Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • Networking

    DDoS Attack Knocks Out Hong Kong Stock Exchange News Website

    Written by

    Fahmida Y. Rashid
    Published August 11, 2011
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Trading on the Hong Kong stock exchange remained suspended for a handful of stocks as a result of a distributed denial-of-service attack on its news Website, the Financial Times reported.

      The “coordinated and sustained” DDoS attacks continued for a second day on one of the exchange’s Websites which is used to disseminate price-sensitive information, FT said Aug. 11.

      The hkexnews.hk site, where Hong Kong-listed companies such as HSBC bank, China Power International and Cathay Pacific airline posted their announcements in order to comply with disclosure requirements, went offline Aug. 10 and remained under sustained attack, Charles Li, CEO of Hong Kong Exchanges and Clearing told FT.

      The identity and intention of the attackers remained unknown, Li said. The denial-of-service attacks were coming from a large botnet made up of PCs from around the world, the majority of which were based outside of Hong Kong, according to HKEx.

      “Our current assessment that this is a result of a malicious attack by outside hacking,” said Li.

      While some DDoS attacks are out to just knock Websites offline, many attacks are a diversion for other malicious activity, Neal Quinn, vice-president of operations at cloud-based DDoS mitigation provider Prolexic, told eWEEK. While he didn’t have specific knowledge on the details of the attack on the Hong Kong exchange, Quinn said many attackers often breach networks while the security team is busy dealing with the “present” DDoS threat.

      “Mission-critical” systems actually used for trading, clearing and distributing market data were unaffected because they were not accessible from the public Internet. “HKEx’s other systems are not affected and trading in its securities and derivatives markets continues to operate normally,” according to an HKEx statement.

      HKEx said it had been “working closely with local and overseas security experts” to investigate the cause of the attack and restore normal service. The exchange successfully implemented a mechanism to filter out the malicious packets late Aug. 10, which allowed the news site to come back online even while under attack.

      Attackers were using multiple attack vectors, which made it harder for the exchange to defend against the DDoS, HKEx said. There are several ways to launch a DDoS attack, including flooding the network with SYN or ICMP packets, attacking the application layer by sending so many database or Web requests to the site that it can’t process them all, and sending malformed packets, among others, Quinn said. Most DDoS attacks are a combination of techniques in a “blended attack,” Quinn said.

      Seven stocks were suspended from trading after the news Website crashed the first time, shortly before the companies were to post “sensitive results” from the morning trading session. The exchange defended the suspension because to continue trading would be unfair to investors who could not access the companies’ results while the news site was down.

      To prepare for future attacks, the Hong Kong exchange would abandon the practice of publishing company news on a centralized Website, Li said. It would rely on media and commercial information vendors such as Thomson Reuters and Bloomberg to distribute company announcements and instruct investors to get the information directly from the company Websites, according to Li. The exchange plans to buy advertisements in eight local newspapers with a list of companies expected to post news that day so investors will know they have to check the company Websites for details.

      “It was refreshing to see Mr. Li not blame the attacks on uber-sophisticated, foreign advanced ninja hackers, but rather state the facts and explain what the exchange is doing to ensure the integrity of the market,” Chester Wisniewski, a senior security advisor at Sophos, wrote on theNaked Security blog.

      Researchers have long warned that attackers can potentially disrupt financial systems by attacking stock exchanges. The Zimbabwe stock exchange was attacked in early August. The United States’ Nasdaq revealed in February that cyber-criminals had embedded malicious code on the “Directors Desk” Web application.

      James Arlen, an independent security researcher, discussed at the recent Black Hat conference how attacks on high-frequency trading systems would occur too quickly for exchanges to defend against.

      Fahmida Y. Rashid
      Fahmida Y. Rashid

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×