Feeds

HSBC websites fell in DDoS attack last night, bank admits

Hacktivists blamed for online banking blackout

The Power of One eBook: Top reasons to choose HP BladeSystem

Updated HSBC has blamed a denial of service attack for the downtime of many of its websites worldwide on Thursday night.

Various Reg readers told us they were unable to reach the HSBC UK and First Direct websites on Thursday, leaving them unable to carry out internet banking services. Problems kicked in just before 20.00 BST and lasted for around seven hours.

Unconfirmed reports suggest that HSBC was targeted by the Izz ad-Din al-Qassam Cyber Fighters as part of a current campaign (see Pastebin post*) to get the controversial Innocence of Muslims video removed from YouTube. The group also took credit for interrupting customer access to the websites of Capital One earlier this week, again without warning, WSJ reports. The same group staged a series of digital sit-in (denial of service) attacks against US banks including Bank of America and Chase last month.

Security researchers analysing the earlier attacks quickly came to the conclusion that they were largely powered by botnet networks of malware-infected PCs.

In a statement, HSBC said that attacks had affected customers worldwide, and reassured clients that sensitive account data was not exposed by the attack.

On 18 October 2012 HSBC servers came under a denial of service attack which affected a number of HSBC websites around the world.

This denial of service attack did not affect any customer data, but did prevent customers using HSBC online services, including internet banking.

We are taking appropriate action, working hard to restore service. We are pleased to say that some sites are now back up and running.

We are cooperating with the relevant authorities and will cooperate with other organisations that have been similarly affected by such criminal acts.

We apologise for any inconvenience caused to our customers throughout the world.

An updated statement from HSBC says that by 03.00 BST, it had brought all its websites worldwide back into service.

Darren Anstee, EMEA solutions architect team lead at Arbor Networks, said: “Recent attacks have used what we call multi-vector attacks, attacks which utilise a combination of volumetric, and application layer attack vectors. What we are seeing here are TCP, UDP and ICMP packet floods combined HTTP, HTTPS and DNS application layer attacks. Attackers are doing this because they know it makes the attacks more difficult to deal with, but not impossible if we have the right services and solutions in place." ®

* Has anyone solved for "Panetta" (US Justice Department Secretary) yet?

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.