Was the Labour Party cyber attack really that sophisticated?

Several security experts have questioned whether it was as complex as the party first made out.

Sign Up

Get the New Statesman's Morning Call email.

Early on Tuesday morning, the Labour Party's head of campaigns, Niall Sookoo, sent out a mass email to supporters. "Yesterday afternoon," Sookoo wrote, "our security systems identified that, in a very short period of time, there were large-scale and sophisticated attacks on Labour party platforms". The attacks, he added, "had the intention of taking our systems entirely offline".

The Labour leader Jeremy Corbyn has since described the incident as "suspicious", while the party's general secretary, Jennie Formby, said in a tweet that although no data had been breached, it was of "real concern". But the timing of the announcement has aroused suspicion among some security researchers.

Less than twelve hours before the statements were issued, The Times had reported that a security flaw in the Labour Party's website may have exposed some donors' names, the size of their donations and the time at which they were made. Professor Alan Woodward, a cyber security expert at Surrey University who corroborated the flaw, said he was surprised by the timing and wording of Labour's official statement. "It's a funny juxtaposition that this story was released with quite a lot of hyperbole at the very moment that another story came out about a potential leak of donor data," he told the New Statesman. "[This is one way to] say they have sophisticated security methods to protect data."

There is no suggestion that Labour has fabricated the details of attack, but several security experts have questioned whether it was as complex as the party first made out. A Labour source told media on Tuesday morning that the attacks originated from computers in Russia and Brazil, but New Statesman understands that an initial government investigation suggests there is no evidence to indicate it was carried by state actors. 

The attack, which reoccurred on Tuesday afternoon, has been classified as a Distributed Denial of Service (DDoS) attack. It is often difficult for security analysts to attribute such attacks because they leverage thousands of compromised devices around the world to send rapid requests to targeted servers, rendering them unable to process legitimate user activity. On the dark web, it's possible to buy access to "botnets" and use them to launch attacks for just £15. "[Labour is] trying to imply that it could be a nation state, but it could be anyone," said Woodward.

Whatever the motivations of the attack, it does serve to highlight the threat that politicians and campaigners face online, especially during elections campaigns. Since parliamentary email accounts were breached by a suspected state actor in 2016, the National Cyber Security Centre has revealed more details of its “defending democracy” programme. In its annual review last month, it said that “the foundations of liberal democracy are under increasing threat" from malicious actors. 

The Labour Party has not responded to questions about the timing and phrasing of the announcement. 

Oscar Williams is editor of the New Statesman's sister site NSTech.