A UK lawmaker’s committee report appears to imply that a website (used to register for voting in the EU ‘Brexit’ referendum) may have been caused to crash by a cyber attack carried out by a foreign power.
The Public Administration and Constitutional Affairs Committee (PACAC) indicated that a crash of the vote registering website on June 7th last year, just before the cut-off point (which had to be extended because of the crash), may have been caused by a Distributed Denial of Service (DDoS) cyber attack.
What Is A Distributed Denial of Service (DDoS) Attack?
A Distributed Denial of Service (DDoS) attack is a cyber attack that is intended to make a computer or network unavailable to users. The attack uses a ‘botnet’ of multiple compromised systems (sometimes thousands) that are often infected with a Trojan virus to launch a single attack on one system. The sheer number of requests that the target receives (sometimes called a ‘flood’) typically overload the resources and memory, and render the targeted computer or network unavailable.
Not Ruling It Out
PACAC’s report into the public’s view of the government’s handling of Brexit actually stated that it did not rule out the possibility that the crash was caused by a DDoS attack, and said that it was deeply concerned about allegations of foreign interference.
Commentators have noted that, in the light of reports of the alleged interference in the US election process by Russia, and the mention in the PACAC report of Russia and China’s use a cognitive approach to ‘cyber’, the implication is that the attack on the website may have been state-sponsored by either of those countries.
No Hard Evidence
Despite the implication of Russia and China in the report, no clear evidence has been publicly produced to support this.
A Cabinet Office report into the crash at the time is reported to have concluded that the most likely explanation for the outage was that there was a large spike in user numbers just before the referendum voting registration deadline.
What Does This Mean For Your Business?
Business and government websites are constantly at risk of all manner of cyber attacks. Only last week it was reported that a China-based hacking group had been targeting UK business data since 2014, and DDoS attacks are now a very common and low-cost way for cyber criminals from any country to inflict damage on business websites. The best approach for businesses is to make sure that they are well prepared against a wide range of threats. This could include prioritising the issue and making sure that basic cyber security steps are taken at the very least - see https://www.cyberstreetwise.com/cyberessentials/. Now may also be a good time therefore for businesses to seek other professional advice about measures that could be taken to ensure cyber resilience such as cyber security training for staff, health checks, risk assessments / audits, cyber security policies, Business Continuity and Disaster Recovery Plans.