Feeds

HSBC websites fell in DDoS attack last night, bank admits

Hacktivists blamed for online banking blackout

The essential guide to IT transformation

Updated HSBC has blamed a denial of service attack for the downtime of many of its websites worldwide on Thursday night.

Various Reg readers told us they were unable to reach the HSBC UK and First Direct websites on Thursday, leaving them unable to carry out internet banking services. Problems kicked in just before 20.00 BST and lasted for around seven hours.

Unconfirmed reports suggest that HSBC was targeted by the Izz ad-Din al-Qassam Cyber Fighters as part of a current campaign (see Pastebin post*) to get the controversial Innocence of Muslims video removed from YouTube. The group also took credit for interrupting customer access to the websites of Capital One earlier this week, again without warning, WSJ reports. The same group staged a series of digital sit-in (denial of service) attacks against US banks including Bank of America and Chase last month.

Security researchers analysing the earlier attacks quickly came to the conclusion that they were largely powered by botnet networks of malware-infected PCs.

In a statement, HSBC said that attacks had affected customers worldwide, and reassured clients that sensitive account data was not exposed by the attack.

On 18 October 2012 HSBC servers came under a denial of service attack which affected a number of HSBC websites around the world.

This denial of service attack did not affect any customer data, but did prevent customers using HSBC online services, including internet banking.

We are taking appropriate action, working hard to restore service. We are pleased to say that some sites are now back up and running.

We are cooperating with the relevant authorities and will cooperate with other organisations that have been similarly affected by such criminal acts.

We apologise for any inconvenience caused to our customers throughout the world.

An updated statement from HSBC says that by 03.00 BST, it had brought all its websites worldwide back into service.

Darren Anstee, EMEA solutions architect team lead at Arbor Networks, said: “Recent attacks have used what we call multi-vector attacks, attacks which utilise a combination of volumetric, and application layer attack vectors. What we are seeing here are TCP, UDP and ICMP packet floods combined HTTP, HTTPS and DNS application layer attacks. Attackers are doing this because they know it makes the attacks more difficult to deal with, but not impossible if we have the right services and solutions in place." ®

* Has anyone solved for "Panetta" (US Justice Department Secretary) yet?

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?