HSBC Endures Cyberattack as Second Group Claims Responsibility

Hacktivists bent on disrupting service at the world's biggest banks have hit another target, while a second group is claiming responsibility for the attack.

HSBC (HBC) said Thursday that hackers had flooded the lines that connect the bank's websites to the Internet to prevent customers from retrieving their accounts.

"On 18 October 2012 HSBC servers came under a denial of service attack which affected a number of HSBC websites around the world," the $2.7 trillion-asset company wrote in a message posted on its website. "This denial of service attack did not affect any customer data, but did prevent customers using HSBC online services, including internet banking."

The disruptions later subsided and HSBC's site began to function normally, the company said in a statement early Friday.

Ally Financial, the former lending arm of General Motors, confirmed Friday it also has witnessed some unusual activity on its websites that it continues to monitor, though the company said the activity had not disrupted customers' ability to bank online. "We have not experienced the type of disruption or 'attack' that has been associated with the denial of service attacks," spokeswoman Gina Proia told American Banker.

At least two groups claimed responsibility for the cyberattack on HSBC.

"Several hours ago, we effectively directed numerous distributed denial of service attacks against HSBC bank corporation," a hacker collective known as Anonymous said in a message posted Thursday on YouTube. "The sites that were brought down include the American, U.K., Canadian, French and worldwide sites."

"We are currently holding back on the exact reasons behind the attack, as we would prefer to take this time to warn greedy banks, law enforcement, worldwide governments and corrupt corporations that this is far from over, as we have only started," the group added.

Anonymous also claimed responsibility for the attack in a message posted both on Twitter and on Pastebin, a site used by programmers. "As some of you may be aware HSBC bank suffered several DDoS attacks on the named sites in the past hours us.hsbc.com hsbc.co.uk hsbc.com hsbc.ca they were all brought down by #FawkesSecurity," the group wrote, using a Twitter hashtag that refers to Guy Fawkes, an English revolutionary from the 17th century whose likeness the group has adopted as an identity.

In September 2011, hackers reported to be an offshoot of Anonymous gained access to a Twitter account belonging to NBC News and sent out a series of messages that a plane had crashed at Ground Zero in New York City. Roughly two months earlier the digital pranksters hacked into a Twitter feed belonging to Fox News to report falsely that President Obama had been assassinated.

The group that has claimed responsibility for nine other cyberattacks on banks also asserted responsibility for the assault on HSBC. "In the last attack of operation Ababil, the 5th week, Izz ad-Din Al Qassam Group succeeded in making HSBC Bank website out of reach," read a message posted Thursday on Hilf-Ol-Fozul, a blog that records the group's activity.

The Al Qassam Group has posted a series of messages on Pastebin that vow to retaliate for an American-made, anti-Islamic film. A trailer for the movie that appeared on YouTube set off demonstrations last month in several countries.

The assault on HSBC brings to at least ten the number of banks struck worldwide since Bank of America (BAC) experienced a similar attack in September.

On Wednesday, BB&T (BBT) became the latest U.S. bank to see its websites slow. The bank, which said it had endured a denial of service attack, told customers Thursday they may continue to experience slowdowns when trying to transact online with the company. Some customers complained Friday morning of being unable to access BB&T's website, according to Sitedown.co, which tracks website outages. BB&T did not respond immediately to a request for comment.

At least some CEOs whose banks have been attacked are speaking out about the experience. Hackers "just pummeled us," Jim Rohr, chief executive of PNC Financial (PNC), which endured a digital assault in September, told CNBC on Thursday. "We had 38 straight hours of attacks on our systems."

"We were just barraged, through every website, through every portal we have with requests" by the attackers, added Rohr, who said he worries about a cyberattack that disrupts the banking industry or power grid.

Jamie Dimon, chief executive of JPMorgan Chase (JPM), which saw its websites slow in September after a hit by hacktivists, says cybercrime is likely to get worse. "Computers in ten years are going to be 100,000 times faster, and so they'll be able to do calculations quicker, and get through quicker, and we'll have to meet that in every way, shape or form," Dimon told an audience at the Council on Foreign Relations in Washington recently.

Cyberattacks on banks and other firms may foreshadow destructive digital assaults on the nation's critical infrastructure to come, according to Defense Secretary Leon Panetta. "While this kind of tactic isn't new, the scale and speed with which it happened was unprecedented," Panetta, referring to the recent assaults on banks, told a group of business executives on Oct. 11 in New York.

For reprint and licensing requests for this article, click here.
Bank technology
MORE FROM AMERICAN BANKER