HSBC's UK internet site and three of its international sites have been hacked as part of an ongoing campaign in support of the fuel protest.
HSBC's UK internet site and three of its international sites have been hacked as part of an ongoing campaign in support of the fuel protest.
The bank said no customer data was accessed during the attack because it is stored on different servers. However, experts said the incident casts doubts over the company's security policy.
Herbless, the hacker who carried out the attack, told vnunet.com that he had not accessed or tried to access any customer data. "I didn't access customer data. I didn't undertake any research into whether or not I could have access[ed] said data," Herbless said in an email to vnunet.com.
HSBC's Greek and Spanish sites and one other, British Arab Commercial Bank, were also hit during the attack last night.
The hack included a statement in support of the fuel protestors and a photograph of UK Prime Minister Tony Blair with a speech bubble saying: "Listen to Herbless. He talks sense."
MORE COVERAGE:
While previous hacks have been easy to fix, HSBC has taken time to recover from the attack. At 10am BST Wednesday, none of the hacked sites could be viewed normally, with each showing a DNS error message when the URL was typed into a web browser.
Herbless hacked hundreds of websites late last week by exploiting administrators failure to properly configure their SQL server, and he appears to have used the same method again.
Paul Rogers, network security analyst at security consultancy MIS, said: "Again Herbless has used the Microsoft SQL server issue to gain access to HSBC's web server. Because all the affected domains were based on the same box, he was able to modify all their front pages."
Rogers said that there is a "definite risk" that other data could have been compromised in the attack. "It depends on how the network is designed and what security policies are implemented within the HSBC website network."
He said the attack is very embarrassing for HSBC. "Internet banking has had bad press recently. It's not good for customer confidence. From a common sense point of view, if it's what we think then I'm very surprised that due to the publicity surrounding this issue that this hole wasn't closed earlier."
"Security can never be 100 per cent, but you try for 95 per cent. It seems certain procedures at HSBC are a bit lax," he added.
This fresh attack marks a step up in the complexity of Herbless' 'hacktivism'. During the past month, Herbless has taken advantage of an administrator error in the initial configuration of SQL server to deface more than 450 UK corporate, local government and government agency websites.
Additional reporting by Ian Lynch and Andrew Craig.
See also:
Experts have cast doubt on HSBC's explanation that a software fault caused the computer glitch that left customers stranded for most of Monday.
27 Feb 2001The main websites of both the US Republican and Democratic parties were broken into just as the country's citizens were preparing to cast their votes for the next president.
08 Nov 2000Details of thousands of credit cards were left temporarily exposed on the internet by a UK video retailer after it upgraded its website 10 days ago.
23 Oct 2000Think-tank the Foundation for Information Policy Research today launched a scathing attack on the UK's internet banks.
11 Oct 2000Back-office staff at Lloyds TSB had to work frantically this afternoon to smooth out glitches with its internet banking service after a connectivity problem left customers unable to access their accounts.
09 Oct 2000Fuelled by the rising need to secure ebusiness systems, the worldwide security software market will grow by 22 per cent a year, according to a survey published this week.
04 Oct 2000Hackers have turned on their own by breaking into Slashdot, a website for technology and open source enthusiasts.
29 Sep 2000Unsuspecting network managers could find themselves at the centre of libel action if their hacked websites publish slanderous statements.
27 Sep 2000UK banks and building societies are in danger of losing their online customer base through poor use of the internet and a failure to communicate with customers, according to new research.
26 Sep 2000Claims that millions of US online bank accounts were easy targets for cyber criminals have been dismissed by the company hosting the servers.
25 Sep 2000The external supplier believed to be responsible for managing the areas of HSBC's website vandalised by a hacker this week has been criticised in connection with the incident.
22 Sep 2000EXCLUSIVE: Herbless, the hacker who defaced the websites of HSBC, Legoland and 450 others as part of the fuel protest in the last month, has announced his sudden exit from the hacking scene.
21 Sep 2000A hacker has successfully attacked more than a hundred corporate websites to post a message in support of demonstrators protesting against high fuel taxes in the UK.
15 Sep 2000Plastic brick theme park Legoland has had its UK website defaced by a hacker who took advantage of an inadequately secured SQL server.
10 Sep 2000Cyber-vandals are voicing support for Napster, the music file sharing service, as part of a campaign to deface websites across the world.
08 Sep 2000
Would you or your employer think it acceptable to photocopy and post your CVs, call a chatline, play cards with colleagues, read a top-shelf magazine or copy sensitive company literature to distribute to anyone you choose inside of work hours?
08 Sep 2000One in three supposedly secure ebusiness servers are using software with known security weaknesses, and European sites are the worst offenders, according to a survey.
07 Sep 2000Insurance firms are hoping for a boom in business as companies scramble to protect themselves against the rise in computer crime.
05 Sep 2000While security has always been an issue, the ability of organisations and individuals to keep their confidential data safe not only from prying eyes but also from attack is becoming an ever greater concern. The problem is becoming particularly marked as the world becomes more networked and companies conduct increasing amounts of business over the internet. Here we look at a range of issues that are starting to affect every one of us.
29 Jun 2000
del.icio.us
Digg this
reddit!
