The Labour Party has been hit by a “sophisticated and large-scale cyber attack” on its digital systems from an unknown source, although it was confident that security systems ensured there was no data breach.
Party officials reported the attack, which took place on Monday, to the National Cyber Security Centre.
The party did not reveal which digital platforms were targeted, but it is understood some of them were election and campaigning tools, which would contain details about voters. It sent a message to campaigners to explain the attack and why systems were working slowly yesterday.
A party spokeswoman said: “We took swift action and these attempts failed due to our robust security systems – the integrity of all our platforms was maintained and we are confident that no data breach occurred.
“Our security procedures have slowed down some of our campaign activities, but these were restored this morning and we are back up to full speed,” she added.
Labour was reportedly targeted by a distributed denial of service (DDoS) attack, which uses networks of compromised computers to flood a server with requests and overwhelm it.
Even when DDoS attacks succeed, they rarely have implications beyond enforced downtime, as the target waits for the attack to end, or secures extra bandwidth to deal with the new traffic.
Kieran Roberts, head of penetration testing at Bulletproof, explained that DDoS alone is not necessarily a sophisticated attack, the issue is the pure volume of traffic which can also be used as a smokescreen.
“At the moment we don’t have a lot of info, but certainly interesting timing given the government’s refusal to release their report into nation state interference in the Brexit referendum and the last general election.
“In terms of how to catch the culprits, it's almost impossible, the whole point is that the attack is distributed, so working out who is controlling them all is very difficult,” he added.
Dan Pitman, principal security architect at Alert Logic, added: “It’s entirely plausible that someone without any hacking experience paid for the DDoS attack on the ‘dark web’ from what is known as a ‘booter’ – a paid-for service where a hacking group will lease out their existing botnet to perform the attack.
“Whilst attacks have been reported during previous general elections, for example government systems being compromised during the 2015 Election - with some politicians and security services later blaming Russia - a deliberately disruptive attack against a specific party is unusual.”
Recent Stories