China’s UK election hack – how and why the Electoral Commission was targeted.

The UK government has accused China of hacking the UK Electoral Commission, gaining access to information about millions of voters.

In the aftermath of the incident, the UK and US governments have sanctioned a company that is a front for the Chinese Ministry of State Security (MSS), Wuhan Xiaoruizhi Science and Technology, and affiliated individuals for their involvement in the breach and for placing malware in critical infrastructure.

This article is the opinion of the author and not necessarily that of the UK Defence Journal. If you would like to submit your own article on this topic or any other, please see our submission guidelines.

The UK government has accused China of hacking the UK Electoral Commission, gaining access to information about millions of voters.

In the aftermath of the incident, the UK and US governments have sanctioned a company that is a front for the Chinese Ministry of State Security (MSS), Wuhan Xiaoruizhi Science and Technology, and affiliated individuals for their involvement in the breach and for placing malware in critical infrastructure.

The UK and many other countries have growing concerns over cyber operations that target national security, technological innovation and economic interests. China has been linked to state-sponsored cyber espionage activities for some time. Targets have included foreign governments, businesses and critical infrastructure.

While China is not inherently a threat to the UK, the two countries have a complex relationship that is characterised by both cooperation and competition. China has economic influence over the UK and the two compete on innovation. But China’s military ambitions, human rights record and reputation for covert influence campaigns require careful diplomatic and strategic management.

It’s not clear what precisely motivated the attack on the Electoral Commission but such attacks are generally linked to various strategic interests. States may target foreign electoral organisations with the aim of influencing election results or more generally to undermine democratic processes, including by damaging trust among voters. They may seek leverage with whatever information they gather, either economically or in terms of global positioning.

These activities are not unique to China. In a deeply connected and increasingly digitised world, many states are strategically motivated to engage in subterfuge of this kind.

How this kind of attack works

The US Cybersecurity and Infrastructure Security Agency (CISA) has already detailed the methods deployed by affiliates of the MSS in their cyber espionage. They systematically exploit vulnerabilities in software and systems, penetrating federal government networks and commercial entities.

Their approach demonstrates a deep understanding of cyber warfare and intelligence gathering and a high level of expertise. It’s clear that significant resources have been put at their disposal.

Central to their strategy is the active exploitation of vulnerabilities. They meticulously search for and take advantage of weaknesses across target systems and software. By identifying these security gaps, they manage to bypass protective measures and infiltrate sensitive environments, aiming to access and extract valuable information.

In gathering intelligence, these operatives scour publicly available sources – including the media and public government reports – to accumulate critical data on their targets. This could range from specifics about an organisation’s IT infrastructure and employee details to potential security lapses. Such intelligence lays the groundwork for highly targeted and effective cyberattacks.

Meanwhile, they scan for vulnerabilities in the system itself, uncovering essential details like open ports and the services running on them. This will include any software that may be ripe for exploitation due to known vulnerabilities.

The operatives then leverage all this information to gain unauthorised access. They exploit system flaws to induce unexpected behaviours, allowing for the installation of malware, data theft and system control.

The ultimate aim of these operations is the exfiltration of data, such as the names and addresses of British voters in the case of the Electoral Commission. They illicitly copy, transfer, or retrieve data from compromised systems, targeting personal information, intellectual property and government or commercial secrets.

The pencil is mightier than the keyboard

It was known by August 2023 that the Electoral Commission had come under attack but the suspects have only now been named publicly.

Despite the breach, the Electoral Commission claims that the core elements of the UK’s electoral process remain secure and that there will be “no impact” on the security of elections. This is in part because so much of the British system is paper based. People are processed by hand when they go to a polling station on election day, they use pencil and a paper ballot to vote, and their votes are counted by hand.

These factors make it very difficult to influence the outcome of a British election via a cyberattack, unlike in countries that use electronic voting machines or automated vote counting. Paper ballots and records, being tangible and physically countable, provide a verifiable trail. So even in the event of a cyber intrusion, the fundamental act of casting and counting votes remains untainted by digital vulnerabilities.

Stronger systems are still needed

The attack nevertheless raises questions about the effectiveness of existing monitoring and logging systems for detecting data breaches. The attack accessed not only the electoral registers but also the commission’s email and control systems. The data potentially accessed included UK citizens’ full names, email addresses, home addresses and phone numbers.

Nor is the commission the only target in the British political system. The National Cyber Security Centre (NCSC) assesses with a high degree of certainty that APT31, an advanced persistent threat group affiliated with the Chinese state, has engaged in reconnaissance activities targeting UK parliamentarians.

To secure its elections from cyber threats like those from APT31, the UK government is already improving the overall resilience of its elections cyberinfrastructure. It is working closely with the NCSC to identify threats and emerging trends. These efforts are likely to include regular security audits, penetration testing and the adoption of secure software development practices to ensure that systems are robust.

What’s perhaps most significant in the case of the Electoral Commission hack, however, is the fact that the UK government has called China out so explicitly. This is a strategy decided on with allies as a way of holding perpetrators more accountable.

Publicly attributing cyber attacks to specific state actors or groups sends a clear message that such activities are being monitored and will not go unchallenged. This strategy of transparency and accountability is pivotal in establishing international norms and expectations for state behaviour in cyberspace.The Conversation

Soraya Harding, Senior lecturer in Cybersecurity Intelligence and Digital Forensics, University of Portsmouth. This article is republished from The Conversation under a Creative Commons license. Read the original article.

Notify of

Inline Feedbacks
View all comments
4 days ago

“While China is not inherently a threat to the UK”

Completely wrong. China has been operating against us for decades. Even HMG spin PR is coming to admit that. We’ve suffered their cyber attacks for ages, they ripped up the HK agreement imposing draconian rule & they’ve ripped off loads of our tech secrets.

The CCP are running scared of being overthrown as many dictators were in the wake of the end of the cold war.

3 days ago
Reply to  Frank62

They are a threat now but not an inherent threat.
We have no competing territorial claims and if Xi, and perhaps the Communist Party, were overthrown there’s no reason we couldn’t have neutral or even friendly relations.

14 minutes ago
Reply to  Tomartyr

Disrespect of Intellectual Property, Fair Trade, International Rule of Law, and Human Rights are not inherent just consistently demonstrated in Han exceptionalism.

That the current regime is confident enough to demonstrate those behaviours and another regime might not doesn’t mean that it’s not what they think.

By their deeds, ye shall know them.

CCP is smart enough to realise that hybrid conflict in cyber, economic and media are way more cost effective than actual fighting wars.

The FSB Kompromat success in America and Europe gives CCP confidence that western countries can be easily beaten.

9 hours ago

This is absolutely a threat. China will of course have a preferred political party it wants to be in power. There are some policies that will play into their hands both commercially and militarily. Getting electral data will allow them to funnel information to change perspectives of individuals, something covered on this site before ‘cognitive biasis’, people can be influenced through SM and other media forms to change the way they think. Those who follow one political party may also have a confirmation bias, An outside influencer like a hacker could look reinforce the confirmation bias to ensure they stay… Read more »

Last edited 9 hours ago by Expat