The U.K. Labour Party’s digital platforms have been the target of distributed denial of service attack activity since yesterday, impeding access to the political body’s main website.
The initial wave of DDoS attacks took place on Nov. 11. Multiple news reports today quoted a Labour Party spokesperson as saying that the barrage of fake traffic “failed due to our robust security systems.”
But SC Media has learned that a new round of attacks took place this afternoon (London time), and this one appears at least successful in denying access to the party’s digital properties.
An attempt to access https://labour.org.uk resulted in an Error 1020 “Access Denied” message that said: “This website is using a security service to protect itself from online attacks.” The website uses services from web infrastructure and security firm Cloudflare.
Moreover, the BBC reported that “Labour Connects,” a tool that helps campaigners design and print materials remains “closed for maintenance” following the initial DDoS assault.
“We have ongoing security processes in place to protect our platforms, so users may be experiencing some differences. We are dealing with this quickly and efficiently,” a Labour spokesperson told SC Media via email.
There have been some conflicting reports on the nature of the DDoS activity. The Register has reported that Niall Sookoo, the Labour Party’s executive director of elections and campaigns, said in a letter to campaigners that the attackers were “large-scale and sophisticated” with “the intention of taking our systems entirely offline.”
The BBC, on the other hand, said reporting staff was told the original DDoS wave originated from computers located in Russia and Brazil; however, it was regarded as a low-level incident and a nation-state actor is not believed to be involved.
According to the BCC, Jeremy Corbyn, Labor Party leader, said the attack was “very serious” and “suspicious” because it took place during an election campaign. The 2019 UK general election will take place on Dec. 12, 2019.
Meanwhile, Britain’s The Times separately has reported that the Labour Party’s website errantly published the names of its donors, in the process exposing their names and amount contributed. The party reportedly removed the information after being alerted of the issue.
“The Labour Party takes its responsibilities for data protection extremely seriously. If any concerns are raised, we assess them in line with our responsibilities under GDPR and the Data Protection Act,” said a Labour spokesperson in an email comment.
However, SC Media has been told that the party does not believe the mistake rises to the level of a reportable personal data breach.