A look at what happened with the UK Labour Party’s cyberattack

13 Nov 2019

Image: PA Media

The UK Labour Party was targeted in a DDoS attack – a well-known method for disrupting websites.

The UK’s Labour Party has said it experienced a “sophisticated and large-scale cyberattack” on its digital platforms, which was later revealed to be a DDoS attack.

DDoS – or distributed denial of service – is a well-known method for disrupting websites, but is it really that sophisticated?

A Labour source confirmed that the attack was DDoS in nature, meaning that the perpetrator attempted to cause its digital platforms to crash by flooding them with so much traffic from various sources that services struggle to load properly.

‘I feel very nervous about it all because a cyberattack against a political party in an election is suspicious’

According to the National Cyber Security Centre (NCSC), the attacker does this by seeking the help of many thousands of internet users to each generate a small number of requests that collectively overload the target.

The attack can originate from willing accomplices or by unwitting victims whose machines have been infected with malware.

Was it really a sophisticated attack?

Cybersecurity experts say the level of sophistication depends on who was behind it, but anyone can launch them.

“It depends on the attacker and structure,” said Dr Edward Apeh, principal academic in computing at Bournemouth University.

“It can be very simple if it’s a novice actually putting the system in place but if it’s an extremist attack, and given the level of the Labour Party, then you expect whoever is doing this to be several layers behind and wanting to be anonymous.”

PA understands that it was a low-level attack.

Who was behind the attack?

It’s not yet clear who caused the attack, though the Labour Party said it had informed the NCSC.

“Attribution for this problem here right now will be very hard except if a group comes out and says they are responsible,” Apeh explained.

“It’s going to be very hard to attribute the attack to any particular person, but it’s a technique used by all the known typical attackers from the North Koreans, the Lazarus Group to even the Anonymous group, so any group can actually do this, it depends who’s driving them.”

A source from the NCSC said there was no evidence of state-sponsored activity.

Did the attack result in services going down?

A spokesperson for Labour said it took “swift action” and that attempts failed due to “robust security systems”.

“Our security procedures have slowed down some of our campaign activities, but these were restored this morning and we are back up to full speed,” the spokesperson said. Labour said it was “confident” that no data breach occurred.

Labour Party leader Jeremy Corbyn said: “We have a system in place in our office to protect us against these cyberattacks, but it was a very serious attack against us.

“So far as we’re aware, none of our information was downloaded and the attack was actually repulsed because we have an effective in-house system developed by people within our party.”

Corbyn added: “If this is a sign of things to come in this election, I feel very nervous about it all because a cyberattack against a political party in an election is suspicious.”

The Labour Party leader noted how dangerous a cyberattack can be, as in the case of the 2017 WannaCry cyberattack on the NHS. He used it as an opportunity to talk about how the UK needs “far better defensive arrangements against cyberattacks”.

– PA Media