly investigated so lessons can be learned.”
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments