Hacker, Researcher and Author.

HSBC Recovers from the DDoS Attack, Anonymous Claims to Have 20,000 Debit Card Details.

Many HSBC customers were unable to log in to their internet banking accounts on Thursday, 18th of October. It has been stated that the problem started a little before 20:00 BST and lasted for around seven hours.

Later, an Anonymous hacker group named 'FawkesSecurity' took the liberty to announce that they were responsible for the problem that halted many HSBC account holders from accessing their accounts. The problem was a DDoS attack on the website itself. Which enabled them to steal details of 20,000 debit cards. To find out how you can use DDoS to attack a system, please follow this link.

HSBC soon recovered from the attack and the security researchers came to the conclusion that the attack largely resulted from botnet networks of malware-infected PCs.

HSBC was quick to come out with an statement to reassure their clients that their sensitive data had not been exploited in the attack.

"On 18 October 2012 HSBC servers came under a denial of service attack which affected a number of HSBC websites around the world.This denial of service attack did not affect any customer data, but did prevent customers using HSBC online services, including internet banking.
We are taking appropriate action, working hard to restore service. We are pleased to say that some sites are now back up and running.
We are cooperating with the relevant authorities and will cooperate with other organisations that have been similarly affected by such criminal acts.
We apologise for any inconvenience caused to our customers throughout the world."

In response to this statement, Anonymous tweeted that:

When HSBC said ''user data had not been compromised'' This isn't entirely correct. We also managed to log 20,000 debit card details.

It seems like Anonymous is bewildered on whether to prove to the world that they in fact do have the sensitive information that HSBC denies.

"Were debating whether to release them or not, HSBC knows debit details were intercepted, They probz won't admit it tho."

Darren Anstee, EMEA solutions architect team lead at Arbor Networks, said in reference to the attack:

“Recent attacks have used what we call multi-vector attacks, attacks which utilise a combination of volumetric, and application layer attack vectors. What we are seeing here are TCP, UDP and ICMP packet floods combined HTTP, HTTPS and DNS application layer attacks. Attackers are doing this because they know it makes the attacks more difficult to deal with, but not impossible if we have the right services and solutions in place." ®

HSBC has fully recovered from the attack and its websites are working perfectly now after being restored, according to their statement on their official website.

On the other hand, there have been unconfirmed reports of a group known as Izz ad-Din Al Qassam being behind the attack. They have been responsible for over 9 attacks on various banks in the US of A as a part of their current campaign which is to have the Innocence of Muslims video removed from YouTube and the Web all over.

A part of Izz ad-Din Al Qassam's statement reads:

With a little searching, we still found the anti-Islamic offensive film on the Internet. Thus the chain of cyber attacks on U.S. banks will continue this week. These attacks will be done since Tuesday, 16 October until Thursday, 18 October 2012 in midday hours. We know that banks officials are concerned and waiting to see this time it is the turn of which banks. For making variation in operation, this time we give them the opportunity to understand whether they are listed or not.

We aren't sure who the real attackers are but according to the reports being received, RBS, Llyods TSB and Barclays banks are going to be next.

For a read on the DDoS attacks for the year of 2012, DDOS Attacks In 2012


About The Author

This article is written by Sindhia Javed Junejo. She is one of the core members of RHA team.

No comments:

© 2016 All Rights Reserved by RHA Info Sec. Top

Contact Form


Email *

Message *

Powered by Blogger.