Trading on Hong Kong’s stock market, Hong Kong Exchanges & Clearing, remains suspended today following a “coordinated and sustained” distributed denial of service attack on one of the exchange’s websites Wednesday. Several companies, including HSBC, China Power International and Cathay Pacific found their shares unavailable late Wednesday following the attack according to a report from BBC.
A Web site usually used for company announcements was forced offline in the attack on Wednesday. The attacks continued on Thursday, despite efforts to filter malicious traffic. A subsequent investigation by the Exchange’s Information Technology team and outside security experts identified an attack stemming from a botnet located outside Hong Kong and intended to “intentionally interrupt the operation of the HKExnews website.”
The Exchange did not give any indication of who the hackers are or what their motive is.
The head of the exchange, Chief Executive Charles Li, told Dow Jones Newswires they were looking into a contingency plan they could launch on Friday to broaden the way they disperse news to investors over the long term.
The companies affected on Wednesday were scheduled to unveil price-sensitive information to their investors, HSBC, the sale of its US credit card arm and Cathy Pacific, its half year results.
Security experts have warned that the financial services sector and, in particular, stock exchanges are vulnerable to hacking and are of interest to both criminal groups and state based actors who wish to use access for illicit profit, promote local firms or sow chaos – possibly as a prelude to a larger kinetic or cyber attack. The FBI recently arrested a Chinese national for passing proprietary software code used by the Chicago Mercantile Exchange to officials within China, while researcher James Arlen, speaking at the Black Hat Briefings, posited an attack on high frequency trading systems that underlie much of the daily trade volume on major exchanges.
