Security researchers in the UK warn of potentially malicious efforts to alter the result of the upcoming Conservative Party leadership election.

The next Prime Minister of the country will be decided by around 160,000 party members when they decide between current foreign secretary Liz Truss and former chancellor Rishi Sunak.

The National Cyber Security Centre (NCSC), part of the spy agency GCHQ, was forced to alert the party that the voting system for members could be hijacked by hackers.

Party members are able to vote online or by post. However, a loophole in the system means that they, or potentially a more malicious third party, could have changed only results after they had been cast.

After the NCSC’s intervention, there is now a unique code which will be deactivated once online ballots are cast so that it’s impossible to re-enter the voting site once voted.

A NCSC statement seen by The Guardian noted that, “defending UK democratic and electoral processes is a priority for the NCSC and we work closely with all parliamentary political parties, local authorities and MPs to provide cybersecurity guidance and support.”

“As you would expect from the UK’s national cybersecurity authority we provided advice to the Conservative Party on security considerations for online leadership voting.”

In 2017, GCHQ warned lawmakers of the prospect of Russian state hackers interfering in UK elections.

It’s unclear why the Conservative Party decided to break with the precedent on no online voting, given the extra security risks presented by digitalising the process.

The post Conservative Party Leadership Election Warned of Potentially Malicious Efforts to Alter the Result of Upcoming Election appeared first on IT Security Guru.

source

You May Also Like

API and database issues cause Discord outage

Discord has announced that it suffered a ‘massive outage’, which affected user…

New “initial access broker” working with Conti gang

Google’s Threat Analysis Group (TAG) has new initial access broker that it…

Zimbra zero-day vulnerability exploited to steal emails

Attacks linked to a Chinese threat actor have exploited a Zimbra’s zero-day…