Security

Rogue states targeting UK elections

By
John Cameron / Unsplash

Although the election to replace outgoing United Kingdom Prime Minister Liz Truss is largely a parliamentary party leadership contest, hackers from unfriendly nations are already moving to sow discord among the British public. 

While the news cycle shifted from the tumult of UK Prime Minister Truss' chaotic 44-day tenure as the country's head of government to the drama of who from the thinning bench of elder statesmen in the Conservative Party might succeed her, The Guardian reported today that the Government Communications Headquarters (GCHQ), the British government's signals intelligence security organization, alerted the Conservative Party on its preparations for an online vote. GCHQ's National Cyber Security Centre previously intervened in August but apparently this time has not directed any significant changes, but kept advising on ways to maintain vigilance. 

Russia, in particular, has been identified as the chief antagonist likely to seek to disrupt the public's confidence in the election. The cybersecurity firm Mandiant forecasted the likely scenario: disinformation, regardless of whether the online vote is compromised, would seek to undermine social and political stability across the United Kingdom in an effort to further weaken the democracies around the world. 

"There could be an attempt at sowing disinformation after the vote. Even if there is no security compromise ... Russia [might start] pumping out narratives that it was compromised, in order to undermine the result and the integrity of the process."

- Jamie Collier, cybersecurity consultant at Mandiant

Though elections in most western democracies are free and fair elections, and fraud is virtually unheard of, a 2007 report from the UK's Electoral Commission (.pdf) warned that introducing electronic ballots in local elections across England could be prone to mischief, abuse, and foreign interference. Other British news media have also begun to educate the public about this election's safety and security and warn that the leadership contest will present a tempting target for Russian spies

The process of electing a new Prime Minister in between national elections results in a couple of polls - one among party members and another confirming the vote by Conservative members of parliament, both to be hastily concluded by October 28 - and it is for that reason that some are urging the system is already being tampered with. Fortune showcased a warning from former British Prime Minister David Cameron's staff identifying Tortoise Media, a British news website spun off by former BBC employees, engaging in antics to prove the process is flawed.

"There's a company called Tortoise Media, and it has signed up as Conservative Party Members a tortoise, an American, and a Ukrainian, and they pay 25 pounds each. That tortoise, that Ukrainian, and that American - who are [all] fictitious by the way - are now eligible to vote in this election. What does that say about our democracy?"

- Camilla Cavendish, former head of policy for the United Kingdom

Authorities are quick to point out that these antics are commonplace and never succeed. "That organization did make some false applications," observed a Conservative Party spokesman who declined to be identified, "They did not get a vote in the last leadership contest, and they will not get a vote in this one." Views like these stand in sharp contrast to cybersecurity experts who warn that security cannot be strong enough to prevent interference.

Nevertheless, experts are right to worry: the United Kingdom's democratic processes were the subject of astonishing ridicule during the Brexit Vote in 2016 when social media data firm, Cambridge Analytica, leveraged easily harvestable data on Facebook to manipulate the public's posture on issues. The crisis, and its subsequent implications for the 2016 U.S. Presidential Elections, were featured in the 2019 documentary The Great Hack