Getty Images

‘Robust’ security foils cyber attack on Labour Party

Labour claims to have been the victim of a cyber attack, but says it is confident no data leaked

The Labour Party is recovering from a “large-scale and sophisticated” cyber attack against its systems that was foiled by its “robust security systems”.

The attack, which according to Sky News is suspected of being a distributed denial of service (DDoS) attack, was beaten back without too much difficulty, according to a spokesperson, who said the party was confident that no breach of personal data had occurred.

“Security procedures have slowed down some of our campaign activity, but these were restored this morning and we are back up to full speed,” they said. “We have reported the matter to the National Cyber Security Centre [NCSC].”

As per the BBC, campaigners were informed on the afternoon of 11 November that attacks on Labour Party platforms were taking place with the “intention of taking our systems entirely offline”.

DDoS attacks target servers, websites and other network resources, and render them inaccessible to users by flooding them with incoming messages, connection requests or malformed packets, forcing them to slow down or crash altogether.

Such attacks have grown in size and frequency in recent years, often thanks to the relative ease of incorporating unsecured internet of things (IoT) devices into botnets without their owners’ awareness. Such botnets can then be used to cause disruption on a massive scale, such as the 2016 Mirai attack, which took down services including Airbnb, Amazon Web Services, GitHub, Netflix, PayPal, Reddit, Spotify and Twitter.

The apparent attack on the Labour Party comes amid heightened fears that the General Election could be targeted for disruption by malicious actors who may have a vested interest in pushing the UK towards a disruptive no-deal Brexit, or may be working on behalf of adversarial nation states.

At the time of writing, no evidence had been produced to suggest this was the case, but Mimecast head of e-crime Carl Wearn said it was very likely that the attack was some form of hacktivism or state-sponsored.

“Although still essentially criminal activity in its nature, given recent geopolitical events over the last few years, this attack could obviously well be aimed at exfiltrating sensitive information from the Labour Party’s infrastructure as we approach an election,” said Wearn.

“I would urge them, and anyone suffering from a similar form of attack, to carefully review their logs and internal data for any indicators of compromise following such an attack to ensure that no long-term compromise or data exfiltration has taken place.”

“This attack could be aimed at exfiltrating sensitive information from the Labour Party’s infrastructure as we approach an election”
Carl Wearn, Mimecast

Last week, information commissioner Elizabeth Denham wrote to all the main political parties standing in the 12 December General Election to remind them of their legal obligations to appropriately handle personal data during campaigns.

Standard data protection and electronic marketing laws do still apply before, during and after the current campaign, and all parties are obliged to provide citizens with clear, easily accessible information about how they are using personal data, and to ensure they have consent to use it.

They must also be able to demonstrate legal compliance, and the compliance of any external analytics firms they engage. Additional protections apply to so-called special category data, which can include information relating to political opinions, ethnicity, or sexual orientation.

The Information Commissioner’s Office also highlighted its Be Data Aware campaign, which is designed to help voters understand what political parties may or may not do with their personal data, and provides advice on, among other things, how to adjust your social media settings to reduce the likelihood of being exposed to false or misleading campaigns.

Last week, the Conservatives were caught red-handed running a misleading campaign after releasing intentionally doctored footage from ITV’s Good Morning Britain news programme to make it appear as if the shadow Brexit secretary, Keir Starmer, was unable to answer a question relating to Labour’s policy on Brexit, when this was not the case.

Read more about the 2019 General Election

  • A series of workshops, including the public’s involvement to guide the National Data Strategy plan’s vision, have been postponed due to the election campaign.
  • Information commissioner Elizabeth Denham launches campaign to remind the public of their rights when personal data is used for political purposes.
  • Decision on allowing so-called high-risk suppliers access to the UK’s market for 5G infrastructure delayed due to 12 December poll.

Read more on Hackers and cybercrime prevention

Data Center
Data Management