The UK’s opposition Labour Party has been subject to several “sophisticated and large-scale” cyber-attacks across its digital platforms emanating from an unknown source, the party has revealed. The news comes as UK political groups jockey for influence in the run-up to the general election on 12 December.
The first attack occurred on Monday (11 November), while a second hit the party’s servers early on Tuesday afternoon. Labour leader Jeremy Corbyn said on Tuesday (12 November) that the party’s cybersecurity system managed to fend off the “very serious” attacks, and that no personal data had been siphoned off as part of the attempted hack.
However, he said that ” a cyber attack against a political party in an election is suspicious and is something one is very worried about,” adding that the attempted attack has been reported to the National Cyber Security Centre.
Meanwhile, Reuters reported on Tuesday afternoon that the UK’s Conservative Party had also been subject to a similar cyber attack.
Robust security systems
Several of Labour’s election and campaigning platforms had been targeted with distributed denial of service (DDoS) attacks – a relatively simple method of flooding a website with an abundance of traffic as a means to overwhelm network servers so that websites become temporarily unavailable.
A Labour spokesperson said on Tuesday that the attempts had ultimately been made in vain due to the party’s “robust security systems,” but that the efforts to contain the attack did slow-down the party’s campaigning activities. Moreover, as of early Wednesday morning, Labour’s websites still appeared to be down.
Conflicting reports have emerged as to the source of the attack – Labour is yet to publicly reveal if there are any state-sponsored actors responsible, but the BBC reports that a source familiar with the matter has suggested that the attacks may have emanated from Brazil or Russia. Meanwhile, The Times reported that the attack had led to a security flaw which resulted in the publication of a list of party donors.
EURACTIV followed up with the UK’s data protection watchdog, the Information Commissioner’s Office, to identify whether the Labour party had reported a breach, which could be in breach of EU data protection law.
“As a non-departmental public body the ICO has to consider its responsibilities during the pre-election period. Our regulatory work continues as usual but we will not be commenting publicly on every issue raised during the General Election,” they said.
“We will however, be closely monitoring how personal data is being used during political campaigning and making sure that all parties and campaigns are aware of their responsibilities under data protection and direct marketing laws.”
In Brussels, Labour MEP Theresa Griffin told EURACTIV that the news of the attack was “very concerning.” She added that attempted hacking against political systems “underscores the need for vigilance around elections and the possibility of foreign election interference.
“It also reiterates the urgent need for the Prime Minister to release the report examining Russian infiltration in British politics immediately,” she said.
Number 10 continues to hold back the publication of a report into alleged Russian interference into British politics. The ‘Russia’ report was produced by Parliament’s Intelligence and Security Committee and submitted to the Prime Minister’s office on 17 October 2019. EURACTIV has filed a Freedom of Information request with the Prime Minister’s office on the issue.
Visiting the UK on Tuesday, former US Presidential candidate Hiliary Clinton said it was “inexplicable and shameful” that the UK government appeared to be suppressing public release of the report.
“Every person who votes in this country deserves to see that report before your election happens,” Clinton said.
(Edited by Benjamin Fox)