SNP warn of threat to democracy as Russia accused of cyber attack on Electoral Commission

Tens of millions of voters could have had their details accessed by hackers, with experts suggesting the Kremlin or China may be responsible.

While the cyber attack could not influence the outcome of a vote, the Electoral Commission has still apologised for the breach in its systems.

Now Stewart McDonald MP, a senior backbencher with the SNP, has labelled the attack “deeply concerning”.

He said: “If the Kremlin is behind this attack, as the former directors of MI6 and GCHQ have suggested, it would represent yet another example of Russia’s attempts to undermine our democracy and the institutions which underpin it.

“As we enter an age in which the use of cyber warfare is increasingly pervasive, the UK government must strive to better understand these threats and take appropriate action to prevent such incidents from occurring.

“It is vital that the source of this hack is quickly identified and swift action taken to ensure that the institutions vital to the functioning of our democracy are insulated from malicious state actors.”

Earlier cyber security experts suggested the hack bears the hallmarks of a state-backed attack.

James Sullivan, director of cyber research at the Royal United Services Institute for Defence and Security Studies (Rusi), said that determining the perpetrator was currently just speculation.

But he said it was difficult to ignore the “usual suspects” of Russia and China.

“Most state-led cyber operations are conducted to gather intelligence and spy. And when we look at some of the data that has been accessed, there was no financial impact from this incident as far as we know.

“It is most likely that the reason for this intrusion, given the type of data accessed and the length of time the adversary had in the network, fits with a state-led cyber operation,” he said.

The attack, which was publicly confirmed on Tuesday, was identified in October 2022, but the hackers had first been able to access the commission’s systems in August 2021.

The hackers were able to access reference copies of the electoral registers, held by the commission for research purposes and to enable permissibility checks on political donations.

The registers held at the time of the cyber attack included the name and address of anyone in the UK who was registered to vote between 2014 and 2022, as well as the names of those registered as overseas voters.

The National Cyber Security Centre said it had provided the commission with expert advice and support.

Mr Sullivan stressed that whoever carried out the attack has “plausible deniability” and currently only limited information is known about the hack.

But he warned: “When we are looking at this, I think it is probably appropriate to look to the usual suspects of hostile actors.

“We have seen that China conducts a lot of espionage like this… They are willing to conduct espionage where they sit in a network for a long period of time.

“Russia as we know conducts all sorts of cyber operations, from cyber crime to espionage.”