Foreign Hackers 'May Have Brought Down Registration Site Before EU Referendum'

Foreign Hackers 'May Have Brought Down Registration Site Before EU Referendum'
|

The crash of a key voter registration website in the run-up to the EU referendum may have been the result of a foreign cyber attack, MPs have warned.

The Commons Public Administration and Constitutional Affairs Committee (PACAC) said it was deeply concerned about the allegations of foreign interference in last year's Brexit vote.

While the committee did not identify who may have been responsible, it noted that both Russia and China use an approach to cyber attacks based on an understanding of mass psychology and of how to exploit individuals.

The warning comes amid repeated claims that Russia has sought to interfere in foreign elections, including last year's US presidential election.

It followed the crash of the official voter registration website on June 7 last year just hours before the deadline for people to sign up to vote in the referendum.

The Government - which had to rush through emergency regulations extending the deadline - said at the time that it was the result of an unprecedented spike in demand with more than 500,000 people trying to register on the final day.

However, the committee said the crash had indications of being a distributed denial of service attack (DDOS) using so-called botnets controlled by hackers to overwhelm the site.

It said while the incident had no material effect on the outcome of the referendum, it was crucial that lessons were learned for future votes which must extend beyond purely technical issues.

"PACAC does not rule out the possibility that the crash may have been caused by a DDOS using botnets," said the committee.

"The US and UK understanding of 'cyber' is predominantly technical and computer-network based.

"For example, Russia and China use a cognitive approach based on understanding of mass psychology and of how to exploit individuals.

"The implications of this different understanding of cyber attack, as purely technical or as reaching beyond the digital to influence public opinion, for the interference in elections and referendums are clear.

"PACAC is deeply concerned about these allegations about foreign interference."

The committee was also highly critical of the way David Cameron held the referendum to "call the bluff" of his critics and to "close down unwelcome debate" and then resigned when he lost.

It said that in future referendums, the prime minister of the day should be prepared to carry on in office and to implement the result, whatever the outcome.

"There was no proper planning for a Leave vote so the EU referendum opened up much new controversy and left the prime minister's credibility destroyed," it said.

"It should be reasonable to presume that the sitting prime minister and his/her administration will continue in office and take responsibility for the referendum result in either eventuality."

The committee said there had been many occasions in the run-up to the vote when it appeared officials were being drawn into "referendum controversy" damaging the Civil Services's reputation for impartiality.

It also criticised the Government's decision to spend £9.3 million on a leaflet sent to all households setting out the arguments for Remain, saying it had been inappropriate and counter-productive.

A Cabinet Office spokeswoman said: "We have been very clear about the cause of the website outage in June 2016. It was due to a spike in users just before the registration deadline.

"There is no evidence to suggest malign intervention. We conducted a full review into the outage and have applied the lessons learned. We will ensure these are applied for all future polls and online services."

PACAC's Tory chairman Bernard Jenkin acknowledged the Government's official findings on a cyber attack but told the Press Association: "We have taken our own advice and have concluded from that advice that it cannot be ruled out.

"After all, it has happened in other countries."

Mr Jenkin said that the committee had made a "precautionary" recommendation for the authorities to monitor cyber activity during elections and referendums and be prepared to respond to any attacks if they occur.