Russia and China may, or may not, be to blame for a crash in the UK’s voter registration website in the weeks leading up to the EU referendum, according to a report by parliament’s cross-party Public Administration and Constitutional Affairs Committee (PACAC).
The PACAC’s findings published today did not rule out the possibility that the crash resulted from an intentional Distributed Denial of Service (DDoS) cyber attack carried out by foreign powers.
A DDoS attack is an attempt to take a website offline by overwhelming it with internet traffic, but there is no proof that the EU referendum voter registration website was the victim of a hack.
Karl Greenfield, head of cyber security at Capital Network Solutions told Verdict it is very difficult to know when cyber criminals are involved.
“There seems to have been no technical data made available in support of the claim that the website could have been the target of “foreign hackers”, so the symptoms displayed could equally be attributed simply to an overload of one of the systems components due to high demand, failure, or other cause.”
However, the committee’s report entitled Lessons learned from the EU Referendum suggested foreign actors may have played a role in causing the website to crash:
“Russia and China use a cognitive approach based on understanding of mass psychology and of how to exploit individuals. PACAC is deeply concerned about these allegations about foreign interference.”
A spokeswoman from the Cabinet Office rejected the report’s conclusion, saying that the outage “was due to a spike in users just before the registration deadline. There is no evidence to suggest malign intervention,” the Financial Times reported.
However, Ben Bradshaw the Labour MP for Exeter disagrees.
“I have repeatedly raised concerns about possible Russian interference in last year’s referendum campaign. Not just possible cyber-attacks like this, but Kremlin-funded propaganda and social media campaigns and Russian funding,” he told Verdict.
“I’ve been stonewalled by government ministers. There are a number of other parliamentary and other inquiries on-going into this whole area, which I hope will get to the truth one way or another,” he added.
On 7 June, the website crashed at 10:15pm London time, less than two hours before the deadline for people to register to vote.
Users reported seeing a page displaying the message “504 Gateway Time-out” instead of the online registration form.
The glitch, which was blamed on record numbers of people trying to access the site, prompted the UK government to extend the deadline to midnight on 9 June. An estimated 430,000 people applied to register to vote during that extension period.
The PACAC’s chairman Conservative MP Bernard Jenkin, told BBC News there was “circumstantial”, rather than “hard and fast” evidence that the registration site had been targeted by foreign hackers.
The committee called on the government to launch a new Cyber Security Centre to reduce the likelihood of future attacks on UK elections and referendums.
Russia was accused of trying to influence the 2016 US presidential election.
In the ongoing French presidential election, comments from the country’s intelligence community suggest that Russia is covertly supporting the candidacy of Marine Le Pen, leader of the far-right National Front party.
“Since no actual voter tampering is required to cast doubt upon the process and political forces from any side can easily make claims, the best course of action going forward is to ensure that large volumes of Internet traffic can be diverted and contained when necessary,” Scott Schober, a cyber security expert and the author of Hacked Again told Verdict.
“The primary failure of the UK was to not take the necessary precautions needed to mitigate against large surges in web traffic regardless of where they originated.”