Cybercrime , Cybercrime as-a-service , Cyberwarfare / Nation-State Attacks

Labour Party Hit by Massive Online Attack Attempt

No Systems Compromised, But Campaigning Disrupted, UK Party Officials Report
Labour Party Hit by Massive Online Attack Attempt
Labour Party homepage

Britain's Labour Party says its systems were hit by a large-scale online attack on Monday. Officials on Tuesday say no data was compromised, but that some some systems used for campaigning were temporarily inaccessible.

See Also: The Healthcare CISO’s Guide to Medical IoT Security

“We have experienced a sophisticated and large-scale cyberattack on Labour digital platforms," a spokeswoman tells Information Security Media Group in a statement. "We took swift action and these attempts failed due to our robust security systems. The integrity of all our platforms was maintained and we are confident that no data breach occurred."

News of the disruption - later confirmed to be distributed denial-of-service attacks - comes amidst furious campaigning ahead of the country's next general election in Britain on Dec. 12. The party said that some of its campaigning efforts were disrupted on Monday.

“Our security procedures have slowed down some of our campaign activities, but these were restored this morning and we are back up to full speed," the spokeswoman says. "We have reported the matter to the National Cyber Security Centre." The NCSC, which is part of intelligence agency GCHQ, runs the nation's incident-response team (see NCSC Investigated 658 Serious Cybersecurity Incidents).

NCSC: 'Incident Now Closed'

Reached for comment, an NCSC spokeswoman tells ISMG: “The NCSC has worked closely with political parties for several years on how to protect and defend against cyberattacks. We met the major parties last week ahead of the general election."

She adds: “In terms of this incident, the Labour Party followed the correct, agreed procedures and notified us swiftly. The NCSC is confident the party took the necessary steps to deal with the attack. The attack was not successful and the incident is now closed.”

Party members were first informed of the attack on Tuesday. "Yesterday afternoon our security systems identified that, in a very short period of time, there were large-scale and sophisticated attacks on Labour Party platforms which had the intention of taking our systems entirely offline," Niall Sookoo, the party's executive director of elections and campaigns, wrote in a Tuesday letter to party members, the BBC reports.

"Every single one of these attempts failed due to our robust security systems and the integrity of all our platforms and data was maintained," Sookoo wrote. "I would I like to pay tribute to all the teams at Labour HQ who identified this risk and acted quickly to protect us."

DDoS Disruption

The nature of the disruption was not initially described, but one likely possibility was that Labour systems were targeted via DDoS attacks, which remain inexpensive to procure. Even if DDoS attacks don’t knock systems offline, attempts to mitigate them can still deny access to legitimate users (see: Stress Test: Police Visit Webstresser Stresser/Booter Users).

Later on Tuesday, a Labour source confirmed to reporters that the disruption had indeed involved a DDoS attack, which its DDoS defense firm Cloudflare mitigated. "We use Cloudflare which soaked up the large majority of the traffic, but the DDOS-protection measures did have some knock-on effects on traffic between systems," a Labor source told a Sky News reporter.

The identity of the attacker or attackers has also not been revealed. Especially with DDoS attacks, however, finding the actual attacker would likely require extensive investigation by intelligence and law enforcement agencies.

Experts: Attack Not 'Sophisticated'

While Labour officials have characterized the attack as having been "sophisticated," many security experts have disagreed.

"Hmm, seems to be a DDoS attack which by nature it not sophisticated," says Brian Honan, head of BH Consulting in Dublin, via Twitter. "Can we all please stop with having every cyberattack labelled as being sophisticated? It's the equivalent to claiming muggings are sophisticated - 'I was the victim of a sophisticated mugging.'"

Prime Minister Blocks Brexit Interference Report

News of the attempt to disrupt systems used by a major British political party arrives amidst controversy over the ruling Conservative Party's decision to withhold the release of a report into Russia's alleged attempts to influence the outcome of the 2016 Brexit referendum and 2017 general election.

Parliament says the report has been cleared and is ready for release. But Prime Minister Boris Johnson says he will block the release of the report until after the December general elections, leading opposition politicians to allege that he's attempting to cover up the results.

Criticism has also come from other quarters. Hillary Clinton, the former U.S. secretary of state who was the 2016 Democratic Party nominee for president, told the Guardian that the British government's decision to withhold the release of Parliament's report, which details not only alleged interference but also espionage and subversion, as “damaging, inexplicable and shaming."

Clinton told the newspaper that it was “incredibly surprising and unacceptable that in your country there is a government report sitting there about Russian influence and your current government isn’t releasing it."

The report from members of Parliament's cross-party Intelligence and Security Committee includes evidence gathered from intelligence agencies GCHQ, MI5 and MI6, as well as others, reportedly including Christopher Steele. The report has been cleared for release by the security services and was sent to Downing Street last month for review, with publication also expected to follow last month.

While the contents of the report remain unknown, they could be explosive. Already, commentators say that public evidence links Russian donors to Tory candidates.

While the report remains unreleased, CNN reports that witnesses who appeared before the committee testified that Russian agents targeted House of Commons researchers and attempted to gain British citizenship to help launder their donations to British political parties and public relations firms. One witness described the efforts as "potentially the most significant threat to the UK's institutions and its ways of life," CNN reports.

Brexit Chaos Continues

The Brexit referendum was fielded by David Cameron, then prime minister and leader of the Tories. It gave voters the option to remain in, or to exit the EU. With a majority of voters opting for "Brexit," the Conservative government has been attempting to negotiate the country's exit from the EU ever since. But a deal brought by Theresa May, Cameron's successor as prime minister, was rejected by Parliament.

Johnson, who formerly served as May's foreign minister and was in charge of Brexit negotiations, recently promised that the country would leave the EU on Oct. 31 "do or die," whether or not Britain's Parliament approved the deal he reached with EU negotiators (see: Brexit Preparation: Get Personal Data Flows in Order).

Instead, Johnson moved to call a general election, and requested that the EU delay Britain's exit. EU officials then gave Britain an extension until Jan. 31, 2020.

The results of the general may influence how Brexit proceeds, including whether any deal brought before Parliament gets put to a second vote by the British people. While Johnson is again promising to take the U.K. out of the EU even if it cannot reach a deal that both sides agree on, his previous attempts to do so have been heavily criticized by economists and businesses, who warn that such an approach would result in long-term damage to the British economy and social fabric (see No-Deal Brexit Threatens British Crime Fighting).

***

This story has been updated with comment from NCSC and additional details about the nature of the attack.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.