There’s no denying that foreign entities want to attack the UK and its political institutions, you just need to look at the recent report by the The National Cyber Security Centre (NCSC) to know that. However, allegations by the UK’s Labour party that it has been the target of a sophisticated attack by Russian or Chinese hackers are not exactly accurate.
The NCSC has said that Labour’s claims of being targeted by a sophisticated attack were unfounded. Instead, the party was affected by a distributed denial of service (DDoS) attack, which works by simply using an army of bots to access the Labour party’s website all at the same time, slowing down access for everyone else. It’s hardly what one would describe as ‘sophisticated’.
After the Labour party cried foul about the first cyber attack, which the party claimed occurred early Tuesday morning, the party doubled down and claimed that it had also been targeted a second time in yet another ‘sophisticated’ attack. This second attack began at around 1:20pm, according to official statements from the Labour party.
Just like the first attack, however, the second also used DDoS methods, thus not even meeting the NCSC’s definition for the lowest level of threat. The most ironic thing about both attacks is that the Labour party utilises Cloudflare’s services, which are designed to protect against DDoS, and did exactly that - both times.
In fact, according to the European cybersecurity reporter for the Reuters news agency, sources at Cloudflare described the attack as “nothing more than what you would expect to see on a regular basis. It looked like someone bored in their bedroom with a botnet.”
We know that blaming Russia and China for meddling in elections and playing the victim card works well with the electorate, it has worked for both Trump and the Democrats over in the US. However, cybersecurity is no joke, and trivialising it by classing a DDoS attack as a ‘sophisticated’ attack is a mistake on the part of the Labour party.
It’s especially disappointing as the Labour party has previously criticised the Conservative government for its attitude towards cybersecurity. Earlier this year the Conservatives rejected calls to assign a minister specifically to the cybersecurity brief, something Labour criticised. The Labour party has previously promised to “overhaul cyber-security and provide the leadership that has for too long been sorely lacking,” but this latest incident dents the party’s expertise in the area.