The external supplier believed to be responsible for managing the areas of HSBC's website vandalised by a hacker this week has been criticised in connection with the incident.

Part of HSBC's UK banking site (www.banking.hsbc.co.uk) was still offline on Friday, following the attack by a hacker called Herbless on Tuesday night. Other European sites were also hit as part of the attack in support of the fuel protest.

An investigation by vnunet.com revealed that the affected sites were managed by UK-based Trans-Enterprise Computer Communications. Phil Baldwin, the company's managing director, said: "We operate under strict non-disclosure agreements and can't comment on any of our clients."

Although HSBC said no customer data was accessed during the attack, because it is stored on different servers, experts said the incident cast doubts over the bank's security policy and is a major embarrassment for HSBC.

Herbless hacked hundreds of websites late last week by exploiting administrators failure to properly configure Microsoft's SQL server software, and he used the same method again to vandalise the HSBC websites. Administrators in all cases failed to change the server administrator password from its default.

Neil Barrett, technical director at Information Risk Management, said: "It's very lax. The delay in upgrading shows a lack of urgency. This is a clarion call for any administrator running SQL server to tighten it up or face the consequences - these range from embarrassment to criminal negligence.

"You can forgive the administrators of the first two or three websites hit by this problem, but it has been widely publicised since then and the rest have no excuse."

Other sites defaced by Herbless include those run by Specsavers and, in August, eight local authority and UK government agencies including Sheffield City Council.

Microsoft has posted a description of how to reconfigure SQL at http://www.microsoft.com/technet/SQL/Technote/secure.asp

See also:

Hackers get political during US elections

The main websites of both the US Republican and Democratic parties were broken into just as the country's citizens were preparing to cast their votes for the next president.  08 Nov 2000

Hackers saw Microsoft source code

UPDATED: Microsoft has admitted that source code for some of its products under development was seen by hackers who gained access to its corporate network.  30 Oct 2000

Credit card details exposed by website

Details of thousands of credit cards were left temporarily exposed on the internet by a UK video retailer after it upgraded its website 10 days ago.  23 Oct 2000

Small companies face hacker threat

Half of all small to medium-sized businesses that manage their own security will have been hit by an internet-based attack by 2003, industry analyst Gartner has warned.  13 Oct 2000

Bill Gates targeted in hack attack

A story posted on a US newspaper's website has suggested that Bill Gates has been arrested for breaking into "hundreds, maybe thousands" of computers including those of Nasa's Jet Propulsion Lab in Pasadena and Stanford University.  12 Oct 2000

UK web banks rapped over security

Think-tank the Foundation for Information Policy Research today launched a scathing attack on the UK's internet banks.  11 Oct 2000

Lloyds TSB online banking hit by glitch

Back-office staff at Lloyds TSB had to work frantically this afternoon to smooth out glitches with its internet banking service after a connectivity problem left customers unable to access their accounts.  09 Oct 2000

Dummy data causes online banking scare

Claims that millions of US online bank accounts were easy targets for cyber criminals have been dismissed by the company hosting the servers.  25 Sep 2000

Herbless - five weeks of 'hacktivism'

From Sheffield City Council to Hong Kong and Shanghai Banking Corporation, via Legoland.  21 Sep 2000

Fuel protest hacker Herbless quits

EXCLUSIVE: Herbless, the hacker who defaced the websites of HSBC, Legoland and 450 others as part of the fuel protest in the last month, has announced his sudden exit from the hacking scene.  21 Sep 2000

Fuel protestor hacks 168 websites

A hacker has successfully attacked more than a hundred corporate websites to post a message in support of demonstrators protesting against high fuel taxes in the UK.  15 Sep 2000

Hacker flattens Legoland

Plastic brick theme park Legoland has had its UK website defaced by a hacker who took advantage of an inadequately secured SQL server.  10 Sep 2000

Security: how safe is your data?

While security has always been an issue, the ability of organisations and individuals to keep their confidential data safe not only from prying eyes but also from attack is becoming an ever greater concern. The problem is becoming particularly marked as the world becomes more networked and companies conduct increasing amounts of business over the internet. Here we look at a range of issues that are starting to affect every one of us.  29 Jun 2000

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!