It has been reported that the UK’s Labour Party has suffered a second cyber-attack after claiming that it had successfully avoided one on Monday.
The party says it has “ongoing security processes in place” so users “may be experiencing some differences”, which it is dealing with “quickly”.
The Distributed Denial of Service (DDoS) attack floods a computer server with traffic to try to take it offline.
Earlier, a Labour source said that attacks came from computers in Russia and Brazil.
The BBC’s security correspondent,Gordon Corera, said he had been told the first attack was a low-level incident – not a large-scale and sophisticated attack.
A National Cyber Security Centre spokesman said the Labour Party followed the correct procedure and notified them swiftly of Monday’s cyber-attack, adding: “The attack was not successful and the incident is now closed.”
Meanwhile, Labour has denied that there has been a data breach or a security flaw in its systems after the Times reported the party’s website had exposed the names of online donors.
Following reports of a second cyber-attack, a Labour Party spokesperson said: “We have ongoing security processes in place to protect our platforms, so users may be experiencing some differences. We are dealing with this quickly and efficiently.”
What is a DDoS attack?
DDoS attacks direct huge amounts of internet traffic at a target in an effort to overwhelm computer servers, causing their software to crash.
They are often carried out via a network of hijacked computers and other internet-connected devices known as a botnet.
DDoS attacks are not normally recognised as being a hack as they do not involve breaking into a target’s systems to insert malware.
They can vary in sophistication and size, and are sometimes used as a diversionary tactic to carry out a more damaging attack under the radar. Several companies provide services to repel DDoS attacks, but they can be costly. The BBC has confirmed that Labour is using software by the technology company Cloudflare to protect its systems.
The US-based company boasts it has 15 times the network capacity of the biggest DDoS attack ever recorded, meaning it should be able to absorb any deluge of data directed at one of its clients.
BBC political correspondent Jessica Parker said “Labour Connects”, a tool for campaigners to design and print materials was disrupted on Monday and was “closed for maintenance” on Tuesday morning. A message on the site on Monday said it was experiencing issues “due to the large volume of users”.
Labour leader Jeremy Corbyn said Monday’s cyber-attack was “very serious” and also “suspicious” because it took place during an election campaign.
“If this is a sign of things to come, I feel very nervous about it,” he said.
In a letter sent to Labour campaigners, Niall Sookoo, the party’s executive director of elections and campaigns, said:
Yesterday afternoon our security systems identified that, in a very short period of time, there were large-scale and sophisticated attacks on Labour Party platforms which had the intention of taking our systems entirely offline. …Every single one of these attempts failed due to our robust security systems and the integrity of all our platforms and data was maintained.
Labour’s general secretary Jennie Formby said on Twitter the attack was a “real concern” but she added she was proud of the party’s staff who “took immediate action to ensure our systems and data are all safe”.
Emily Orton, from Darktrace, an AI company for cyber-security, told BBC Radio 4’s The World at One:
Really this is the tip of the iceberg in terms of the types of threats that, not just the Labour Party, but all political parties are going to be without a doubt experiencing on a daily basis. …I think anyone involved in politics and in government need to be preparing themselves for a lot more stealthy, sophisticated attacks than this.
Source: BBC News