Published October 19, 2012
HSBC (HBC) experienced widespread disruptions to several of its websites Thursday, becoming one of the highest-profile victims yet in a series of attacks by a group claiming to be allied with Islamic terrorism.
“HSBC servers came under a denial of service attack which affected a number of HSBC websites around the world,” the London-based banking giant said in a statement. “This denial of service attack did not affect any customer data, but did prevent customers using HSBC online services, including internet banking.”
HSBC said it had the situation under control in the early morning hours of Friday London time.
The Izz ad-Din al-Qassam Cyber Fighters took responsibility for the attack that at points crippled users’ access to hsbc.com and other HSBC-owned properties on the Web. The group, which has also disrupted the websites of scores of other banks including J.P. Morgan Chase (JPM) and Bank of America (BAC), said the attacks will continue until the anti-Islamic ‘Innocence of Muslims’ film trailer is removed from the Internet.
In this case, a group claiming to be aligned with the loosely-defined brigade of hackers called Anonymous also took responsibility. However, a source in the computer security field who has been monitoring the attacks told FOX Business “the technique and systems used against HSBC were the same as the other banks.” However, the person who requested anonymity noted that Anonymous “may have joined in, but the damage was done by” al-Qassam.
The people behind al-Qassam have yet to be unmasked. Several published reports citing unnamed U.S. officials have pointed to Iran as a potential culprit, but multiple security researchers have told FOX Business the attacks don’t show the hallmarks of an attack from that country.
There is a consensus, however, that the group is likely using a fairly sophisticated type of denial-of-service attack. Essentially, al-Qassam has leveraged exploits in Web server software to take servers over and then use them as weapons. Once they are taken over, they slam the Web servers hosting bank websites with a deluge of requests, making access either very slow or completely impossible. Servers have an especially high level of connectivity to the Internet, giving al-Qassam more horsepower with fewer machines.
Here’s a look at the banks that have been targeted over the past two weeks:
|Week of October 8|
|Tuesday||Capital One (COF)|
|Thursday||Regions Financial (RF)|
|Week of October 15|