Party reports double cyber incursion to NCSC

Credit: Steve Parsons/PA Archive/PA Images

The Labour Party has been targeted by a second cyberattack just 24 hours after a similar effort disrupted some of its online systems.

The party confirmed a second Distributed Denial of Service (DDoS) attack – which aims to knock websites offline by flooding them with traffic – had been launched against them on Tuesday afternoon.

It is unclear whether the attack was launched by the same hackers as Monday evening’s incident or if it was a copycat attack.

Confirming the second bombardment, a party spokesperson said: “We have ongoing security processes in place to protect our platforms, so users may be experiencing some differences. We are dealing with this quickly and efficiently.”

Labour had said the initial attack had been “sophisticated and large scale”.

Related content

• Why cybersecurity would lead a Labour government’s digital transformation agenda
• Life hacks – a year at the National Cyber Security Centre
• DCLG cybersecurity leader urges councils to prepare for inevitable election attacks

But a source close to the party told Reuters both DDoS attempts were “very unsophisticated” with the second attack starting around 1:20pm on Tuesday and peaking just over an hour later.

Responding to the first attack, Jeremy Corbyn it had left him concerned about hackers attempting to disrupt the general election.

Speaking during a campaign event in Blackpool, the Labour leader said: “It was a very serious cyberattack. We have a system in place in our office to protect us against cyberattacks, but it was a very serious attack against us. So far as we are aware, none of our information was downloaded and the attack was actually repulsed because we have an effective in-house developed system by people within our party.”

He added: “But if this is a sign of things to come in this election, I feel very nervous about it all. Because a cyberattack against a political party in an election is suspicious and something one is very worried about.”

The party are also believed to have relied on third-party protection to stop the attacks, which they claim had not breached the “integrity” of their data.

Corbyn likened the incident to the 2017 ‘WannaCry’ ransomware attack which saw thousands of NHS computers taken offline, resulting in non-critical operations being cancelled.

And he said the attack was proof the UK needed “far better” defensive capabilities against cyber strikes.

”A cyberattack has happened in 2017 against our National Health Service is something that is incredibly dangerous to the health records and the healthcare and treatment of potentially millions of people,” he said. “So, we do need far better defensive arrangements against cyberattacks made against us. As to who undertook the attack, we are looking into all that at the moment and we have obviously reported the attack to the National Cyber Security Centre and they will be investigating it as well.”

A spokesperson for the NCSC said following the first incident: “The NCSC has worked closely with political parties for several years on how to protect and defend against cyberattacks. We met the major parties last week ahead of the general election.

“In terms of this incident, the Labour Party followed the correct, agreed procedures and notified us swiftly. The NCSC is confident the party took the necessary steps to deal with the attack. The attack was not successful and the incident is now closed.”