DID THE RUSSIANS HACK THE BREXIT VOTE?
MPS say Kremlin’s hackers may have crashed voter website
Ataround 10.15pm on 7 June last year, the EU voter registration site crashed, less than two hours before the midnight deadline (see screenshot). David Cameron tried to calm voter anger by extending the deadline by 48 hours.
Electoral administrators blamed a surge in demand following a TV debate with Cameron and Nigel Farage, saying that 525,000 people applied to register that day. But a new parliamentary report ( www.snipca. com/24111) on ‘lessons learned’ from the referendum insists that an attack by foreign hackers can’t be ruled out.
The investigation, by the Public Administration Committee, says there are signs that the website could have been knocked offline by a DDOS (distributed denial of service) hack. In these attacks a specific website is targeted by a flood of traffic from a botnet. While the report doesn’t directly accuse Russia, it says that along with China it uses psychological tactics via cyber attacks to try to influence elections and referendums. Bernard Jenkin, the Leave-supporting chair of the Committee, said that hacking the Brexit site would have been “entirely in character” for both countries.
But is there any evidence of an attack? There’s none in the report. And The Cabinet Office, which published its own report into the crash, has dismissed any allegations of “malign intervention”, saying instead it was “due to a spike in users just before the registration deadline”.
Security experts agree, damning the report’s vague conclusions. Ollie Whitehouse from Surrey-based security company NCC Group told the BBC: “I think there’s lots of conjecture. It appears to be one committee’s opinion but with no supporting evidence”.
Even if Russia did hack the site, it may be extremely difficult for the UK to prove.
Simon Edwards, founder of SE Labs and former antivirus tester for Computeractive, said that doing so “would almost certainly involve breaking laws in one or more countries”. He questioned whether any evidence “would be strong enough to stand the test of a trial”.
However, proof could be buried in records kept by the website. John GrahamCumming from networking firm Cloudflare said that “if logs show traffic from a large number of sources around the world, that might indicate that a botnet was used to attack the site”. He said this would be “interesting”, but conceded that “most websites don’t store very detailed information”.
So we’re no nearer to knowing whether Russia hacked the site. But why would they even want to? It’s widely accepted that Vladimir Putin wanted Brexit in order to destabilise the EU, but extending the deadline to register online was largely seen as benefitting the Remain campaign. This is because younger voters were more likely to register online and to vote to stay in the EU. Around 430,000 people registered to vote in the extension period.
Perhaps Russia’s involvement in the referendum was more subtle. Labour MP and prominent
Remainer Ben Bradshaw suspects that during the campaign Kremlin-backed spies spread pro-brexit fake news on social media. He told Parliament in December that “what President Putin cannot achieve militarily he is already achieving using cyber and propaganda warfare”.
Bradshaw will surely approve of the report’s call for a new Cyber Security Centre to block attacks on UK elections and referendums. That’s a sensible proposal regardless of what caused last year’s website crash.
What Putin can’t achieve militarily he is already achieving using cyber warfare