Labour Party hit by second cyber-attack

  • After suffering a “sophisticated and large-scale cyber-attack” on Monday, the Labour party revealed receiving a second cyber-attack on its digital systems on Tuesday afternoon.

    A party spokeswoman said that Labour has “ongoing security processes” in place that may cause users to experience “some differences” but they are dealing with it “quickly and efficiently”.

    Reportedly the party was the subject of a second distributed denial of service (DDoS) attack on Tuesday afternoon. These attacks use networks of compromised computers known as “botnets” to flood a server with requests that overwhelm it.

    Labour has not said who it suspects is behind the attacks, but announced it was confident its security systems ensured there was no data breach. Party leader Jeremy Corbyn however added that “a cyber-attack against a political party in an election is suspicious”.

    Party officials reported the initial Monday attack to the National Cyber Security Centre, the government agency that supports and advises organisations on such incidents.

    Labour has not revealed exactly which digital platforms were targeted, but it is understood by The Guardian that some of them were election and campaigning tools, which would contain details about voters. A spokesperson said on Tuesday afternoon that security procedures “have slowed down some of our campaign activities, but these were restored this morning and we are back up to full speed”.

    RELATED: Labour suffers from large scale cyber attack across digital platforms

    The party’s head of campaigns, Niall Sookoo, wrote that “Every single one of these [cyber-attack] attempts failed due to our robust security systems and the integrity of all our platforms and data was maintained. I would I like to pay tribute to all the teams at Labour HQ who identified this risk and acted quickly to protect us.”

    The Times reported the party's website had exposed the names of people who had donated money to Labour online, despite the party denying there has been a data breach.

    The details could be found through an RSS web feed generated by the site's code, which most browsers provide a way to inspect.


    (c) Labour Party

    The majority of cases were limited to donors’ first names and the sumsof money given, but because some people had mistakenly added their surname to the first name input box, this too was leaked.

    Labour has since made changes to its RSS feed with a spokesperson adding that the party takes “its responsibilities for data protection extremely seriously” and any concerns raised are assessed “in line with our responsibilities under GDPR [General Data Protection Regulation] and the Data Protection Act."

    Labour is a customer of Cloudflare according to web records. This is a network that provides DDoS protection services to a large section of the web. The company protects customers from DDoS attacks by providing extra capacity as needed, filtering traffic so that only legitimate requests are dealt with and storing “cached” versions of websites on its own servers.

    The Guardian reported that DDoS attacks are cheap to pull off, with multiple criminals offering it as a service. The newspaper added that when DDoS attacks succeed, “they rarely have implications beyond enforced downtime, as the target waits for the attack to end or secures extra bandwidth to deal with the new traffic.”

    RELATED: Eurofins cyber-attack update: Police facing massive forensic backlog

    The simplest DDoS attacks can often be difficult to distinguish between real rises in online traffic; for example, when ticket websites crash once new tickets for a popular band first go online.

    Jeremy Corybn said though that he feels "very nervous" if the attacks are “a sign of things to come".

    The Information Commissioner's Office told the BBC: "We will not be commenting publicly on every issue raised during the general election.

    "We will, however, be closely monitoring how personal data is being used during political campaigning and making sure that all parties and campaigns are aware of their responsibilities."

     

    Sources: The Guardian, BBC News

    About the author

    Niamh is a Sync NI writer with a previous background of working in FinTech and financial crime. She has a special interest in sports and emerging technologies. To connect with Niamh, feel free to send her an email or connect on Twitter.

    Got a news-related tip you’d like to see covered on Sync NI? Email the editorial team for our consideration.

    Sign up now for a FREE weekly newsletter showcasing the latest news, jobs and events in NI’s tech sector.

Share this story