The parliamentary website of Sir David Davis has been taken offline after being compromised and then hit by what the Conservative MP described as a sustained cyber attack.
Davis, the MP for Goole and Pocklington, told the House of Commons on Monday that his IPSA-funded website had first been altered to redirect users to south-east Asian gambling sites before it was subjected to a large-scale distributed denial of service, or DDoS, attack designed to overwhelm the service.
He said the incident began last Thursday, when “malicious links were inserted” into the site. After it was restored, he said, it then came under a further attack.
“In just 24 hours, the site was hit with 142 million requests, consuming nearly 800 gigabytes of data,” Davis told MPs in a point of order. “This is not a minor nuisance; it is direct interference with a Member of Parliament carrying out his duties.”
Davis also said the later attack was “traceable to China”. That claim has not been independently confirmed, and no public attribution has been made by the government, Parliament or the National Cyber Security Centre.
By Tuesday morning, the website was still unavailable, carrying a message saying it was “briefly unavailable for scheduled maintenance”.
The incident appears to involve two separate elements: an initial compromise of the site, in which users were redirected to gambling pages, followed by a flood of traffic intended to knock the website offline.
There has so far been no public confirmation that any user or constituent data was accessed or stolen.
Responding in the Commons, Deputy Speaker Nus Ghani did not comment on the source of the attack or any investigation, but said it would not be appropriate to discuss cyber defences in public.
“It would not be appropriate to discuss publicly the details of preventive action, and of how Members are supported to protect themselves against these kinds of cyber-threats,” she said, directing MPs to the Parliamentary Security Department and Parliamentary Digital Service for support.
The case is likely to raise questions over how MPs’ websites are protected and whether the attack was limited to a single site or involved a wider supplier or hosting issue. IPSA, the Independent Parliamentary Standards Authority, funds MPs’ parliamentary costs and permits claims for website, hosting and design expenses, but it has not publicly said whether any other MPs were affected.
The attack comes against a backdrop of wider concern in Westminster about cyber threats aimed at democratic institutions and elected representatives. Ministers said last year that Chinese state-affiliated actors were responsible for cyber activity targeting the Electoral Commission and for reconnaissance against UK parliamentarians, although no parliamentary accounts were said to have been successfully compromised in that case.
For now, the publicly established facts are limited to Davis’s statement in the Commons and the continued outage of his website. It remains unclear who was responsible, whether any formal investigation has been launched, and when the site will return.
Join the Discussion
Have something to say? Join the conversation!
Sign in to share your thoughts and engage with other readers.
Sign In Create AccountNo comments yet
Be the first to share your thoughts on this article!