Skip to main content

Labour Party Cyber Attack

By 30th November 2019December 11th, 2019Blog3 min read

IT support is important whether you are a small business based in Rotherham or if you are a major organisation based anywhere in the UK.

The Labour Party managed to fend off not one but two cyber attacks in November, during the election campaign.

A party spokeswoman told The Guardian: “We have experienced a sophisticated and large-scale cyber-attack on Labour digital platforms. We took swift action and these attempts failed due to our robust security systems. The integrity of all our platforms was maintained and we are confident that no data breach occurred.

“Our security procedures have slowed down some of our campaign activities, but these were restored this morning and we are back up to full speed. We have reported the matter to the National Cyber Security Centre.”

It has not yet been revealed who was behind the attacks by Labour have stated that no data has been breached, though people using the Labour Party’s online platform may have experienced some problems while the party dealt with the issue.

Remember, cyber security is important at all times, no matter your organisation’s size. Get in touch with us to find out more about how we can help you keep on top of your organisation’s needs.

The Labour party’s head of campaigns, Niall Sookoo paid heed to the IT teams at Labour HQ who identified the risk and managed to ensure the platform was protected. It is also understood that the Labour Party had previously bought protection from Cloudflare.

It is understood that the attack was a DDoS attack, which while easy to pull off rarely result in much disruption beyond the platform being bought down.

DDoS stands for “distributed denial-of-service (DDoS)” and is a malicious attempt to disrupt normal traffic to a web property. Criminal actors sell DDoS that promise short periods of disruption online for as little as $5, so are easy to purchase.

They work by an attacker infecting devices with malware which turns the device into a ‘bot’. A group of bots is called a botnet, and the attacker will control these to send a huge number of requests to a site, causing the site to overflow its capacity and ‘bring it down’. This is why it is referred to as a denial of service attack.

It is difficult to protect against these attacks with normal bot ware, as each device making the requests that cause the capacity to overflow are legitimate devices, and can’t be easily differentiated from a malicious attack.

There are a number of options open to website admins who want to protect their website, including black hole routing which sends the overloaded traffic down a different route, and rate limiting which limits the number of requests that can be made at a time.

The Labour Party attack was not unusual in that there was no data breach, said experts. DDoS attacks are not normally designed to steal or breach data protection, and instead focus on disruption rather than anything else.