Notorious hackers claim responsibility for Labour DDoS

Hacking group Lizard Squad has claimed responsibility for the 12 November distributed denial of service (DDoS) attack on the Labour Party, according to private messages exchanged with The Independent.

Better known for targeting online gaming services, including Sony’s PlayStation and Microsoft’s Xbox networks, as well as celebrity social media accounts and, on one occasion, an airline, Lizard Squad tends to focus on large-scale DDoS attacks that generate substantial publicity.

A Twitter account allegedly associated with the group said on 12 November that the DDoS attack was taking place because “no terrorist-supporting government should allow to rule [sic] a country”, a likely reference to Labour leader Jeremy Corbyn’s views on the Northern Ireland peace process and his frequent contacts with prominent Sinn Féin members during the Troubles.

The account said the botnet used in the attack incorporated millions of devices on a global scale, to “enable more power to process such attacks”.

During subsequent contacts with The Independent, an unidentified individual claiming to represent the group said that if Labour did win the 12 December General Election, official UK government websites and services would be targeted as well as Labour’s online presence.

They also claimed that the personal accounts of Corbyn’s family members have been compromised, and that their home broadband connection was being attacked.

The Labour Party was hit by two separate DDoS attacks over roughly a 24-hour period. It said they were “large-scale and sophisticated” – although DDoS attacks are in fact relatively unsophisticated – but it thwarted the attackers thanks to its own “robust” security measures and assistance from its service provider, Cloudflare.

Labour has claimed that no data was exfiltrated during the attack, although this has not yet been formally confirmed. In other DDoS attacks, the disruption caused has sometimes been used to mask a more pernicious attack.

Besides raising wider concerns about the vulnerability of any large organisation to a DDoS attack, the timing of the attack on the Labour Party during the opening stages of a divisive General Election campaign has highlighted the possibility of more widespread and damaging attacks on the democratic process, particularly given evidence of foreign interference in the Brexit referendum.

Chris Boyd, lead malware analyst at Malwarebytes, said: “Attacks on politicians, political parties and gov.uk websites are a common feature around any election time, and attackers treat them as fair game in general.

“Most of the notable attacks over the last decade or so were commonplace website defacements, or social engineering attempts, or crude DDoS attacks launched by individuals protesting about various government decisions, instead of sophisticated nation-state attacks. Potential targets should be keeping their guard up, especially during this potentially divisive election with so many moving parts to it.”    

Piers Wilson, product management head at Huntsman Security, added: “We must ensure that our elections – and our democracy – are secured from cyber criminals and other outside bodies looking to influence and subvert both the election and the run-up to it.

“All parties and other organisations must be ready to defend themselves from potential hackers to ensure that the election can take place in a fair and unbiased manner.”