Davis raised the incident in the House of Commons on 27 April. He said his website, provided through the Independent Parliamentary Standards Authority, had been compromised the previous Thursday.
A Trusted Domain Became a Redirect Route
According to Davis’ statement, malicious links were inserted and visitors were redirected to Southeast Asian gambling websites. The site was then taken offline.
The first stage was not only a service disruption. It used a public, trusted domain to push users toward gambling pages they had not searched for or chosen directly. For regulators, this is the difficult part. A hijacked website can make traffic look more legitimate than traffic from spam pages or short-lived domains.
A DDoS Attack Followed
Once the website had been restored, Davis said it came under an extended distributed denial of service attack. In 24 hours, the site received roughly 142 million requests and used up close to 800GB of data.
A DDoS attack overwhelms a website or server with traffic such that normal access is impeded. In this case, the scale turned a constituency website problem into a broader security matter involving elected officials.
Davis said the DDoS attack was “traceable to China”. However, no public government attribution has been announced.
Why Gambling Oversight Is Affected
Redirects from reputable sites can help gambling platforms reach users without visible paid ads. They can also make enforcement harder when the website owner, hosting provider, traffic source, and gambling destination sit in different countries.
As a result, a gap is being created. A regulator can act against a bad gambling domain. However, the next route into it may come through a compromised third-party site. Thus, for website owners, hosting providers, and regulators, cyber hygiene can become part of how illegal gambling traffic is detected and stopped.
Parliament Points MPs to Security Support
Deputy Speaker Nus Ghani said it would be inappropriate to discuss security in the open forum. She recommended MPs to refer their account and devices issues to the Parliamentary Security Department and questions on the official systems to the Parliamentary Digital Service.
Bottom Line
The gambling redirect was only one layer of the attack. The next layer tried to keep the site offline. The two instances combined give a picture of what makes compromised domains valuable to attackers: trust, access, and deception all at once.
For gambling enforcement, blocking domains and ads appears insufficient. Detecting hijacked URL redirections promptly becomes equally important.
