Labour Party Hack: What Do Experts Think?

This week, the Labour Party reported a “sophisticated, large scale cyber attack” hitting its digital platforms.

What is believed to have been a Distributed Denial of Service attack was blocked by the party’s cybersecurity systems.

The Labour Party reported the attack to the National Cyber Security Centre, and the party leader, Jeremy Corbyn, admitted to the Independent that the event made him “very nervous” about the upcoming elections.

Here’s what cybersecurity experts had to say about the hacking attempt:

Robert Ramsden-Board, VP EMEA at Securonix:

“Large scale cyber-attacks against political organisations is growing concern for political parties. As attackers become more sophisticated and persistent in their methods governments and political organisations need to invest in robust security systems to avoid operational disruptions or data loss. The failure of the attack against the Labour Party headquarters should act as reminder to political organisations of the enormous benefits of having cybersecurity protections in place.

The attack against the Labour party is reported to have been a DDoS attack. These types of attacks can be difficult to deal with and while they don’t steal data, they can render a service unavailable and unusable. But, in some cases, DDoS attacks can be a distraction from an attackers’ attempt to steal data. Labour have stated that no data has been stolen in this attack, however, any organisations that are victim of a cyber-attack should do their due diligence and check all systems for malicious activity or data loss.“

Eoin Keary, CEO and co-founder of edgescan:

“Cheap computing power and cloud availability has resulted in a rise of such Denial of service attacks. They are a less popular attack vector than ransomware, but nevertheless can affect the availability of a website or service quite quickly. Many cloud providers offer DDoS protection services which are worth considering for websites of UK political organisations, which we should expect will be particularly targeted as December approaches.”

Javvad Malik, security awareness advocate at KnowBe4:

“In recent elections around the world, we’ve seen how cyber warfare has begun to take a more prominent role. Be that to manipulate voters through digital propaganda, attempts at leaking confidential information, or as in today’s case, making services unavailable through an apparent DDoS attack.

 Political parties need to not just implement good security across their platforms, but also ensure members are trained up on best practices so as to not fall victim to phishing attacks, or inadvertently leak sensitive information.”

Dan Pitman, principal security architect at Alert Logic:

“There is no information on who the culprits might be right now, a DDoS attack is not complex to arrange but takes resources to setup from scratch. It’s entirely plausible that someone without any hacking experience paid for the DDoS attack on the ‘dark web’ from what is known as a ‘booter’ – a paid-for service where a hacking group will lease out their existing botnet to perform the attack. The barriers to entry for a DDoS attacker has been significantly lowered, offering users the option to anonymously attack any target, for a nominal fee.

Whilst attacks have been reported during previous general elections, for example, government systems being compromised during the 2015 Election (with some politicians and security services later blaming Russia), a deliberately disruptive attack against a specific party is unusual. A DDoS attack is where an attacker uses a set of compromised systems to make a huge amount of requests to a service to make it unavailable, the set of compromised systems is called a botnet. This botnet is effectively a large set of drones that are not necessarily connected to the attacker. Due to this tracking down the actual culprit is difficult, unless they decide to boast about it or make themselves known within the hacking community. Considering the attack fundamentally failed to cause significant disruption this seems unlikely.”

Sam Curry, Chief Security Officer, Cybereason:

“DDOS is done to deny service, disrupt business or to punch your opponent square in the mouth. Most DDOS attacks are not particularly sophisticated and can be readily handled with the right products and services. However, most organizations aren’t prepared for high volume or application-level attacks on their networks. DDOS attacks are notoriously difficult to attribute to particular actors or players, such as rogue hackers, a disgruntled hacktivist group, or the unlikeliest a nation-state group. 

As we head into Brexit, the UK general election on December 12 and the 2020 Presidential elections, this is a reminder that we should all become more resilient. Whether this is simply DDOS for hire for pennies for a gigabit is largely irrelevant. While it is early to speculate on this particular attack being a test of the network security capabilities of the Labour Party, based on previous misinformation campaigns targeting elections in the UK, U.S. and against other nations, expect additional threats to surface and the Labour Party to be tested time and time again in the future.”

Boris Cipot, senior security engineer at Synopsys:

“A DDoS (Distributed Denial of Service) attack attempts to disrupt a network service by bombarding it with requests. A DDoS attack could shut down a webpage, for instance, if too many computers request the webpage at once, thus causing the webserver to be unable to handle the magnitude of responses. Such an attack can be issued to a specific network service/resource or its surrounding infrastructure.

