In a piece of news first brought to my attention by Softpedia on April 13th 2016, members of British Parliament suggest that a DDoS attack may have effected voter registration ahead of the UK’s Brexit referendum vote last year. Though an official investigation went on to conclude that “The incident had no impact on the outcome of the referendum,” as many as 515,256 citizens attempted to sign up for registration during the last hours of eligibility on June 7th, the same day the servers were crashed by the attack.
Additionally, once the deadline for registration was extended following the crash, not including new signups, the Government found that 436,347 individuals accidentally created duplicate accounts – fearing that their original applications did not register. So, forgetting all the people who created new accounts after the deadline extension whom were not effected by any of this, we are literally talking about at least +900,00 voters who were effected by this hack.
You might remember, the UK referendum was decided by less than 1.3 million votes. Considering the global/political implications of this vote, this attack was by no means a small incident.
Upon reading through the official report, what I found most telling was the attention that Parliament chose to give to this incident. For example, if you go to www.parliament.uk you will find a summarized version of their report. What is interesting to me is that, despite the full report being hundreds of pages in length, Parliament chose to dedicate 1 of only 6 paragraphs to this particular incident in their summary. If it wasn’t important and had no effect on the overall vote, why would the Government focus so heavily on this cyber attack within an official summary of the entire referendum process in general?
Read The Full Report Here: https://www.publications.parliament.uk/pa/cm201617/cmselect/cmpubadm/496/49602.htm
Regardless, according to the official Cyber Security Report issued by UK’s Parliament, “On 7 June 2016, hours before the deadline for individuals to register to vote at the EU referendum, the voter registration website crashed.” Though the crash was initially “blamed on “unprecedented demand” for the service,” Government officials said they could “not rule out the possibility that there was foreign interference in the EU referendum caused by a DDOS (distributed denial of service attack) using botnets.”
Though there was no direct evidence, the report indicates that the attack appeared to be in line with other cyber attacks known to have beeen carried out by Russia and China in the past. The report also goes on to explain how “Russia and China use a cognitive approach based on understanding of mass psychology and of how to exploit individuals. The implications of this different understanding of cyber-attack, as purely technical or as reaching beyond the digital to influence public opinion, for the interference in elections and referendums are clear.”
Once again, though Parliament maintains that the cyber attack did not have “any material effect on the outcome of the EU referendum,” Parliament added that they are still “deeply concerned about these allegations about foreign interference” none the less.
Ultimately, the report concludes that “the Government clearly failed to undertake the necessary level of testing and precautions required to mitigate against any such surge” in traffic on the website, ultimately allowing the servers to collapse. The Association of Electoral Administrators also criticized the government and the Electoral Commission “for a clear lack of contingency planning,” implying that the Government must work to do better if it plans to continue to use technology in national elections in the future.
For all you n00bs out there who might have questions, “DDoS Attack” stands for a “Distributed Denial of Service Attack” and this is a popular mechanism used by hackers to temporarily crash servers or take websites offline. A DDoS attack works by flooding a network connection or server with digital traffic, think of it much like a traffic jam.
The more cars on the highway, the more congested exits become and the slower traffic on the highway gets, before it can ultimately be reduced to a literal standstill. A DDoS attack works no different, just replace cars with computers/devices/bots and exits on the highway with an internet location/endpoint/IP Address.
Believe it or not, the attack in question would not have been that hard to pull off either. Any hacker or penetration tester will tell you that it is much easier to take down a website/server if it is already operating at a high capacity – such as a Government website processing hundreds of thousands of visitors a day. The Government’s report even alludes to this, that the “cyber attack” may not have been a DDoS attack at all. Rather, perhaps it was just too many UK citizens logging on the site all at once, which would act similarly to a DDoS attack.
If you have ever heard about Lizard Squad or Poodle Corp, this is what made them famous. These groups have made international headlines over the years for crashing servers attached to popular gaming services, from PlayStation to Pokemon Go. However, what these groups are actually doing is really nothing special, they simply take servers which are operating with a high volume of users (gammers) and then then launch a DDoS attack on it to push the server over its limit – ultimately causing it to crash. The attack on the Parliaments voter registration website would not been any different.
According to two different reports which came out at the end of March 2017, there was a +400% increase in the number of devices hijacked for use in botnets in 2016, while DDoS attack profit margins have now increased by nearly 95% over the same time. Needless to say, if you aren’t familiar with DDoS attacks or Botnets by now, you should get used to hearing a lot more about them in the future.
Categories: Hacking News