U.K. Accuses China of Cyberattacks Targeting Voter Data and Lawmakers
The British government on Monday accused China of cyberattacks that compromised the voting records of tens of millions of people, a sharp rebuke that underlined the hardening of Britain’s stance toward China since its leaders heralded a “golden era” in British-Chinese relations nearly a decade ago.
The deputy prime minister, Oliver Dowden announced sanctions against two individuals and one company linked to a state-affiliated group implicated in the attacks, which he said targeted both an elections watchdog and lawmakers. The Foreign Office summoned China’s ambassador to Britain for a formal diplomatic dressing down.
“This is the latest in a clear pattern of hostile activity originating in China,” Mr. Dowden said in Parliament. “Part of our defense is calling out this behavior.”
The government disclosed the attack on the Electoral Commission, which oversees elections in the United Kingdom, last year but did not identify those behind it. It is believed to have begun in 2021 and lasted several months, with the personal details of 40 million voters being hacked.
The Electoral Commission said that the names and addresses of anyone registered to vote in Britain and Northern Ireland between 2014 and 2022 had been accessed, as well as those of overseas voters.
The commission previously said that the data contained in the electoral registers was limited and noted that much of it was already in the public domain. However, it added that it was possible the data could be combined with other publicly available information, “such as that which individuals choose to share themselves, to infer patterns of behavior or to identify and profile individuals.”
In addition to the infiltration of the Electoral Commission, Mr. Dowden confirmed that the Chinese attempted unsuccessfully to hack email accounts belonging to several members of Parliament.
Although he did not name the individuals, they are thought to include Iain Duncan Smith, a former leader of the Conservative Party; Tim Loughton, a former Conservative education minister; and Stewart McDonald, a member of the Scottish National Party — all of whom have a record of making hawkish statements about China.
Mr. Dowden said that British officials had determined that it was “almost certain” that a state affiliated group, APT31, conducted reconnaissance against the lawmakers in 2021. “The majority of those targeted were prominent in calling out the malign activity of China. No parliamentary accounts were successfully compromised,” he added.
Speaking to the media on Monday, Mr. Duncan Smith said that China should “immediately be labeled as a threat,” something that would go significantly beyond the language used in a British foreign policy review which last year said that Beijing “poses an epoch-defining and systemic challenge.”
Mr. Duncan Smith said a number of lawmakers had suffered hacking attempts and described how he was impersonated by someone who, using a fake email address, contacted politicians around the world claiming to recant his views and to admit that he was a liar. Speaking after Mr. Dowden’s statement, Mr. Duncan Smith welcomed the sanctions but compared the deputy prime minister’s announcement to “an elephant giving birth to a mouse.”
Prime Minister Rishi Sunak said, “We’ve been very clear that the situation now is that China is behaving in an increasingly assertive way abroad, authoritarian at home and it represents an epoch-defining challenge, and also the greatest state-based threat to our economic security.”
John Pullinger, chair of the Electoral Commission, said that the hacking incident would not impact how people registered, voted, or participated in democratic processes. But he added in a statement that the announcement “demonstrates the international threats facing the U.K.’s democratic process and its institutions,” and that the commission remained “vigilant to the risks.”
Tensions between Britain and China have risen in recent years over concerns about human rights and Chinese threats to British security. Under pressure from the United States, Britain in 2020 announced plans to curtail the role of Huawei, the Chinese telecommunications giant, in its 5G network.
Then Britain condemned a new national security law in Hong Kong, a former British colony, saying it violated the terms of London’s handover agreement with Beijing. The government offered visas to roughly 350,000 Hong Kong residents who held British overseas passports, and about 160,000 had moved by 2023.
In September, the police arrested a 28-year-old British researcher in Parliament on suspicion of working for the Chinese government. The man, who denied being a spy, worked with prominent lawmakers, including Tom Tugendhat, who is now security minister in the government, on China policy, raising fears of possible security breaches.
The arrest of the researcher, which was believed to be unrelated to the cyberattacks, widened a rift within the governing Conservative Party over how London should engage with an increasingly assertive Beijing.
The current foreign secretary, David Cameron, was prime minister during the period when Britain cultivated closer commercial ties with China. In a news conference with President Xi Jinping in 2015, he hailed the dawn of a “golden era in relations between Britain and China.”
Mr. Cameron, who has since stiffened his language about China, was expected to brief Conservative members of Parliament about the allegations later on Monday. There is pressure from a cohort within his own party to go further, however. “It is abundantly clear that China is a hostile state and poses an unprecedented threat to our national security,” said Suella Braverman, a former home secretary, in Parliament.
On Monday, a spokesman for China’s Ministry of Foreign Affairs, Lin Jian, dismissed the reports of Chinese hacking as “fake news.”
“When investigating and determining the character of cyber-incidents, there must be adequate objective evidence,” Mr. Lin said, “not smearing other countries without a factual basis, not to mention politicizing cybersecurity issues.”
Christopher Buckley contributed reporting.