DoS attack?

Government system to register to vote in the referendum gets overloaded.  Deadline gets extended.  Cockup or conspiracy?

News reports tell us the best measure of traffic they had was the peak of registrations ahead of last year’s general election, and they built the system to cope with many times more traffic than they’d had then.  Yet traffic surged way beyond even that ‘surplus’ capacity.  So while cockup is entirely plausible, it’s by no means inevitably the cause.

It is widely supposed that late registrations come predominantly from younger people, and that younger people are more likely to vote In.  So bringing the system down ahead of the deadline would favour “out”, while extending the deadline would favour “in”.  Overall my best guess would be they more-or-less balance – at least if the system doesn’t go down again.

Most campaigners on both sides seem to accept it’s just one-of-those-things.  But a few “out” campaigners have been remarkably quick to jump on it.  It’s gerrymandering (Ian Liddell-Grainger).  It could be cause for Judicial Review in the event of a narrow “in” vote (Bernard Jenkin).

Hmmm, cui bono?  Jenkin’s line of reasoning points to a vote-again-until-you-get-it-right scenario.  We have a motive: someone stood to gain from the system failing on the last day.  If the deadline is not extended, a chunk of predominantly-in voters are excluded.  If it is extended, they’re preparing the ground for judicial review: get the courts to decide.  A win-win.

A Denial of Service attack can bring any system on the ‘net down for a while, and is very easy to mount (buy yourself control of a million virus-infected PCs and have them all bombard the target system to overwhelm it).

Cockup or Conspiracy?  I anticipate some more evidence, albeit far from conclusive.  If it goes down again tomorrow, that signals cockup – unless someone could organise a new DoS attack remarkably quickly.  If it survives to the new deadline, it smells more of conspiracy.

Posted on June 8, 2016, in politics, uk and tagged , . Bookmark the permalink. 2 Comments.

  1. Best part of a day since the revised deadline passed, and no more mishaps reported. The system coped. So that’s a flag for conspiracy!

  2. Is it really necessary to book your time on a DDoS network weeks in advance?

    I’m willing to believe cock-up, because it seems to me to be the explanation that requires fewer moving parts, and everyone concerned acting exactly as we’d expect them to act. Leaving it to the last moment – yeah, shouldn’t surprise anyone. Load-testing and -proofing the system – quite hard to do rigorously, easy to skimp on (or design a test that was artificially easy to pass – that’s the way I’d do it).

    If someone did knock down the site intentionally – why? The reaction to bringing the site down prematurely – extending the deadline – was completely predictable, and I can’t see it being the basis of a legal challenge (because parliament said to extend the deadline, and it would be a strange anti-European indeed who mounted a challenge based on the premise that “parliament doesn’t have the authority to do that”).

    About the only useful purpose that it might serve would be to bring the process, and democracy as a whole, into slightly more disrepute than it already is. So, on a cui bono basis – combined with “who’s got the capacity to do it?” – my guess would be Putin’s thugs. Not a serious operation for them, obviously, just a “why the heck not?” sort of exercise.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: