Incident: Labour Party Cyber-Attack: DDoS Incident During General Election Campaign

Published Date: 2019-11-12

Postmortem Analysis
Timeline 1. The software failure incident involving the Labour Party occurred on Monday and Tuesday [91882, 91854]. 2. The incident happened in November 2019. Therefore, the software failure incident involving the Labour Party occurred in November 2019.
System 1. Labour Party's digital platforms [91882, 91854] 2. Labour Connects tool for campaigners [91882]
Responsible Organization 1. The software failure incident, specifically the Distributed Denial of Service (DDoS) attacks on the Labour Party, was caused by unknown entities [91882, 91854].
Impacted Organization 1. Labour Party [91882, 91854]
Software Causes 1. The software cause of the failure incident was a Distributed Denial of Service (DDoS) attack targeting the Labour Party's digital platforms, which flooded their computer servers with traffic to try to take them offline [91882, 91854]. 2. The DDoS attacks disrupted Labour's software systems, causing their software to crash and slowing down their campaign activities [91882, 91854]. 3. The attack did not involve breaking into the Labour Party's systems to insert malware but rather overwhelmed their servers with internet traffic, causing software failure [91882]. 4. Labour utilized software by the technology company Cloudflare to protect its systems from DDoS attacks, indicating a reliance on software for security measures [91882].
Non-software Causes 1. The cyber-attacks on the Labour Party were attributed to Distributed Denial of Service (DDoS) attacks, which flood a computer server with traffic to try to take it offline. These attacks were carried out using botnets, networks of compromised computers [91882, 91854]. 2. The attacks were reported to have been carried out by a "non-state actor" [91854].
Impacts 1. The Labour Party's digital platforms experienced disruptions and slowdowns due to the DDoS attacks, affecting tools like "Labour Connects" used for campaigning [Article 91882]. 2. The attacks led to a temporary shutdown of some campaign activities, causing delays in their campaign efforts [Article 91854]. 3. The incident raised concerns about potential data breaches and exposed the names of some online donors due to a security flaw in the party's website [Article 91882]. 4. The attacks highlighted vulnerabilities in political parties' cybersecurity defenses, indicating the need for enhanced protection against cyber threats [Article 91882, Article 91854].
Preventions 1. Implementing robust cybersecurity policies and security systems to detect and mitigate cyber-attacks, such as Distributed Denial of Service (DDoS) attacks, could have prevented the software failure incident [91882, 91854]. 2. Utilizing services provided by companies like Cloudflare, which offer DDoS protection services and have the capacity to absorb large amounts of internet traffic directed at their clients, could have helped prevent the DDoS attack from taking down the systems [91882, 91854]. 3. Conducting regular security assessments and audits to identify and address any potential security flaws or vulnerabilities in the software systems could have prevented the exposure of donor information and potential security breaches [91882]. 4. Ensuring proper data protection measures in line with GDPR (General Data Protection Regulation) and the Data Protection Act to safeguard sensitive information and prevent unauthorized access could have helped prevent the data exposure incident [91882].
Fixes 1. Implementing robust cybersecurity policies and procedures to protect against DDoS attacks and other cyber threats [91882, 91854]. 2. Utilizing DDoS protection services provided by companies like Cloudflare to mitigate the impact of DDoS attacks [91882, 91854]. 3. Enhancing monitoring and detection capabilities to swiftly identify and respond to cyber-attacks [91882, 91854]. 4. Conducting regular security assessments and audits to identify and address any vulnerabilities in the software systems [91882]. 5. Educating staff and users on cybersecurity best practices to prevent potential security breaches [91882]. 6. Ensuring compliance with data protection regulations such as GDPR to safeguard personal data [91882].
References 1. Labour Party spokesperson [Article 91882] 2. National Cyber Security Centre [Article 91882] 3. Labour general secretary Jennie Formby [Article 91882] 4. Emily Orton from Darktrace [Article 91882] 5. Information Commissioner's Office [Article 91882] 6. Labour spokeswoman [Article 91854] 7. Whitehall sources [Article 91854] 8. Niall Sookoo, Labour's head of campaigns [Article 91854] 9. Brian Higgins, security specialist at Comparitech.com [Article 91854]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident has happened again at one_organization: - The Labour Party faced a second cyber-attack, described as a "sophisticated and large-scale" attempt to disrupt its digital systems, just a day after the initial attack [Article 91854]. - The party reported that the attacks were aimed at their digital platforms, including election and campaigning tools containing details about voters [Article 91854]. - Labour confirmed that the attacks were DDoS attacks, which flooded their servers with requests to overwhelm them [Article 91854]. - The party assured that their security systems prevented any data breach despite the attacks [Article 91854]. (b) The software failure incident has happened again at multiple_organization: - The articles do not mention any other organizations experiencing similar cyber-attacks or software failures.
