It was a bad start to the week for the British Labour Party. On Monday, the site through which supporters contribute to their election campaign was attacked, and the next day a DDoS (distributed denial of service attack) hit its main website, aiming to put it offline. Labour Connects, a tool for activists to help in the design and printing of materials, was “closed for maintenance” on Tuesday morning, the day of the DDoS attacks.
Jeremy Corbyn, the leader of the party, has called these attacks, coinciding with the electoral campaign, “suspicious” and “very serious.” On Dec. 12, Labour will try to win at the polls against Boris Johnson’s Conservatives, which might open up a different scenario around Brexit, perhaps featuring the proposal for a new referendum that might avert it.
The news of the attacks was confirmed by the British Cyber Security Center, and a Labour source said that the attacks had come from computers located in Russia and Brazil. However, in the face of allegations raised in the Times about a leak of sensitive information about the party’s donors, Nial Sookoo, Labour’s executive director for elections and campaigns, said in a letter to members that “every single one of these attempts failed because of our robust security systems and the integrity of all our data platforms was maintained.”
He was referring in particular to the fact that Labour is a client of Cloudflare, a company that specializes in thwarting DDoS attacks, but one which not all potential targets can afford due to the costs. DDoS attacks work by directing enormous amounts of internet traffic to a target in an attempt to overwhelm the web servers and cause their software to crash. They are often performed by means of networks of infected computers known as botnets.
Furthermore, DDoS attacks are often not identified immediately, because they don’t involve a clear breach of the systems involved and are often used as a diversionary tactic. This is a typical behavior of “nation-state hackers,” such as the North Korean Lazarus group that uses DDoS attacks and ransomware to cover its tracks after attacks targeting financial information.
Kaspersky, a well-known cybersecurity company, warned just a few days ago that DDoS attacks have increased by 30% during the third quarter of this year. They are being directed particularly against schools and small and medium-sized enterprises (SMEs) and they often originate from ‘zombie’ computer networks—such as those which are being rented out by 15-year-old hackers on Instagram, who are doing the dirty work for far more dangerous criminal organizations—causing an average of $138,000 in damages for each attack.
This is a serious problem. Darktrace, a company developing artificial intelligence for cybersecurity, has put out an alert advising all governments to prepare for much more sophisticated attacks, since “this is the tip of the iceberg in terms of the types of threats that, not just the Labour Party, but all political parties are going to be, without a doubt, experiencing on a daily basis.”
This is one more reason to appreciate the publication in the Italian Official Gazette of the Prime Minister’s Decree which establishes the Computer Security Incident Response Team (CSIRT) at the Security Intelligence Department (DIS).
The Italian CSIRT will replace the previous CERT-PA agency within four months and will take over the role of the prevention and management of cyber incidents at the national level, with the duty to inform other EU states that may potentially be involved, promote the exchange of information and best practices and identify the most appropriate forms of cooperation in the face of cyber attacks. All these things are urgently needed.