That “sophisticated” Labour cyber-attack – don’t panic

Graham Cluley

Don't panic about the "sophisticated" Labour cyber-attack

Don't panic about the "sophisticated" Labour cyber-attack
The UK’s Labour Party says that it has foiled a “sophisticated and large-scale cyber-attack.”

That would make your ears prick up at the best of times, but with a drama-filled General Election campaign underway it has inevitably caught the attention of many in the media.

A Labour Party spokesperson said the attack had “slowed down” some of its campaign activities but that it was now “back up to full speed”:

“We have experienced a sophisticated and large-scale cyberattack on Labour digital platforms.”

“We took swift action and these attempts failed due to our robust security systems. The integrity of all our platforms was maintained and we are confident that no data breach occurred.”

Reading between the lines, this sounds very much like a distributed denial-of-service (DDoS) attack. Typically DDoS attacks take advantage of hijacked computers to bombard websites with so much traffic that they effectively fall over. Legitimate users attempting to access a website may find that it feels like wading through porridge – if they can get through at all – because it is clogged up with so many malicious requests.

I would expect the website of a major political party (which would expect to have ne’er-do-wells occasionally attempt to knock them offline) use a DDoS-mitigation services like Cloudflare or Imperva in an attempt to soak up and filter out unwanted internet traffic.

It’s important to realise that a DDoS attack, if that is indeed what happened here, is typically not “sophisticated.” A teenager can easily orchestrate a DDoS attack from their back bedroom – and many have. Everyone and their dog seems to be able to get access to a botnet these days to launch an attack.

In other words, you would be wrong to assume that this has to be the work of a foreign state – however much you might think it has a vested interest in Labour failing to beat the pro-Brexit Conservative Party at the upcoming election.

Furthermore, DDoS attacks cannot really be considered comparable to hacks and breaches where data might be stolen. The fact that information isn’t stolen by a DDoS attack doesn’t make them harmless, but it certainly reduces the long term impact.

All in all, unless we hear any evidence to the contrary, I don’t think this DDoS attack is anything to get worked up about. Companies and organisations are battling DDoS attacks every hour of every day of the year.

In fact, it’s quite possible that some might be encouraged by the news of the DDoS attack to launch their own copycat attacks…

Labour website down

We obviously should all be concerned about fake news, the exploitation of social media to spread untruths, and – in particular – meddling from other countries in the political process, but this DDoS attack appears to be a storm in a teacup.

For more discussion about the cybersecurity issues that have plagued the Labour Party this week, listen to this edition of the “Smashing Security” podcast:

Smashing Security #154: A buttock of biometrics'

Listen on Apple Podcasts | Google Podcasts | Other... | RSS
More episodes...

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.