back to article HSBC online services still offline following 'attack' on bank

HSBC customers were once again locked out of online banking this morning, following an apparent DDoS attack on the bank. The bank tweeted: "HSBC UK internet banking was attacked this morning. We successfully defended our systems. It added: "We are working hard to restore services, and normal service is now being resumed. We …

  1. Lord-a-miytee
    FAIL

    Dear HMRC ...

    Makes it a tad tricky to pay my tax bill, due by Sunday. If they do come back on line by then, what's the betting HSBC systems will fail to cope, due to demand from people in the same situation?

    And don't blame me, blame my JIT accountant.

    1. MyffyW Silver badge

      Re: Dear HMRC ...

      I suspect this HSBC defence against hackers operates to an extreme form of JIT - or Not-Quite-In-Time as we used to call it.

      I wonder at what point "someone tried to hack us" goes from being a problem in itself to a sort of "leaves on the line" excuse.

    2. Vince

      Re: Dear HMRC ...

      We can blame you.

      Choose a better accountant.

    3. Pat Att

      Re: Dear HMRC ...

      Totally with you there. My bloody accountant keeps saying she's sent over the details to me, but I'm sure she's lying.

    4. Ken Moorhouse Silver badge

      Re: HMRC ...

      This might explain the "attack". Maybe not an attack at all. Just the sheer volume of people logging-in in order to not be late paying HMRC.

      If HSBC chose this time to do some migration work (as implied by fellow commentards), then they didn't do their homework very well ("Yeah, after Christmas is pretty slack, let's do it in January").

      Universal deadlines such as this are a bit of a pain for developers, as they've potentially got to be able to cope with every taxpayer logging-in over a short period (all with one-off type amounts too), then lower, more spread-out demand over the rest of the year. Ditto with accountants who no doubt burn the midnight oil in the lead-up to such deadlines.

  2. JimmyPage Silver badge
    FAIL

    We successfully defended our systems.

    Note to existing and future (if there are any).

    HSBCs definition of "success" may not be the same as yours, if they think that customers being locked out of their services a "success".

    1. MyffyW Silver badge
      Paris Hilton

      Re: We successfully defended our systems.

      I suppose Defence translates as "nobody robbed your piggy back, got your details, we don't have to do a Dido*, etc. etc.".

      Thwarted would be where service was completely unaffected. Nothing to see here.

      *other early millennial artists are available.

      1. Gordon 10
        Mushroom

        Re: We successfully defended our systems.

        Indeed isn't it amazing how "successfully defended" is now a synonym for "switched off"

        In warfare that's known as a scorched earth policy.

        1. Uncle Slacky Silver badge
          Thumb Up

          Re: We successfully defended our systems.

          Just like "we had to destroy the village to save it"...

      2. Richard Hesketh

        Re: We successfully defended our systems.

        Umm. Isn't the object of a DDoS to Deny Service? I contend that HSBC failed miserably. Not saying it's easy to defend against a DDoS - but they plainly didn't, from an end-user perspective.

    2. Anonymous Coward
      Anonymous Coward

      Re: We successfully defended our systems.

      No offence, but if there is a raid on a physical bank, I'd expect similar. Safe, but some understandable interruption.

      Just as it's somewhat impossible to stop all attempts at physical theft, it can be rather hard to stop all types of online attacks.

      It's how you deal with the situation, how you try to prevent/reduce the impact and how honest you are to your customers.

  3. Anonymous Coward
    Anonymous Coward

    A quote from "Serenity" springs to mind

    "You know, in certain older civilized cultures, when men failed as entirely as you have, they would throw themselves on their swords. "

    Their CTO might want to bear this in mind - figuratively or literally, either's good for me.

  4. HamsterNet

    Paid off

    Seems more likely they just paid off the attackers.

  5. Anonymous Coward
    Anonymous Coward

    Attackers?

    Attack or yet another massive system fuck up where it now seems less embarrassing to say "we wuz hakked guv" rather than "shit, all the cost savings we've been getting from our outsourcing and off-shoring programmes was at the expense of quality of service and now we are paying the price."

    1. Anonymous Coward
      Anonymous Coward

      Re: Attackers?

