DDoS Attack Affects Hong Kong Stock Exchange

The Hong Kong Stock Exchange (HKEx) suspended trading for seven stocks after its news website was incapacitated by a distributed denial of service (DDoS) attack.

The attack began on Wednesday and continued through Thursday. The affected stocks included HSBC, Cathay Pacific, China Power International and the Hong Kong exchange itself.

The systems that handle trading were not impacted as they are not connected to the Internet, but investors rely on timely financial information posted on the hkexnews.hk website.

Because of this the exchange decided that the best course of action would be to suspend the trading of stocks that were supposed to make announcements Wednesday afternoon.

Since the attack continued into Thursday, HKEx developed a plant to make its financial postings available through multiple channels so they reach investors.

According to HKEx chief executive Charles Li this includes working with Bloomberg and Thomson Reuters to get the information out. Announcements will also be posted in local newspapers with links to where companies will issue the statements.

Li also mentioned that the attack came from computers distributed all over the world, but few of them were actually from Hong Kong. This suggests that attackers used a botnet.

"Mr. Li has been very forthcoming with the information needed most by those affected, and has implemented measures to ensure that this criminal operation will not continue to have impact on companies trading on the exchange," commented Chester Wisniewski, a senior security advisor at Sophos.

"This could not come at a worse time, as the global financial markets teeter on the brink of another recession. Nevertheless, Mr. Li appears to be taking a measured and appropriate response to the attacks," the security expert added.

It's not clear what were the motives behind this attack, but the incident is yet another example of how distruptive and damaging denial of service attacks can be to businesses and their customers.