Labour suffers second cyber-attack in two days
The Labour party has faced a second cyber-attack, a day after experiencing what it called a “sophisticated and large-scale” attempt to disrupt its digital systems.
It is understood the party was the subject of a second distributed denial of service (DDoS) attack on Tuesday afternoon. Such attacks use “botnets” – networks of compromised computers – to flood a server with requests that overwhelm it.
A Labour spokeswoman said: “We have ongoing security processes in place to protect our platforms, so users may be experiencing some differences. We are dealing with this quickly and efficiently.”
Labour has not said who it suspects is behind the attacks, but said it was confident its security systems ensured there was no data breach.
Party officials have reported the initial attack, which took place on Monday, to the National Cyber Security Centre, the government agency that supports and advises organisations on such incidents.
Labour has not said which digital platforms were targeted, but it is understood some of them were election and campaigning tools, which would contain details about voters. The party has sent a message to campaigners to say what happened and to explain why the systems were working slowly on Monday.
A party spokeswoman said: “We have experienced a sophisticated and large-scale cyber-attack on Labour digital platforms. We took swift action and these attempts failed due to our robust security systems. The integrity of all our platforms was maintained and we are confident that no data breach occurred.
“Our security procedures have slowed down some of our campaign activities, but these were restored this morning and we are back up to full speed. We have reported the matter to the National Cyber Security Centre.”
Whitehall sources said the initial indications were that the attack was carried out by a “non-state actor”.
The party’s head of campaigns, Niall Sookoo, wrote: “Yesterday afternoon our security systems identified that, in a very short period of time, there were large-scale and sophisticated attacks on Labour party platforms which had the intention of taking our systems entirely offline.
“Every single one of these attempts failed due to our robust security systems and the integrity of all our platforms and data was maintained. I would I like to pay tribute to all the teams at Labour HQ who identified this risk and acted quickly to protect us.”
DDoS attacks can vary in sophistication, but are generally easily mitigated. Web records show Labour is a customer of Cloudflare, which provides DDoS protection services to a large proportion of the web. The company protects customers from DDoS attacks by providing extra capacity as needed, filtering traffic so that only legitimate requests are dealt with and storing “cached” versions of websites on its own servers.
Even when DDoS attacks succeed, they rarely have implications beyond enforced downtime, as the target waits for the attack to end or secures extra bandwidth to deal with the new traffic. At their simplest, DDoS attacks can be hard to distinguish from legitimate traffic rises, as when cinema websites collapse when a new film is released.
DDoS attacks are cheap to pull off. Multiple criminal actors offer “DDoS as a service”, selling time on their botnets. One report from 2017 found a 300sec attack, with a total bandwidth of 125Gbps, could be purchased for €5; a longer attack, aimed at knocking a website offline for an hour, for €90. Others were even cheaper, offering three hours of downtime for $60.
Brian Higgins, a security specialist at Comparitech.com, said: “[The attacks] don’t normally represent any threat to data or information and can be defended against and recovered from quite easily if the victim has robust cybersecurity policies in place. It’s hardly surprising that the Labour party has been targeted given the current political landscape in the UK.”