Delphotostock - Fotolia
Foreign governments seeking to influence the outcome of the UK vote on leaving the EU may have targeted the referendum website, MPs have warned.
The website for registering to vote in the referendum crashed an hour and a half before the deadline on 7 June 2016, forcing it to be extended and raising fears that thousands of voters may have missed the opportunity to register.
At the time, the failure of the website was attributed to a spike in demand ahead of the deadline for registering to vote and a Cabinet Office spokesman refused to discuss any further details.
Computer Weekly sources suggested the fault may have been caused by the fact that the software involved was not developed to run as a cloud-native application.
But is has now emerged that there were “indications” that the website was targeted by a distributed denial of service (DDoS) attack, according to a report by the Public Administration and Constitutional Affairs select committee.
DDoS attacks use various techniques to overwhelm websites with requests, effectively making them inaccessible to users.
“The crash had indications of being a DDoS attack. We understand this is very common and easy to do with botnets. The key indicants are timing and relative volume rate,” said the committee’s report.
Read more about cyber war
- Terror groups are more likely than nation states to unleash cyber weapons and critical infrastructure is the most likely target, warns Kaspersky Lab chief.
- Veteran investigative reporter Ted Koppel says a cyber attack on the US power grid is likely, but preparations for such an event are not up to scratch.
- There is a lot of “fog” surrounding cyber weapons and cyber war because there is no way of knowing the true capability of any country, says security expert Mikko Hypponen.
The report comes amid increased concerns about foreign interference in democratic processes using hacking techniques in the wake of claims that Russian state-backed hackers have been involved in attempts to influence the outcome of the US and French presidential elections.
The report does not name any countries in connection with the alleged DDoS attack, but the committee has noted that both Russia and China use an approach to cyber attacks based on an understanding of mass psychology and of how to exploit individuals, according to the Guardian.
The report concludes that the DDoS attack had no effect on the outcome of the referendum, but the committee said it was “deeply concerned” about allegations of foreign interference and the UK must learn lessons about the “protection and resilience against possible foreign interference” in elections.
In February 2017, the Public Accounts Committee set out six recommendations for the Cabinet Office to address shortcomings in protecting government data.
Read more about DDoS attacks
- Average DDoS attacks fatal to most businesses, a report reveals.
- There is a real concern that many companies are being affected by the DDoS attacks commissioned by competitors, according to Kaspersky Lab.
- Smaller DDoS attacks can be more dangerous than a powerful attack that knocks a company offline but does not install malware or steal data, warns Neustar.
The move coincided with comments by UK defence secretary Michael Fallon expressed concerns about a “step-change in Russian behaviour” in the past year, citing cyber attacks on Bulgaria in October 2016, on the US presidential election and parliamentary elections in Montenegro in October 2016.
He also mentioned warnings by the German BfV intelligence agency that the Kremlin was “seeking to influence public opinion and decision-making processes” ahead of the 2017 German elections.
Fallon said Russia was clearly testing Nato and the West. “Therefore it is in our interest and Europe’s to keep Nato strong, and deter and dissuade Russia from this course,” he said in a speech at St Andrews University.