To carry out a DDoS attack, the attacker utilizes zombie machines (i.e., machines infected with malware)  connected to a so-called Command and Control server which can issue a command to them. The zombie machines then fulfill the command and attack the target. Zombie machines can include computers as well as IoT devices. It is a complex task to find the issuer of a DDoS attack. One would need to first find the computer from which the DDoS has been issued, see the malware that is responsible for the attack command and then investigate the criminal or group that issued it. It is, however, promising to see that a robust security strategy and a prepared cyberattack procedure have prevented further damage. This scenario illustrates that a mature security initiative and well-prepared incident response plan are crucial.”

Chris Boyd, lead malware analyst at Malwarebytes

“Attacks on politicians, political parties, and ukgov websites are a common feature around any election time, and attackers treat them as fair game in general. Most of the most notable attacks over the last decade or so were commonplace website defacements, or social engineering attempts, or crude DDoS attacks launched by individuals protesting various Government decisions instead of sophisticated nation-state attacks. Potential targets should be keeping their guard up, especially during this potentially divisive election with so many moving parts to it.”    

Stuart Reed, VP of cyber security at Nominet:

“The news of a ‘large-scale cyber attack’ on the Labour Party’s digital platforms really comes as no surprise. Arguably, it was only a matter of time before the fierce competition on the campaign trail made its way into the online world. Whether this was an attack by another party or an outsider hasn’t been revealed, but it demonstrates that these elections, more than any other, will be fought both in the virtual and physical world. A cyber-attack in the political world has additional consequences, not least because it can sway public sentiment in a way that determines future governance.

How the public views the attacked and the attacker will give them an impression of their digital competency and cyber maturity. While the Labour Party seems to have defended against this attack, it will be interesting to see if others can do the same. It will also tell us a lot about priorities and the type of cyber defence being used to achieve both holistic visibility and the ability to identify and eliminate threats early; an area where network detection and response can be critical. This is the first stone to be thrown in the cybersecurity space for this election but it won’t be the last. As we’ve seen in examples across the world, the political environment is now inseparably intertwined with the cyber world and the consequences of any major attack could go down in history.”

Brian Higgins, security specialist,

“According to reports this was a ‘Distributed Denial of Service’ attack (DDoS). Whilst fairly impactful these types of attacks rely on directing large amounts of traffic at target websites to make them crash. They don’t normally represent any threat to data or information and can be defended against and recovered from quite easily if the victim has robust cybersecurity policies in place. It’s hardly surprising that the Labour Party has been targeted given the current political landscape in the U.K. If anything, this should serve as a warning to all the other parties and organisations responsible for the secure administration of our democracy to ensure they have their digital houses in order.”

Carl Wearn, head of e-crime at Mimecast:

About DDoS:

“A Distributed Denial of Service (DDoS) attack is relatively simple to carry out and involves overwhelming a website with traffic so that it slows down and becomes inoperable. Many of us will have witnessed similar behaviour from websites when they slow down due to the volume of traffic on busy shopping days like Black Friday, or during specific events. Websites need to be able to handle increased volume of traffic at various times and this is achieved by testing and potentially throttling the throughput of communication. In order to carry out a DDoS attack criminals normally rely on a pre-built net of devices which have been compromised to fall under the attackers control and which can then be used to overwhelm a target with simultaneous information requests. Although normally leading to the significant slowdown of a website or a temporary denial of service, there is an increased risk during such an attack that simultaneous efforts are made to compromise the site and any related infrastructure whilst it is not functioning properly. This can lead to more significant long term compromise and data loss.”

About the attack and what needs to be done: 

“Given the particular targeting of this attack it is almost certain this is some form of hacktivism or hostile state sponsored activity. Although still essentially criminal activity in its nature, given recent geopolitical events over the last few years, this attack could obviously well be aimed at exfiltrating sensitive information from the Labour parties infrastructure as we approach an election.I would urge them, and anyone suffering from a similar form of attack, to carefully review their logs and internal data for any indicators of compromise following such an attack to ensure that no long term compromise or data exfiltration has taken place. There is a recent guidance from the National Cyber Security Centre (NCSC) dated 7th September 2019 which was re-issued following the Wikileaks hack. I would urge organisations to read and understand the advice given in that guidance.”