Many customers of HSBC, the world' fourth largest bank, were unable to access its website today, or bank via its smartphone app, a problem that the firm blamed on a Distributed Denial of Service (DDoS) attack.
Unlike hacker attacks that involve breaching the target entity's systems, DDoS attacks involve penetrating other parties' computers and then having a large collection of those machines simultaneously attack the ultimate target system by overloading it with requests. The barrage of requests consumes all of the target's available bandwidth or processing power and makes it effectively inaccessible.
Today's attack seems well planned; the attack successfully prevented people from accessing their accounts on the last Friday of the month - the day on which many salaried people in the United Kingdom, where HSBC is based, receive their paychecks. It's also the end of January, when quite a number of people both there and elsewhere download information used to file taxes.
HSBC said today that it was working with law enforcement to track down the culprits.
As I noted in an article just a couple months ago, DDoS attacks are a huge problem for businesses. And some trends with regards to how these attacks are being leveraged by hackers are quite alarming.
As Craig Young, security researcher at Tripwire, explained:
"Distributed denial of service attacks are a huge problem for organizations in all industries and of all sizes. Traditional denial of service attacks involving a flood of traffic from one particular source to overwhelm a targeted network can be thwarted by identifying and blocking packets from the attacker upstream of the victim. A distributed denial of service however utilizes a flood of requests coming from many sources such that it can be virtually impossible to identify and filter out the malicious requests. A real world version of this attack might be a couple hundred random people lining up for service at the bank to the point that the tellers are no longer know who is a customer needing service and who is just there to disrupt service.
This is a common type of attack used by so called hacktivists looking to make a political statement as well as extortionists requesting a ransom in exchange for stopping the attack. Often times the flood of requests are coming from computers and routers which have been hacked and unwillingly enlisted for attack. These hacked computers are referred to as zombies and in aggregate they form a botnet. Criminal organizations will actually rent out access to these systems with a DDoS as a service business model."
While DDoS attacks can impact businesses on their own, Jonathan Sander, Vice President at Lieberman Software, noted that sometimes DDoS attacks can also be launched in an effort to hide attempts at breaching an organization: "Until further details emerge it's hard to pin this down. Often DDoS attacks like this are a distraction technique; bad guys hit you hard on the left so you're too busy to see them sneak in on the right." Let's hope that this isn't the case at HSBC.