A report into the Brexit referendum, its causes and outcomes has said that a hack could have been the reason for the register to vote website crashing hours before the deadline.
MPs in charge of producing the report said they ‘could not rule out the possibility that the crash may have been caused by a DDOS (distributed denial of service attack) using botnets.’
After a TV debate, the website crashed at about 10.15pm on 7 June, 2016. Investigation by the Public Administration and Constitutional Affairs Committee (PACAC), entitled Lessons from the EU referendum pointed to a spike in users attempting to register just before the registration deadline. Although a last minute spike in registrants is not unheard of, this time there was a twist to the story. Most of them were duplicates.
‘…The problems that led to the website’s crash were aggravated by a large number of duplicate applications to register to vote. According to the Commission’s report, 38% of applications made during the campaign were duplicates.
Furthermore, they estimate that of the 436,347 applications to register to vote between midnight on 7 June (the original deadline) and the extended deadline of midnight on 9 June, “approximately 46% of these were duplicate registration applications submitted by people who were already correctly registered to vote”.
Whether it was down to the Facebook rumour that voters had to re-register, we will not know though.
The report was quite scathing about the ‘gaps in technical ownership and said that the crash had indications of being a DDOS (distributed denial of service) ‘attack’.
We understand that this is very common and easy to do with botnets.
However, the report was quick to point out that there was no hard evidence to suggest wilful tampering. All the evidence that exists is circumstantial.
The report had several ‘best practices’ tips for the Government too- as well as a commendation for ‘promoting cyber security as a major issue for the UK’, although there is a lot that still remains to be done.
Other recommendations included: ‘We recommend that Cabinet Office, the Electoral Commission, local government, GCHQ and the new government Cyber Security Centre establish permanent machinery for monitoring cyber activity in respect of elections and referendums, for promoting cyber security and resilience from potential attacks, and to put plans and machinery in place to respond to and to contain such attacks if they occur. We recommend that the Government presents regular annual reports to Parliament on these matters.’