HSBC websites fell in DDoS attack last night, bank admits

Hacktivists blamed for online banking blackout

By John Leyden, 19th October 2012

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Updated HSBC has blamed a denial of service attack for the downtime of many of its websites worldwide on Thursday night.

Various Reg readers told us they were unable to reach the HSBC UK and First Direct websites on Thursday, leaving them unable to carry out internet banking services. Problems kicked in just before 20.00 BST and lasted for around seven hours.

Unconfirmed reports suggest that HSBC was targeted by the Izz ad-Din al-Qassam Cyber Fighters as part of a current campaign (see Pastebin post*) to get the controversial Innocence of Muslims video removed from YouTube. The group also took credit for interrupting customer access to the websites of Capital One earlier this week, again without warning, WSJ reports. The same group staged a series of digital sit-in (denial of service) attacks against US banks including Bank of America and Chase last month.

Security researchers analysing the earlier attacks quickly came to the conclusion that they were largely powered by botnet networks of malware-infected PCs.

In a statement, HSBC said that attacks had affected customers worldwide, and reassured clients that sensitive account data was not exposed by the attack.

On 18 October 2012 HSBC servers came under a denial of service attack which affected a number of HSBC websites around the world.
This denial of service attack did not affect any customer data, but did prevent customers using HSBC online services, including internet banking.

We are taking appropriate action, working hard to restore service. We are pleased to say that some sites are now back up and running.

We are cooperating with the relevant authorities and will cooperate with other organisations that have been similarly affected by such criminal acts.

We apologise for any inconvenience caused to our customers throughout the world.

An updated statement from HSBC says that by 03.00 BST, it had brought all its websites worldwide back into service.

Darren Anstee, EMEA solutions architect team lead at Arbor Networks, said: “Recent attacks have used what we call multi-vector attacks, attacks which utilise a combination of volumetric, and application layer attack vectors. What we are seeing here are TCP, UDP and ICMP packet floods combined HTTP, HTTPS and DNS application layer attacks. Attackers are doing this because they know it makes the attacks more difficult to deal with, but not impossible if we have the right services and solutions in place." ®

* Has anyone solved for "Panetta" (US Justice Department Secretary) yet?

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections

All Reader Comments (37)

Highly Rated

Posted Friday 19th October 2012 11:25 GMT

Anonymous Coward

Re: I don't need no bloody DDoS, I've got a SecureKey which ...

> Say again, Merrilee, I can't hear you!

It was a denial of service attack. The site was neither breached or hacked.

> Of course, HSBC boasts of all it's high tech chappies who cut your connection if your IP changes during banking. Unfortunately they haven't heard that Win 7 can handle more than one InterNet connection as can our server.

Good for your server and Win 7. I'll let you into a secret. HSBC's servers can also handle more than one connection from you (and on different IPs) but they choose not to. The reason they choose not to accept your IP address changing during a session is security. Admittedly, this decision will only protect against certain known attacks (and against some unknown) but it isn't the only security measure they apply.

Posted Friday 19th October 2012 11:49 GMT

DF118