October 19, 2012
HSBC Websites Face Cyber Attacks
Enid Burns for redOrbit.com — Your Universe Online
HSBC said Friday that a number of its websites worldwide had been hit by a large-scale cyber attack, AFP reported.
The bank assured its account holders their data was protected. “This denial of service attack did not affect any customer data, but did prevent customers using HSBC online services, including internet banking,” the bank said.
The attacks came in the form of a denial of service attack, which occurs when a targeted website is overwhelmed with requests and becomes unable to load the site for visitors. At the time of the attacks, anyone who tried to access HSBC´s websites, including logging into secure accounts, was unable to access the site.
HSBC is taking steps to shore up any security holes and make sure its websites are operational. “We are taking appropriate action, working hard to restore service,” the bank said. Appropriate action includes working with authorities to investigate the incident.
By Friday morning, HSBC said all of its websites globally were returned to normal activity.
“We are cooperating with the relevant authorities and will cooperate with other organizations that have been similarly affected by such criminal acts,” the statement from HSBC said.
Recent DoS attacks are not limited to HSBC. In mid September, a number of banks, including Bank of America, JPMorgan Chase, Wells Fargo, U.S. Bank and PNC Bank, were all hit by denial of service attacks. These attacks lasted roughly a day and caused users to have trouble accessing bank websites and accounts online.
CNN Money reports that the recent denial of service attacks were among the largest cyber attacks observed to date. Banks are particularly prone to denial of service and other cyber attacks. Most financial institutions have added security and server resources to handle various types of cyber attacks. Yet all the precautions act as prevention, but cannot work all the time.
All of the attacks, including those in September and HSBC´s attacks this week may be part of a larger series. Bloomberg Businessweek reports bank attacks have gone on for as long as five weeks, and also named Capital One Financial Corp and BB&T as victims in the attacks.
In the case of denial of service attacks, account information and other sensitive data are not in jeopardy. “Denial of Service" attacks are an effective but unsophisticated tool that doesn´t involve any actual hacking. No data was stolen from the banks, and their transactional systems — like their ATM networks — remained unaffected. The aim of the attacks was simply to temporarily knock down the banks´ public-facing websites,” CNN Money reported after the attacks in September.
It is believed that the denial of service attacks originated in Iran and Russia, among other possible locations. Attacks could continue.
“There is a target list that is essentially being worked,” Carl Herberer, vice president for the network security firm Radware is quoted in the Bloomberg story. “They appear to have been near-100 percent effective, at least in bringing these financial institutions some level of duress.”