Phase (Design/Operation) design (a) The software failure incident related to the design phase: - The incident involved a Distributed Denial of Service (DDoS) attack on the Labour Party's digital platforms, which flooded a computer server with traffic to try to take it offline [91882]. - The attack was sophisticated and large-scale, targeting Labour's digital platforms, including election and campaigning tools containing details about voters [91854]. - Labour reported the attack to the National Cyber Security Centre and stated that their security systems successfully thwarted the attempts, maintaining the integrity of their platforms and data [91854]. - The incident led to a disruption in campaign activities, with some tools like "Labour Connects" being closed for maintenance due to the attack [91882]. (b) The software failure incident related to the operation phase: - The incident caused a slowdown in campaign activities due to security procedures, but these were restored the following morning, indicating an impact on the operation of campaign tools [91854]. - Labour experienced differences in user experience on their platforms as a result of the ongoing security processes in place to protect against the cyber-attacks [91882]. - The attack did not result in a data breach, and Labour was confident that their security systems prevented any unauthorized access to data despite the disruption in operations [91854]. - The attack did not lead to a breach of data protection regulations, and Labour took steps to address the exposure of donor names through an online tool [91882].
Boundary (Internal/External) within_system, outside_system (a) within_system: - The software failure incident involving the Labour Party's digital platforms being targeted by distributed denial of service (DDoS) attacks was due to factors originating from within the system. The attacks aimed to disrupt the party's digital systems, including election and campaigning tools, which contained details about voters [91854]. - The incident involved a DDoS attack that flooded the computer servers with traffic, causing their software to crash. The attack was aimed at taking the Labour Party's systems offline, but it failed due to the party's robust security systems [91882]. (b) outside_system: - The DDoS attacks on the Labour Party were reported to have originated from computers in Russia and Brazil, indicating that the contributing factors for the attack came from outside the system [91882]. - The initial indications suggested that the attack on the Labour Party's digital platforms was carried out by a "non-state actor," implying that the source of the attack was external to the party's systems [91854].
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident occurring due to non-human actions: - The software failure incident in the articles is related to Distributed Denial of Service (DDoS) attacks, which flood a computer server with traffic to try to take it offline [91882, 91854]. - DDoS attacks are carried out via a network of hijacked computers and other internet-connected devices known as a botnet, where the owners may be unaware their equipment is involved [91882]. - The attack on Labour's digital platforms was described as a "sophisticated and large-scale cyber-attack" [91854]. - The attack was not successful in taking the systems offline due to the party's robust security systems [91854]. - Labour reported the attack to the National Cyber Security Centre and took swift action to protect their platforms [91854]. - Labour is using software by the technology company Cloudflare to protect its systems from DDoS attacks [91882]. (b) The software failure incident occurring due to human actions: - The incident involving the exposure of donors' names due to a security flaw in the Labour Party's online tool was attributed to human actions [91882]. - The details of donors were exposed via an RSS web feed generated by the site's code, which was considered a security flaw [91882]. - Labour made changes to shut down the RSS feed to address the issue [91882]. - The Information Commissioner's Office mentioned monitoring how personal data is being used during political campaigning to ensure parties are aware of their responsibilities [91882].
Dimension (Hardware/Software) software (a) The articles do not provide information about the software failure incident occurring due to hardware issues. (b) The software failure incident reported in the articles is related to a cyber-attack, specifically a Distributed Denial of Service (DDoS) attack on the Labour Party's digital platforms. This attack flooded the computer servers with traffic to try to take them offline, causing their software to crash [91882, 91854].
