PracticePeople In PracticeHSBC internet sites hacked

HSBC internet sites hacked

HSBC's UK internet site and three of its international sites have been hacked as part of an ongoing campaign in support of the fuel protest.

Herbless

The bank said no customer data was accessed during the attack because it is stored on different servers. However, experts said the incident casts doubts over the company’s security policy.

Herbless, the hacker who carried out the attack, told AccountancyAge.com sister site vnunet.com that he had not accessed or tried to access any customer data.

‘I didn’t access customer data. I didn’t undertake any research into whether or not I could have access[ed] said data,’ Herbless said in an email.

HSBC’s Greek and Spanish sites and one other, British Arab Commercial Bank, were also hit during the attack last night.

The hack included a statement in support of the fuel protestors and a photograph of UK Prime Minister Tony Blair with a speech bubble saying: ‘Listen to Herbless. He talks sense.’

While previous hacks have been easy to fix, HSBC has taken time to recover from the attack. At 10am BST Wednesday, none of the hacked sites could be viewed normally, with each showing a DNS error message when the URL was typed into a web browser.

Herbless hacked hundreds of websites late last week by exploiting administrators failure to properly configure their SQL server, and he appears to have used the same method again.

Paul Rogers, network security analyst at security consultancy MIS, said: ‘Again Herbless has used the Microsoft SQL server issue to gain access to HSBC’s web server. Because all the affected domains were based on the same box, he was able to modify all their front pages.’

Rogers said that there is a ‘definite risk’ that other data could have been compromised in the attack. ‘It depends on how the network is designed and what security policies are implemented within the HSBC website network.’

He said the attack is very embarrassing for HSBC. ‘Internet banking has had bad press recently. It’s not good for customer confidence. From a common sense point of view, if it’s what we think then I’m very surprised that due to the publicity surrounding this issue that this hole wasn’t closed earlier.’

‘Security can never be 100 per cent, but you try for 95 per cent. It seems certain procedures at HSBC are a bit lax,’ he added.

This fresh attack marks a step up in the complexity of Herbless’ ‘hacktivism’. During the past month, Herbless has taken advantage of an administrator error in the initial configuration of SQL server to deface more than 450 UK corporate, local government and government agency websites.

Additional reporting by Ian Lynch and Andrew Craig.

This article first appeared on vnunet.com.

Links

Hacker attacks UK government websites

Net movies open back door for hackers

Related Articles

Is inefficiency stealing your time and money?

Accounting Firms Is inefficiency stealing your time and money?

6m Emma Smith, Managing Editor
CIMA elects new president

Institutes CIMA elects new president

6m Emma Smith, Managing Editor
Transparent currency trade: How to achieve costs visibility

Governance Transparent currency trade: How to achieve costs visibility

6m Emma Smith, Managing Editor
Introduction to KPMG UK’s new leadership team

Accounting Firms Introduction to KPMG UK’s new leadership team

6m Emma Smith, Managing Editor
EY appoints head of UK Infrastructure Asset Intelligence practice

Accounting Firms EY appoints head of UK Infrastructure Asset Intelligence practice

8m Emma Smith, Managing Editor
FRP Advisory expands operation with new office, partner appointments

Accounting Firms FRP Advisory expands operation with new office, partner appointments

10m Emma Smith, Managing Editor
Magma Group announces merger, partner promotions

Accounting Firms Magma Group announces merger, partner promotions

10m Emma Smith, Managing Editor
MHA MacIntyre Hudson advises on management buy-out

Accounting Firms MHA MacIntyre Hudson advises on management buy-out

10m Emma Smith, Managing Editor