Labour Party deflects major DDoS attack on its digital platforms
Image credit: REUTERS/Jon Super
The Labour Party said it has deflected a “large-scale cyber attack” on its systems and it is investigating with the National Cyber Security Centre [NCSC] in order to identify the perpetrator.
A Labour Party spokesperson said: “We have experienced a sophisticated and large-scale cyberattack on Labour digital platforms. We took swift action and these attempts failed due to our robust security systems. The integrity of all our platforms was maintained and we are confident that no data breach occurred.
“Our security procedures have slowed down some of our campaign activities, but these were restored this morning and we are back up to full speed. We have reported the matter to the [NCSC].”
The spokesperson added that the party was confident that no data had been acquired by the hackers.
Labour sources later confirmed that the attack was a distributed denial-of-service (DDoS) attack, a common type of cyber attack which uses multiple systems (such as a botnet) to overload the targeted system with traffic, causing it to slow to a crawl or crash altogether. Identifying the perpetrator of a DDoS attack can prove a serious challenge for cyber-security experts.
“Attributing a cyber attack is never easy to get rid and rarely does the technical evidence for assigning responsibility to a nation state get presented publicly,” said Dean Ferrando, a manager at Tripwire. “We are beginning to see cyber attacks and politics becoming intertwined. Any time one nation blames another for a cyber attack, political motivations have to be considered as well as what evidence has been presented.”
“However, the motivations for nation-state attackers are very different from the majority of cyber criminals. Nation-state attackers are often better resourced, more patient and more interested in causing harm to life and safety than their criminal counterparts, which is why it is interesting to see such a brute force attack directed to the Labour Party.”
Senior Labour Party figures have not speculated about who could be responsible for the attack, although party leader Jeremy Corbyn commented: “We have a system in place in our office to protect us against these cyber attacks, but it was a very serious attack against us.
"So far as we’re aware, none of our information was downloaded and the attack was actually repulsed because we have an effective in-house developed system by people within our party.
"But if this is a sign of things to come in this election, I feel very nervous about it all because a cyber attack against a political party in an election is suspicious, something one is very worried about.”
Corbyn added that the party and the NCSC were investigating who could be responsible. A NCSC source told the Press Association that the cyber attack was “low level”, with no evidence of sponsored activity.
Robert Ramsden Board, EMEA VP at Securonix, added: “Large-scale cyber attacks against political organisations is [a] growing concern for political parties. As attackers become more sophisticated and persistent in their methods, governments and political organisations need to invest in robust security systems to avoid operational disruptions or data loss.”
Event you may be interested in...
Cyber Security for Industrial Control Systems
Building Resilient Systems for the 21st Century Cyber security
5 - 6 March 2020 | IET London: Savoy Place
Gain new ideas and best practice to create and implement resilient and sustainable cyber security strategies. Speakers include Microsoft, McAfee, NCSC, National Grid and the Health and Safety Executive.
Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.