Security researchers in the UK warn of potentially malicious efforts to alter the result of the upcoming Conservative Party leadership election.
The next Prime Minister of the country will be decided by around 160,000 party members when they decide between current foreign secretary Liz Truss and former chancellor Rishi Sunak.
The National Cyber Security Centre (NCSC), part of the spy agency GCHQ, was forced to alert the party that the voting system for members could be hijacked by hackers.
Party members are able to vote online or by post. However, a loophole in the system means that they, or potentially a more malicious third party, could have changed only results after they had been cast.
After the NCSC’s intervention, there is now a unique code which will be deactivated once online ballots are cast so that it’s impossible to re-enter the voting site once voted.
A NCSC statement seen by The Guardian noted that, “defending UK democratic and electoral processes is a priority for the NCSC and we work closely with all parliamentary political parties, local authorities and MPs to provide cybersecurity guidance and support.”
“As you would expect from the UK’s national cybersecurity authority we provided advice to the Conservative Party on security considerations for online leadership voting.”
In 2017, GCHQ warned lawmakers of the prospect of Russian state hackers interfering in UK elections.
It’s unclear why the Conservative Party decided to break with the precedent on no online voting, given the extra security risks presented by digitalising the process.