Matt Cardy/Getty Images
show image

Labour Party cyber attack: no evidence to suggest nation state to blame

Early on Tuesday, the Labour Party’s head of campaigns, Niall Sookoo, sent out a mass email to supporters. “Yesterday afternoon,” Sookoo wrote, “our security systems identified that, in a very short period of time, there were large-scale and sophisticated attacks on Labour Party platforms”. The attacks, he added, “had the intention of taking our systems entirely offline”.

The Labour leader Jeremy Corbyn has since described the incident as “suspicious”, while the party’s general secretary, Jennie Formby, said in a tweet this morning that although no data had been breached, it was of “real concern”. But some security experts have raised questions about the timing and phrasing of the announcement. 

Less than twelve hours before the statements were issued, The Times had reported that a security flaw in the Labour Party’s website may have exposed some donors’ names, the size of their donations and the times at which they were made. Professor Alan Woodward, a cyber security expert at Surrey University who corroborated the flaw, said he was surprised by Labour’s official statement. “It’s a funny juxtaposition that this story was released with quite a lot of hyperbole at the very moment that another story came out about a potential leak of donor data,” he told NS Tech . “[This is one way to] say they have sophisticated security methods to protect data.”

There is no suggestion that Labour has fabricated details of the attack, which resumed on Tuesday afternoon, but several security experts have questioned whether it was as complex as the party first made out. A Labour source told media on Tuesday morning that the attacks originated from computers in Russia and Brazil, but NS Tech understands that an initial government investigation suggests there is no evidence to indicate it was carried by state actors. 

The incident is believed to have been caused by a distributed denial of service (DDoS) attack. It is often difficult for security analysts to attribute such attacks because they leverage thousands of compromised devices around the world to rapidly send requests to targeted servers, rendering them unable to process legitimate user activity. On the dark web, it’s possible to buy access to “botnets” and use them to launch such attacks for just £15. “[Labour is] trying to imply that it could be a nation state, but it could be anyone,” said Woodward.

Whatever the motivations of the attack, it does serve to highlight the threat that politicians and campaigners face online, especially during election campaigns. Since parliamentary email accounts were breached by a suspected state actor in 2016, the National Cyber Security Centre has revealed more details of its “defending democracy” programme. In its annual review last month, it said that “the foundations of liberal democracy are under increasing threat” from malicious actors.

The Labour Party has not responded to questions about the timing and phrasing of the announcement.