Electoral Commission hack: Five things you need to know

The public statement only raises more questions

Tom Allen
clock • 5 min read
Electoral Commission hack: Five things you need to know

Yesterday the UK's election regulator, the Electoral Commission, announced that it was hacked in 2021. The breach took more than a year to find, and 10 more months for the public to be told. Here are the five key takeaways you need to know.

1. Who's responsible?

So far, we don't know. Attribution is notoriously difficult in cybercrime, and all the Commission says is that "hostile actors" accessed its systems in August 2021.

The length of time between the breach taking place and being discovered will have made attribution a bit more difficult. That said, the "external security experts" the Commission is working with should still be able to make some educated guesses, using information like attack paths, payloads and motives - especially considering how long they've had to analyse the incident.

The fact that the attackers remain unidentified is a concern. Interference in democratic systems by hostile states carries significant implications, and there is a strong argument for this being discussed openly and transparently.

We also don't know how the attackers got in. Commission Chair John Pullinger told the BBC that the "very sophisticated" attack involved using "software to try and get in and evade our systems," but this leaves many unanswered questions.

You may also like
Epic Games allegedly hacked by ransomware gang

Hacking

The company denies evidence of breach

clock 29 February 2024 • 3 min read
'Cybersecurity is a team sport, but it could do with a glow up'

Careers and Skills

Lacework and AWS challenge outdated perceptions of cybersecurity and attract new talent

clock 27 February 2024 • 5 min read
IT Essentials: LockBit and load

Security

They fought the law, and the law won - for now

clock 26 February 2024 • 2 min read

More on Hacking

Epic Games allegedly hacked by ransomware gang

Epic Games allegedly hacked by ransomware gang

The company denies evidence of breach

clock 29 February 2024 • 3 min read
Cyber incident disrupts another UK university

Cyber incident disrupts another UK university

Coincides with attacks at universities in Cambridge and Manchester

clock 25 February 2024 • 2 min read
Cambridge University hit by DDoS attack

Cambridge University hit by DDoS attack

Anonyous Sudan claims it also hit the University of Manchester

John Leonard
clock 20 February 2024 • 1 min read