Cyber Incident Victim: Mexican National Action Party
Date:
Jun 2018
Location:
Mexico
Summary
The Mexican National Action Party's website suffered a distributed denial-of-service (DDoS) attack during a televised presidential debate, temporarily crashing the platform after it published documents critical of the leading candidate. The party attributed the attack to traffic primarily originating from Russia and China, though cybersecurity experts cautioned the locations could be unrelated to the true source and might represent deliberate obfuscation or third-party services. While the victim alleged the front-runner's campaign employed automated bots to disrupt access to damaging contract information, the accused candidate's party denied involvement, dismissing claims of orchestrated interference. Analysts noted the incident highlighted election security concerns but emphasized the attack's technical simplicity and the difficulty of attributing responsibility.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 5 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 12, 2018, during Mexico’s final televised presidential debate ahead of the July 1 election, the National Action Party (PAN) website experienced a cyber attack that rendered it inaccessible for hours. The disruption occurred shortly after PAN presidential candidate Ricardo Anaya displayed the site’s address (debate2018.mx) on a placard during the broadcast. The website had published documents alleging that front-runner Andres Manuel Lopez Obrador awarded contracts without public tenders during his tenure as Mexico City mayor—claims Lopez Obrador denied. PAN attributed the outage to a distributed denial-of-service (DDoS) attack, reporting approximately 185,000 visits within 15 minutes that overwhelmed the site. The party cited data from web security firm Cloudflare and Google Analytics indicating most traffic originated from Russia and China.
PAN Secretary Damian Zepeda publicly accused Lopez Obrador’s campaign of orchestrating the attack using automated “bots,” specifically linking the incident to efforts to suppress evidence of alleged corruption. Lopez Obrador’s Morena party categorically denied involvement, with campaign coordinator Juan Pablo Espinosa de los Monteros stating they did not employ bots and focused instead on direct voter outreach. Cybersecurity analysts noted the geographical origin of the traffic might not reflect the attackers’ true location, suggesting possibilities including hacked devices, proxy networks, or third-party services-for-hire. Flashpoint analyst Carles Lopez-Penalver and Neustar executive Barrett Lyon emphasized the attack could have been designed to create confusion or obscure its perpetrators. Cloudflare acknowledged clients typically receive visitor location data but declined to confirm details of this incident. The Russian and Chinese embassies in Mexico did not respond to requests for comment, and Reuters could not independently verify PAN’s claims. The incident heightened concerns about foreign interference in Mexico’s elections, partly influenced by ongoing U.S. investigations into Russian meddling in the 2016 U.S. presidential race, though no conclusive evidence of external influence in Mexican campaigns emerged. The website’s prolonged downtime prevented public access to the PAN’s allegations during a critical campaign period, amplifying political tensions ahead of the vote.