Trading for a few stocks remained suspended as the Hong Kong stock exchange implemented new measures to protect against future distributed denial-of-service attacks on an important stock trading news site.
Trading on the Hong Kong
stock exchange remained suspended for a handful of stocks as a result of a
distributed denial-of-service attack on its news Website, the Financial Times
The "coordinated and
sustained" DDoS attacks continued for a second day on one of the
exchange's Websites which is used to disseminate price-sensitive information, FT
said Aug. 11.
The hkexnews.hk site, where
Hong Kong-listed companies such as HSBC bank, China Power International and
Cathay Pacific airline posted their announcements in order to comply with
disclosure requirements, went offline Aug. 10 and remained under sustained
attack, Charles Li, CEO of Hong Kong Exchanges and Clearing told FT.
The identity and intention
of the attackers remained unknown, Li said. The denial-of-service attacks were
coming from a large botnet made up of PCs from around the world, the majority
of which were based outside of Hong Kong, according to HKEx.
"Our current assessment
that this is a result of a malicious attack by outside hacking," said Li.
While some DDoS attacks are
out to just knock Websites offline, many attacks are a diversion for other
malicious activity, Neal Quinn, vice-president of operations at cloud-based
DDoS mitigation provider Prolexic, told eWEEK.
While he didn't have specific knowledge on the details of the attack on the
Hong Kong exchange, Quinn said many attackers often breach networks while the
security team is busy dealing with the "present" DDoS threat.
systems actually used for trading, clearing and distributing market data were
unaffected because they were not accessible from the public Internet.
"HKEx's other systems are not affected and trading in its securities and
derivatives markets continues to operate normally," according to an HKEx
HKEx said it had been
"working closely with local and overseas security experts" to investigate the
cause of the attack and restore normal service. The exchange successfully
implemented a mechanism to filter out the malicious packets late Aug. 10, which
allowed the news site to come back online even while under attack.
Attackers were using
multiple attack vectors, which made it harder for the exchange to defend
against the DDoS, HKEx said. There are several ways to launch a DDoS attack,
including flooding the network with SYN or ICMP packets, attacking the
application layer by sending so many database or Web requests to the site that
it can't process them all, and sending malformed packets, among others, Quinn
said. Most DDoS attacks are a combination of techniques in a "blended
attack," Quinn said.
Seven stocks were suspended
from trading after the news Website crashed the first time, shortly before the
companies were to post "sensitive results" from the morning trading
session. The exchange defended the suspension because to continue trading would
be unfair to investors who could not access the companies' results while the
news site was down.
To prepare for future
attacks, the Hong Kong exchange would abandon the practice of publishing
company news on a centralized Website, Li said. It would rely on media and
commercial information vendors such as Thomson Reuters and Bloomberg to
distribute company announcements and instruct investors to get the information
directly from the company Websites, according to Li. The exchange plans to buy
advertisements in eight local newspapers with a list of companies expected to
post news that day so investors will know they have to check the company
Websites for details.
"It was refreshing to
see Mr. Li not blame the attacks on uber-sophisticated, foreign advanced ninja
hackers, but rather state the facts and explain what the exchange is doing to
ensure the integrity of the market," Chester Wisniewski, a senior security
advisor at Sophos, wrote on the
Researchers have long warned
that attackers can potentially disrupt financial systems by attacking stock
exchanges. The Zimbabwe stock exchange was attacked in early August. The United
States' Nasdaq revealed in February that cyber-criminals had embedded malicious
code on the "Directors Desk" Web application.
James Arlen, an independent
security researcher, discussed at the recent Black Hat conference how attacks
on high-frequency trading systems would occur too quickly for exchanges to