Objective (Malicious/Non-malicious) malicious, non-malicious (a) The software failure incident related to the cyber-attacks on the Labour Party's digital platforms can be categorized as malicious. The incidents involved Distributed Denial of Service (DDoS) attacks, which flood computer servers with traffic to try to take them offline. The attacks were described as "sophisticated and large-scale" attempts to disrupt the party's systems [91854]. The attacks were not successful in taking the systems offline due to the party's robust security systems [91854]. Labour Party officials reported the attacks to the National Cyber Security Centre, indicating the seriousness of the incidents [91854]. Additionally, the attacks were seen as suspicious given the timing during an election campaign, raising concerns about potential malicious intent [91882]. (b) The software failure incident can also be considered non-malicious in the sense that it was not a result of a data breach or a security flaw in the systems. The Labour Party denied that there was a data breach or a security flaw in its systems after reports surfaced about the exposure of donor names via an online tool [91882]. The party took immediate action to address the issues and shut down the RSS feed that exposed the names [91882]. The incident involving the exposure of donor names was not described as a deliberate act to harm the system but rather a vulnerability that was addressed promptly [91882].
Intent (Poor/Accidental Decisions) unknown (a) The intent of the software failure incident related to poor_decisions: - The software failure incident involving the Labour Party being hit by cyber-attacks was not due to poor decisions but rather deliberate malicious actions by threat actors attempting to disrupt the party's digital systems [91882, 91854]. (b) The intent of the software failure incident related to accidental_decisions: - The software failure incident was not caused by accidental decisions but rather deliberate and sophisticated attacks aimed at overwhelming the Labour Party's digital platforms [91882, 91854].
Capability (Incompetence/Accidental) unknown (a) The articles do not provide information indicating the software failure incident was due to development incompetence. (b) The software failure incident reported in the articles was due to a deliberate cyber-attack, specifically a Distributed Denial of Service (DDoS) attack. The attack was described as sophisticated and large-scale, aimed at disrupting Labour's digital systems [91854]. The attack utilized botnets to flood the server with requests, overwhelming it and causing disruption to the party's digital platforms [91854]. The incident was not accidental but a targeted attack by malicious actors aiming to take the systems offline [91854].
Duration temporary The software failure incident reported in the articles was temporary. The incident involved a Distributed Denial of Service (DDoS) attack on the Labour Party's digital platforms, which caused disruptions and slowdowns in their systems. The attack was described as "sophisticated and large-scale" but was ultimately thwarted by the party's robust security systems [Article 91854]. The incident was not permanent as the attack did not result in a data breach, and the party was confident that the integrity of all their platforms and data was maintained. The attack led to a slowdown in some campaign activities, but these were restored, and the party was back to full speed the following day [Article 91854].
Behaviour crash, other (a) crash: The software failure incident in the articles can be categorized as a crash. The incident involved Distributed Denial of Service (DDoS) attacks that aimed to overwhelm Labour Party's computer servers, causing their software to crash [91882, 91854]. (b) omission: There is no specific mention of the software failure incident being related to omission in the articles. (c) timing: The incident does not seem to be related to timing issues where the system performs its intended functions but at the wrong time. (d) value: The incident does not involve the system performing its intended functions incorrectly. (e) byzantine: The incident does not exhibit characteristics of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. (f) other: The behavior of the software failure incident can be described as a targeted cyber-attack through DDoS attacks, aiming to disrupt the Labour Party's digital systems by overwhelming their computer servers with traffic, leading to a crash in the software functionality [91882, 91854].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, delay (d) property: People's material goods, money, or data was impacted due to the software failure Both articles [91882, 91854] mention that the Labour Party faced cyber-attacks that targeted their digital platforms, potentially exposing sensitive information such as donors' names and donation amounts. The incident led to the exposure of personal data via an RSS web feed, which could be accessed by inspecting the site's code. Labour took action to shut down the RSS feed to prevent further exposure of donor information. Additionally, the attacks disrupted Labour's digital systems, causing delays and impacting their campaign activities.
Domain information, government (a) The failed system in the incident was related to the information industry, specifically in the context of political campaigning and election activities. The Labour Party's digital platforms, including tools for campaigners and online donation processing, were targeted by cyber-attacks, affecting their ability to disseminate information, engage with voters, and manage campaign activities [91882, 91854]. (l) Additionally, the incident is related to the government industry as it involved attacks on a political party, the Labour Party, during an election campaign. The cyber-attacks aimed to disrupt the party's digital systems, which are crucial for political campaigning, voter engagement, and data management within the political context [91882, 91854].

Sources

Back to List