Hong Kong Exchange News Site Blocked By DDoS

Trading on the Hong Kong stock exchange for a handful of stocks remained suspended as a result of a distributed denial-of-service (DDoS) attack on its news Website, the Financial Times reported.

The “coordinated and sustained” DDoS attacks continued for a second day on one of the exchange’s Websites which is used to disseminate price-sensitive information, FT said.

Disclosure Site Blocked

The hkexnews.hk site, where Hong Kong-listed companies such as HSBC bank, China Power International and Cathay Pacific airline posted their announcements in order to comply with disclosure requirements, went offline August 10 and remained under sustained attack, Charles Li, CEO of Hong Kong Exchanges and Clearing told FT.

The identity and intention of the attackers remained unknown, Li said. The DDoS attacks were coming from a large botnet made up of personal computers from around the world, the majority of which were based outside of Hong Kong, according to HKEx.

“Our current assessment that this is a result of a malicious attack by outside hacking,” said Li.

While some DDoS attacks are out to just knock Websites offline, many attacks are a diversion for other malicious activity, Neal Quin, vice-president of operations at cloud-based DDoS mitigation provider Prolexic, told eWEEK. While he did not have specific knowledge on the details of the attack on the Hong Kong Exchange, Quinn said many attackers often breach networks while the security team is busy dealing with the “present” DDoS threat.

“Mission-critical” systems actually used for trading, clearing and distributing market data were unaffected because they were not accessible from the public Internet. “HKEx’s other systems are not affected and trading in its securities and derivatives markets continues to operate normally,” according to an HKEx statement.

HKEx said it had been “working closely with local and overseas security experts” to investigate the cause of the attack and restore normal service. The exchange successfully implemented a mechanism to filter out the malicious packets late August 10, which allowed the news site to come back online even while under attack.

Attackers were using multiple attack vectors, which made it harder for the exchange to defend against the DDoS, HKEx said. There are several ways to launch a DDoS attack, including flooding the network with SYN or ICMP packets, attacking the application layer by sending so many database or Web requests to the site that it cannot process them all, and sending malformed packets, among others, Quinn said. Most DDoS attacks are a combination of techniques in a “blended attack”, Quinn said.

Seven Stocks Suspended For Fairness

Seven stocks were suspended from trading after the news Website crashed the first time, shortly before the companies were to post “sensitive results” from the morning trading session. The exchange defended the suspension because to continue trading would be unfair to investors who could not access the companies’ results while the news site was down.

The Hong Kong exchange would abandon the practice of publishing company news on a centralised Website to prepare for future attacks, Li said. It will rely on media and commercial information vendors such as Thomson Reuters and Bloomberg to distribute company announcements and instruct investors to get the information directly from the company Websites, according to Li. The exchange plans to buy advertisements in eight local newspapers with a list of companies expected to post news that day so investors will know they have to check the company Websites for details.

“It was refreshing to see Mr. Li not blame the attacks on uber-sophisticated, foreign, advanced ninja hackers, but rather state the facts and explain what the exchange is doing to ensure the integrity of the market,” Chester Wisniewski, a senior security advisor at Sophos, wrote on the Naked Security blog.

Researchers have long warned that attackers can potentially disrupt financial systems by attacking stock exchanges. The Zimbabwe stock exchange was attacked in early August. The United States Nasdaq revealed in February that cyber-criminals had embedded malicious code on the “Directors Desk” Web application. James Arlen, an independent security researcher, discussed how attacks on high frequency trading systems would occur too quickly for exchanges to defend against at the recent Black Hat conference.

Eric Doyle, ChannelBiz

Eric is a veteran British tech journalist, currently editing ChannelBiz for NetMediaEurope. With expertise in security, the channel, and Britain's startup culture, through his TechBritannia initiative

View Comments

  • Ron Gula, CEO of Tenable Network Security, comments:

    “This particular type of scenario is interesting because a denial of service could be just as damaging as an actual break-in. If timed right, having the ability to turn off a market or prevent shares from being traded could work to a malicious investor's advantage. While in hacking situations like this there will never be a single point solution that could have mitigated such an attack, this case once again demonstrates the need for online services to deploy real-time vulnerability scanning.

    “Organisations need to assume that malicious code is going to infiltrate their network, so what’s needed is a system that will continuously monitor the entire organisation’s network, to immediately flag when there is a compromise, or potential vulnerability discovered from internal or external sources.

    “Real-time vulnerability scanning is such a key tool for an IT department because without it systems cannot be properly secured and core assets cannot be maximised. In this changing world of threats it is no longer good enough to run patches on a Tuesday and run a weekly scan of the network – there must be systems in place to be able to continuously monitor the organisation’s systems to immediately flag when there is a system compromise or potential vulnerability discovered from internal or external sources.

    “ The IT network management environment is only going to become more complex and challenging, both internally and externally – so system administrators must ensure that they can see what’s happening at every moment before something happens that they weren’t expecting.”

Recent Posts

US Probe Of Waymo Uncovers More Incidents – Report

NHTSA says its investigation of Waymo self-driving vehicles has uncovered more incidents that raise concerns

2 days ago

Fake Accounts Proliferating On X, Study Warns

Ahead of US presidential election, fake accounts supporting Donald Trump are proliferating on Elon Musk's…

2 days ago

Mike Lynch Defends Himself At HP-Autonomy Trial In US

British founder of Autonomy defends himself in San Francisco federal courthouse against criminal fraud charges

2 days ago

Elon Musk Disagrees With US Tariffs On Chinese EVs

Tesla's Elon Musk confirms opposition to the Biden Administration's implementation of 100 percent tariffs on…

3 days ago

Former Cybersecurity Boss Warns UK Not Heeding China Threat

Ciaran Martin, ex-chief executive of the National Cyber Security Centre, explains growing cyber threat posed…

3 days ago

YouTube Threatens To Block Russian Protest Group’s Anti-War Content

YouTube threatens to pull anti-war content from Russian rights group, after complaint from Putin regime's…

3 days ago