A government voter registration website in the UK that crashed in the hours before the deadline for registering to vote ahead of last year’s Brexit referendum..
A government voter registration website in the UK that crashed in the hours before the deadline for registering to vote ahead of last year’s Brexit referendum could have been targeted by a denial of service attack.
The observation is contained in a report by the Public Administration and Constitutional Affairs Committee (PACAC), entitled Lessons from the EU referendum.
In a section discussing software problems, the committee describes the website crash as the “most significant example of software failure”, and says it cannot rule out the possibility that the “exceptional surge in demand” to register for votes ahead of the deadline last June was caused by a distributed denial of service (DDoS) attack using botnets.
The report says the crash has “indications of being a DDOS” — based on what the committee dubs as “key indicants” for such an attack: “timing and relative volume rate”.
According to the report there were 515,256 online applications to register to vote recorded on 7 June, with the previous record for the largest number of online applications received in a day being 469,047 on April 20, 2015 (ahead of the May 2015 general election).
The committee says it has no direct evidence of foreign interference in the voter registration process, but goes on to express deep concern about allegations of foreign powers such as Russia and China seeking to influence public opinion elsewhere via psychological cyber attacks in order to subvert democratic processes.
“Lessons in respect of the protection and resilience against possible foreign interference in IT systems that are critical for the functioning of the democratic process must extend beyond the technical,” the committee writes. “The US and UK understanding of ‘cyber’ is predominantly technical and computer-network based. For example, Russia and China use a cognitive approach based on understanding of mass psychology and of how to exploit individuals.
“The implications of this different understanding of cyber-attack, as purely technical or as reaching beyond the digital to influence public opinion, for the interference in elections and referendums are clear.
