The UK government has accused Russian intelligence services of a large-scale hacking operation with the aim of undermining the British political system.
This wave of attacks is thought to have started in 2015 with targeted attacks on politicians, including attempts to convince them to reveal confidential information by posing as a trusted party.
Known victims of the attacks include the Institute for Statecraft think tank, which worked to counter Russian disinformation, and its founder Christopher Donnelly.
Hundreds of other politicians, journalists, civil servants and members of NGOs are also thought to have been targeted.
Officials in the UK and US have not seen evidence of the intent behind the hackers gathering information from British public and political figures, but there are concerns the mass of information gathered could be used in an attempt to sway next year’s general election.
A vast amount of data has been gathered by individuals operating on behalf of the Russian intelligence service, according to a Western official who spoke to Sky News.
‘Possibility’ of election disruption
“We are coming into an election year,” the official said.
“We want to get this [hack and leak threat] more into the bloodstream – so people are more aware.”
Asked whether the hackers had information they could leak to try to disrupt the election next year, the official said: “There is no evidence of that intent. There is that possibility. They have collected a lot of information.”
The information accessed is not limited to emails – it also includes private files and confidential details of contacts.
Only a small proportion of the significant array of personal data is thought to have been leaked, leaving a significant amount of personal information about public figures at the hackers’ disposal to divulge at a later date.
The concern is this date could coincide with the UK’s general election next year.
Increasingly sophisticated attacks
Government officials are right to spread the message about the threat from cybersecurity that arises from advances in technology that make phishing attacks ever more believable.
This message must be accompanied by efforts to improve literacy about what these attacks look like, but here arises another problem.
Cyberattacks are becoming so sophisticated, targeted and frequent that individuals cannot always be expected to be able to tell the difference between what is real and what is a scam.
So any efforts to improve literacy must also acknowledge that individuals cannot be fully responsible for recognising them and intervention is needed from policymakers to identify and avert these attacks.
