An Anonymous-affiliated group has claimed responsibility for attacks that left HSBC websites worldwide knocked offline on Thursday night. UK-based Fawkes Security claimed responsibility for the digital sit-in via a post to Pastebin. As some of you may be aware HSBC bank suffered several DDoS attacks on the named sites in the …
If the DDOS attack is still ongoing, how do you get back online... and why can't the DDOS just continue running for days or weeks?
To answer your second question, they can.
As for the first, I'm no expert but you get "clever" about dropping the traffic instead of dealing with it nicely.
DDoS attacks are usually mitigated with some basic logic inserted into Firewall:
1) If an IP starts sending more than a handful of ICMP or starts, but doesn't finish, a certain number of TCP sessions in a certain time, it will block them for an hour; then 2 for the second offense; 4 for the third, and so on.
2) limiting the number of active sessions in the application
3) limit number of requests of log-in pages and other pages to about 3-4 per IP
4) blocking out-of-region IPs, EG the UK branch will stop accepting packets from other nations
5) moving targeted pages to CDNs or caches
6) modify the pages so that an automated attack would have to be constantly adapted, but a normal user would be able to find everything (EG putting the login page behind another page but have the proper buttons in place)
These are just s few mitigation systems I've worked with, there are others, but the main point is to reduce the effect the DDoS has on you to the point were the attackers are just throwing money away on botnets with little effect. Once that happens, the attack stops fairly quickly as botnets get expensive fast.
Megabanks may also have Tier 1 internet providers; in the case of a DDoS the providers may also do packet filtering at the _ingres_ to the network; the traffic never even makes it to the banks firewall. And if the DDoS can't even get onto the transit network then it's a dead duck.
..so so glad these bunch of self serving pricks have put the records straight.
Did you mean Anon or HSBC?
No to mention the expression "claim fags" typical of the sort of casual homophobia that you see in a fourteen year old.
I don't think that word means what you think it does...
Re: Anon or HSBC?..
Self-serving pricks = bankers, of course.
Sorry, I'm typing with a blocked nose tonight.
I think it means irrational abusive behavior to, hostility to, not understanding or accepting of gay people.
I don't think it means irrational fear of. I suspect there is a bit of fear, but words change their meaning over time. Awesome doesn't mean full or awe any more, for instance.
"It's their fault that the worlds economics are so messed up".
They're annoyed at the investment banking making an appalling mess of the economy, so they shut down the high-street banking services to ordinary people?
They are hurting the people who are victims of the economic crisis, not the people who perpetrated it.
I seem to remember a portion of the blame also goes to people who borrowed money they could never afford to pay back.
Money which they wouldn't have been able to borrow if the lenders had been doing their jobs properly
@Lemmac - You have to have personal responsibility - if you borrow money you have to make sure you can pay it back, maybe they shouldn't have been lent it, but that doesn't abdicate their responsibility to pay it back.
I lost count of the amount of people who used to bitch at me when a bank refused to lend them money, because they didn't have enough to pay it back, bitching about the banks for doing exactly what they wanted them to do in the first place.
Chicken and egg - what came first the lending or the defaulting?
Bank lends to risky borrower, borrower defaults, bank repossess house. Bank either sells house at a loss or can't sell it because it is scared of lending money to the next potential buyer in case they default.
Either continue taking bigger risks both hoping for and thus causing continual growth or don't take them at all...
@AC 16:05 GMT
You have to have personal responsibility - if you borrow money you have to make sure you can pay it back, maybe they shouldn't have been lent it, but that doesn't abdicate their responsibility to pay it back.
How about the company who rang me at least twice a month offering me another loan after I had paid the hire purchase off on my car?
The only way I could get rid of them was by swearing at them.
Nowadays we have smart phones and you can assign a silent ringtone to szuch pests, but back then I had a landline.
Whats the difference between borrowing money you cant repay and going into a bank with a shotgun to steal money? Doesnt matter how much of a pretty marketing bow you tie on it, its still basically theft
Re: Irresponsible lending
But you have the ability to say yes or no, lack of will power or ability to make sensible decision isn't anyone elses fault. We used to get this lesson as children.
Whats the difference between borrowing money you cant repay and going into a bank with a shotgun to steal money? Doesnt matter how much of a pretty marketing bow you tie on it, its still basically theft"
Um... no it isn't theft ....
That's like saying what's the difference between shooting someone in the head, and eating a banana? They're both basically murder
Yeah, rah rah fight the power. I bet those investment bankers were terrified .
Clearly they know nothing about economics if they think it was high street banks that caused the crash.
Even if you think it was the investment arms of the high street banks then you're a bid wide of the mark.
Watch (or read, if you have that ability) "The Ascent of Money" by Niall Ferguson before you start randomly making DDOS attacks on the very thing that is keeping the people alive.
Also, watch "Money as Debt" before deciding that not taking action against those who would enslave us with virtual debt is a sensible path, equally.
I echo the AC above, not because I agree with his view, but because I agree with his stance that its important to be properly informed before deciding whether action or inaction is required.
As a gay smoker who banks with the Hong Kong and Shanghai this is fucking offensive on many levels.
".......Asked why it was interested in targeting banks, FawkesSecurity said "There are gaps when there is nothing for us to watch on the Disney Channel."....."
Matt, usually I like Anonymous. Even this bastardized abortion of a group. But your comment was beautiful. Godspeed, sir.
