Free Video Downloader

Fast and free all in one video downloader

For Example:


Copy shareable video URL


Paste it into the field


Click to download button

Parsing the UK voter register cyberattack
August 12, 2023

Parsing the UK voter register cyberattack

Reading Time: 4 minutes

A catastrophic breach of the United Kingdom electoral register affects tens of millions of residents following a cyberattack at the U.K. Electoral Commission.

With data on more than 40 million voters accessed by unnamed hackers, the cyberattack is already one of the U.K.’s largest ever hacks.

The Electoral Commission said the hackers accessed a ‘high volume’ of personal information of people registered to vote in the U.K. between 2014 and 2022, including names and home addresses. The information is used for research and conducting checks on political donors. The Commission said there was no impact on the integrity of elections or any voter’s registration since ‘live’ electoral registers are handled by local election authorities.

The cyberattack was disclosed Tuesday, more than nine months after the organization said it discovered ‘suspicious activity’ on its network in October 2022. The Commission said the hackers first gained access more than a year earlier in August 2021.

Why the U.K. public is first hearing about it now is anybody’s guess. The Electoral Commission declined to answer our specific questions, citing an ongoing investigation by the U.K. data protection authority, the Information Commissioner’s Office. When reached, an ICO spokesperson would not say why the Commission took nine months to disclose the cyberattack.

The Electoral Commission’s website has limited details about the incident.

What the Electoral Commission said in its data breach notice

The Commission is ‘unable’ to ascertain if data was actually stolen

It’s not disputed that the hackers gained access to the Commission’s network, including its file sharing systems and email server ????️. It’s that the Commission does not know if data was taken or exfiltrated from its systems. The Commission’s notice specifically notes: ‘We have been unable to ascertain whether the attackers read or copied personal data.’ ????️

The question really is, what monitoring and logging did the Commission have in place, if any, to detect or identify a data breach?

Accessed data includes voters’ names, addresses, and non-public voter information

According to the notice, the personal data accessed by the hackers includes names, email addresses and postal addresses, phone numbers ????️ and any correspondence that voters had with the Commission, including emails (more on that below). Voters registered to vote anonymously are not affected by the cyberattack, the Commission confirmed.

The compromised data does, however, include information on voters who opted out of having their information published in the public voter registers, which are available to anyone wanting to purchase.

Commission said suspicious logins flagged the hack

Buried in its notice, the Commission said it was first alerted to the attack ‘by a suspicious pattern of log-in requests to our systems’ ????️ in October 2022. Once the Commission identified the suspicious pattern of logins, presumably the initial access was then traced back to August 2021. This means that the hackers were in the Commission’s systems for more than a year before they were noticed, and likely longer until they were fully expelled.

As a result of the security incident, the Commission said it ‘strengthened our network login requirements’ ????️ but did not say specifically how. That could be anything from implementing two-factor authentication to simply improving their existing security protections.

‘Hostile actor’ likely suggests evidence of malice

The Commission described the hackers as ‘hostile actors,’ ????️ citing its unnamed cybersecurity partners, presumably incident response with knowledge of investigating cyberattacks. We don’t know what the evidence is, or what the Commission constitutes ‘hostile.’ Given this, we can likely conclude that whatever access or activity that the hacker gained suggests a level of malice not typically carried out by good-faith security researchers in the pursuit of reporting and fixing security flaws.

What we don’t know about the Electoral Commission hack

The Commission does not know who is behind the breach

We don’t know what the motivations of the hackers are, or whether they are financially driven or a state-backed hacker conducting espionage.

The Commission said nobody has ‘claimed responsibility’ ????️ for the hack, suggesting that the hackers have not contacted the Commission with an extortion demand, such as a ransom to return encrypted or stolen data. The Commission also said that ‘we do not know who is responsible for the attack.’ ????️

This is important as it suggests neither the hackers have claimed responsibility nor has the Commission heard from the hackers. Where there isn’t a financial motivation for a cyberattack, one might instead wonder what value this data has to an adversarial nation.

It’s not known how the Commission’s email server was compromised

A key part of this cyberattack was the hackers’ access to the Commission’s email server. According to the notice, the hackers gained access to copies of the electoral registers ????️ and its email servers, which the Commission said contains ‘a broad range of information and data,’ ????️ without specifying more.

Commission spokesperson Andreea Ghita said that as a result anyone who contacted the Commission by email or through its web form ‘will have provided data that was accessible as part of this attack.’

However, August 2022 was the same month that hackers began exploiting a then-unpatched zero-day flaw affecting Exchange on-premise servers called ProxyNotShell, which can be abused to gain full control of an email server. At the time, there were no patches for ProxyNotShell until months later in November 2022, Beaumont said. Exploitation of ProxyNotShell was widespread across the internet.

A key question will be if the hackers gained access to the Commission’s network and then its email server, or if the email server was compromised first and used to pivot and gain access to the Commission’s network. It’s a missing detail that could be important in understanding how the cyberattack was carried out.

Why did it take nine months to go public?

The Commission confirmed that it reported the hack ????️ to the Information Commissioner’s Office within the statutory 72 hours from the time of initial discovery of a cyberattack as required by U.K. data protection law.

The Commission said that it had to take ‘several steps’ ????️ before it could make the incident public, such as expelling the hackers from its systems, assess the damage, and put in place new security measures to prevent a similar attack.

Those nine months of silence will likely face considerable scrutiny from those investigating the incident.


Ref: techcrunch -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope,, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG

Leave a Reply

Your email address will not be published. Required fields are marked *