Almost anyone could have cyber-hacked the Labour Party and now our democracy is under threat – The Independent

Today the Labour Party was the victim of a large and sophisticated cyber attack. It shouldnt come as a surprise, however. After the hack of the US Democratic National Committee in 2016, security experts warned it was only a matter time before a UK political party was targeted.

Hacker politics is nothing new to parties though. In fact, they often use it to their advantage, leveraging dark data and social media manipulation techniques. Yet our entire system of political regulation is still stuck in the20thCentury and unprepared for the current threat from foreign state or private criminal hacking.

The Electoral Commission devotes almost all of its resources to the problems faced by electoral systems in an analogue world. Todays breach has exposed how urgently the independent body needs to develop its e-regulations to control how political parties remain digitally secure, and how they can use data responsibly and fairly.

Sharing the full story, not just the headlines

In the absence of any specific requirements for data security within political parties, organisations are left to muddle through. The situation is murky enough that just last week the Information Commissionerwroteto all major political parties reminding them they are not above data protection law (the assumption being that perhaps they believed they were).

Currently held by the SNP with a majority of 2

Getty

Currently held by Labour with a majority of 20

Getty

Currently held by the SNP with a majority of 21

Getty

Currently held by independent, formerly Labour, MP Ian Austin with a majority of 22

LivingInMediocrity

Currently held by Labour with a majority of 30

Derek Harper

Currently held by the Conservatives with a majority of 31

Rob Candish

Currently held by the Conservatives with a majority of 45

Robin Webster

Currently held by Labour with a majority of 48

Jaggery

Currently held by the SNP with a majority of 60

Alec MacKinnon

Currently held by the SNP with a majority of 75

Christine Johnstone

Currently held by the SNP with a majority of 2

Getty

Currently held by Labour with a majority of 20

Getty

Currently held by the SNP with a majority of 21

Getty

Currently held by independent, formerly Labour, MP Ian Austin with a majority of 22

LivingInMediocrity

Currently held by Labour with a majority of 30

Derek Harper

Currently held by the Conservatives with a majority of 31

Rob Candish

Currently held by the Conservatives with a majority of 45

Robin Webster

Currently held by Labour with a majority of 48

Jaggery

Currently held by the SNP with a majority of 60

Alec MacKinnon

Currently held by the SNP with a majority of 75

Christine Johnstone

Worryingly, the Labour Party websitesprivacy policy, under How we protect your information, makes no mention of any technical cybersecurity measures. It does not even specify whether the party uses a certified data centre.

It appears that this Labour breach (a DDoS or Distributed Denial of Service) was not a highly sophisticated form of cyber attack. These weapons which, if ever successful, could seriously disrupt or even swing an election can be easily sourced by anyone on the dark web. There is a de facto right to bear digital arms and no one is taking it seriously.

There is every chance, however, that a foreign government was directly or indirectly behind this attack. Russia is best-known for having a high level hacking capability that is directed from within the Kremlin, but China, Iran, and even North Korea are known to have hacker special forces within their military and intelligence apparatus.

A state actor could have outsourced this to attempt to cover their tracks, or perhaps even deliberately used a relatively low-tech method to make it look like it was a small hacktivist group rather than a foreign government.

The only thing we can say with certainty is that our democracy is vulnerable. This is not a particular criticism of the Labour Party, or even all political parties. Recent successful cyberattacks have targeted large companies, and the fact that this hack is believed to have been successfully defended against suggests that Labour had at least some measures in place.

Political parties must be held to a higher standard than other organisations, however. I know small businesses with more robust security measures than the political parties who make up our parliament, with all the consequences for national security that come with that.

More broadly, the threat is even bigger. Political parties have access to a huge amount of personal data. The Labour Party, for example, has detailed data on half a million members. But like any major party, they will also have a data operation that seeks to profile every British voter.

This big data makes political parties more effective, but also makes them more attractive targets for cyber attackers. Any hacker looking for a huge data haul in an organisation that is perhaps bureaucratic or out-dated in its security measures would quickly find him or herself setting their sights on British political parties.

Support free-thinking journalism and attend Independent events

No-one knows how exactly this data has been collected, because there are almost no rules about this: laws likeGDPRare, as Edward Snowden recently claimed, a paper tiger, focussing on data protection, not data collection. This means that there is likely a much larger data haul within political parties than many of us realise.

It is time for the Electoral Commission to take this seriously. Fraudulent postal ballots might corrupt a single constituency, but a successful hack can destroy our entire democracy. Some may say it is just a matter of time.

JamalAhmedis aFellow of Information Privacyand founder ofKazient Privacy Experts

Continued here:
Almost anyone could have cyber-hacked the Labour Party and now our democracy is under threat - The Independent