Labour Party confirms cyber attack was DDoS

Labour says it has come under fire from a "sophisticated and large-scale cyberattack" - a month before the General Election.

The scariest hacks and vulnerabilities of 2019 This year's most serious security incidents, data breaches, and vulnerabilities.

The Labour Party has been hit with what it describes as a "large-scale cyberattack".

A Labour spokesperson told ZDNet that a Distributed Denial of Service (DDoS) attack affected the party website and online campaigning tools and platforms after they were flooded with millions of requests.

The tools were offline some time Monday while the IT and digital teams worked to get things back up and running after the party said it "took swift action" with "robust security" hindering the impact of the attack. 

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

"The integrity of all our platforms was maintained and we are confident that no data breach occurred," Labour said in an email to ZDNet.

"Our security procedures have slowed down some of our campaign activities, but these were restored this morning and we are back up to full speed," the statement added.

A few hours after reports of the initial DDoS attack first emerged, the Labour Party website was subjected to a second DDoS attack and was briefly down. As of Tuesday evening, some visitors to the site are still forced to wait a few seconds while DDoS protection services verify the request before they can gain access.

(DDoS) attacks are a form of cyber attack in which attackers direct a large amount of web traffic at a target in order to overwhelm the host infrastructure, resulting in the victim's web services being slowed down or taken entirely offline. 

While Labour has described the attack as "sophisticated", even low-level attackers can deploy disruptive DDoS attacks, because there are a number of vendors on underground forums who offer DDoS-for-hire services. These malicious operations allow attackers without high levels of skill to pay just a few dollars to direct web traffic at their intended victim.

The incident has been reported to the National Cyber Security Centre (NCSC).  "The Labour Party followed the correct, agreed procedures and notified us swiftly. The NCSC is confident the party took the necessary steps to deal with the attack. The attack was not successful and the incident is now closed," said an NCSC spokesperson.

The attack comes in the early stages of the General Election campaign, with the UK set to go to the polls on December 12.

According to the BBC, Labour Party leader Jeremy Corbyn told the media gathered at a policy launch that the cyber attack was "very serious" and that "If this is a sign of things to come, I feel very nervous about it." Corbyn added that Labour is looking into who was behind the attack.