I usually think they're a bunch of circle jerking teenagers myself, but that was better than anything I could have said.
What is worse is that HSBC is probably one of the better banks out of the whole banking sector, they didnt have to be bailed out, had minimal exposure to bad debt, etc.
While they are not angels, if the hacker were intending to pay back the people at fault for everything, there are some much much greater offenders out there.
Meh! Call that a "Denial of Service"?
HSBC unavailable for only a few hours - Anon DDOS = Fail.
The other banks appear to be able to do this much more successfully to their own customers - just put RBS into the search box for El Reg and see the list returned!
What about us froggies?
www.hsbc.fr was *also* down, I could not check my account for more than 2 hours! I demand recognition for that traumatic event on this side of the Channel!
That's why hackers should be hung by their thumbs...
...for six months, to cure their affliction.
Re: That's why hackers should be hung by their thumbs...
.......shouldn't "hung" be "hanged"? Uh...Oh..."hung" with a thumb or two..?
Those of us who work for a living...
...you know, little people trying to support their children... some of us rely on internet banking to get paid.
Some of us also need a working internet bank in order to buy presents for our children and send book tokens to their friends.
Going after a bank site is like distrupting the rail network. Hurting the wrong people.
WHAT WE NEED IS A GOOD OLD FASHIONED SHOOT OUT ...
between the competing Anonymous groups to see which is the best.
Need a reason?
- Mexican laundry operation
- European laundry operation
- Diddling the Eurobor rate
and, finally, for introducing the SecureKey.
Some of these stories are stating to get a bit "life of Brian".
Re: PFLP anyone?
Sory to correct you, but HSBC were not part of the LIBOR rigging.
And while the SecureKey is annoying, it at least is 2-stage auth method - so better for having it even if its a pain.
Only YOU used LIBOR, HSBC was 'allegedly' involved in the European version.
Doesn't make them any more honest ... even a US Congressman described them as a 'criminal enterprise'. Who's going to argue with that?
Not sure to what extent HSBCs alleged malpractises are entirely their own. They made the monumentally stupid mistake of buying rubbish US bank HFC - one of HFCs lovely business practises prior to the takeover was to send $5000 cheques to "trailer trash". Cashing the cheque created a loan from HFC which made their books look good for a while, then to everyone's astonishment, it turned out that those customers were not familiar with the practice of repaying loans - but by this time HFC was part of HSBC. After the takeover a lot of senior HFC guys were absorbed into HSBC, along with their questionable practices and mega salaries. It was a while before HSBC realised they'd bought a turkey but have since made efforts to put things right without defaulting or government bailouts. Had HFC not been taken over it would have been a basket case, this way it's the HSBC shareholders that have lost out.
It's nice to blame...
...the lenders and lendees but lets not forget the bastards sat on piles of offshore cash that isn't moving anywhere...many trillions of pounds simply not moving...
The whole foundation of our society and economy is spending, thus if you take away the spending, you take away the ability to make money and you create inability to pay anything back...
I think the whole thing is a lot more complicated than "it's their fault" type blaming...when I took out my mortgage some 5 years ago, I was more than capable of paying back the loan...I based my ability to pay on what I knew...i.e. the gradual creep of payrises...thanks to various shitty things happening, the company I was working for forced (pretty much) everyone to take a 15% pay cut (apart from the Directors and their wives of course)...eventually the company washed up on the shores of oblivion and everyone was out of a job. I subsequently went self employed and I now have considerably smaller earnings and I am struggling to pay my bills...mercifully, the banks aren't taking the hard line with me, they've actually been very relaxed...no shitty blotches against my credit record, no insane charges (you can avoid them if you actually speak to the banks people)...meanwhile, all the offshore stuffers are currently scared shitless to touch their money for fear of getting caught out by the tax man...I know this because currently my father in law is "skint"...i.e. he has countless millions stashed away in various trust funds but is scared to death of touching it...what a wanker.
If the gov allowed tax breaks on certain types of spending...or set up some sort of amnesty, I'm sure with the subsequent spending we'd be well on our way to recovery...
I don't sympathise with these bastards that "cant use their money" but I do encourage any effort to get these old bastards spending...you can't even scare them by pointing out the interest on the funds isn't high enough for their money to be worth anything come the day they do spend it...
I'm all for the rich getting richer...there has to be a motivation to reach the top, otherwise what's the point? But you have to spend like a boss when you get there...fast cars, insane holidays and mountains of high tech crap...fucking awesome...but not stashing and piling...some use "I want to leave something for the kids" as an excuse...my Kids are getting fuck all of me when I'm brown bread, but I'll be working damned hard to bring them up right and try to contribute to a stable economy so I leave the world a feasible place to live in...
You can't take your millions with you and your millions aren't worth a wank if you stock piled it for too long...you don't see a squirrel digging a huge fuck off 100 foot pit and filling it with nuts to last the rest of its life...
As for the DDoS on HSBC...when will they focus on Barclays, the thieving bunch of arseholes they are...I've watched them run plenty of small businesses into the ground with their "Ledgermaster" service...
Anonymous, if you're listening, why not try and find a way to ruin a few old rich people and set an example...the only option they will have then is to spend...you'll have the upper echelons by the bollocks...
Fuck the banks, they're just the messenger...
@AC Posted Sat 21:04 GMT
Many people think the crash was caused by banks running ponzi schemes and playing pass the parcel with fictional assets. But they're wrong.
TIMECUBE DID IT