      I'm inclined to think "Yet Another Massive Fuck Up" - the DDoS excuse is just an exercise in corporate arse-covering and, no doubt, a way to weasel their way out of compensating those who ended up out of pocket as a result of their incompetence.

  6. PeeKay
    FAIL

    Looked like a failed migration...

    One of the pages that popped for me this morning had "SaaSMigration" as part of the URL. Moving providers perhaps?

    As for the DDoS, wouldn't they see something like that from the customers themselves as they frantically attempt, and then fail, to login?

    1. Anonymous Coward
      Anonymous Coward

      Re: Looked like a failed migration...

      https://www.saas.hsbc.co.uk/1/2/HSBCINTEGRATION/saas-migration

      Followed closely by...

      https://www.security.hsbc.co.uk/gsa?idv_cmd=idv.SaaSSecurityCommand

      And a prompt(ish) failure. Oh dear HSBC, could we be finally breaking up?

  7. Lee D Silver badge

    I don't really care the cause. A bank is a huge place liable to all kinds of attacks on its systems. I expect the bank to be able to cope. Especially given the profits made on holding that money in the first place.

    At the end of the day, I have a HSBC account that I can't get into online or by the mobile app (despite it pretending to let me for much of the time, but as soon as you get to the interesting bits, even post-authentication, it just errors and stops). This is coming up to a week of downtime this month as far as I'm concerned. That's ATROCIOUS, and some of it through self-admitted error.

    Sure, my card may or may not still work with them - but if the attack is widespread how long until they stop working as well? And you stopped me going into a bank when you replaced all the tellers with mindless drones telling me to use expensive new machines that don't do the things I want. That's if I wasn't put off by you LAUGHING IN MY FACE when I applied for a mortgage. I went, quite literally, next door, got a mortgage with barely a query, paid every month on-time for years, then cashed out and paid it off (with a tiny profit) only a couple of years later.

    I am actually running out of "high-street" banks (not that high-street is a factor nowadays, just a name) with which I haven't had bad experiences with. I think the Halifax is literally the only one left and even their owner-group may have other brands that are already on my blacklist.

    It's not hard. I want you to hold onto my salary until I spend it. For which you can invest my cash. I want you to give me a bit of plastic that let's me spend it, where I generally have the retailer pay a couple of percent per transaction for your trouble.

    I don't want overdraft-traps (just cancel the fecking transaction if I don't have the money). I don't want stupid fees for handling bits of paper (when you're STILL sending me the same paper letter every month, saying that you don't have my email for paperless statements, when my online account quite clearly has the email specified and the box ticked - I've given up chasing that after over a year).

    And then you can take my savings and gamble them for your own gain. I don't even want interest. It's so pathetic it's not worth the time and effort to apply (honestly, invest £1000, don't touch it for a year, and at absolute best using rates that don't even exist on the high-street any more you might get £1005 back next year - what's the point?). I don't want to pay a monthly fee but I'd even accept a less-than-£5 one for the cost of managing my account if you also got rid of the travel insurance and whatever other junk "perks" you shove into the £25 a month one.

    I don't need a branch. I haven't used one in years.

    I don't need cheque facilities. I haven't used one in years.

    What I'd be really happy with, though, would be a text for EVERY transaction, like my girlfriend's Italian bank does (to the point that we realised B&Q had double-charged her father's Italian card used in an English shop before we'd even made it out of the exit!). Hell, I'd pay the £25 a month just for that!

    Banks provide nothing of value to me any more, and the bits they do provide (e.g. online banking) are starting to just be inaccessible through incompetence. Luckily I have nothing urgent needing paying, but that's sheer chance of the timing, nothing else.

    I am about >< this close to just closing accounts and moving to pre-pay credit cards. You can have your salary put on them, they charge a reasonable percentage, you get no hassle, and you can do all your bill-paying and shopping as you normally would, online or in-store. Sure, there's a fee, but it's generally LESS than the banks charge for current accounts nowadays! That's just a ridiculous scenario. A company DOING NOTHING but handling the credit card with my money can charge less than my bank that's supposed to be investing everybody's money that they hold, with all their savings.

    I've already moved a savings account to another bank, just to gauge their service level. It's only a week under the switch-guarantee scheme to move everything over and I don't have to do anything or phone anyone, just apply online and it happens.

    If you can't secure your stuff, HSBC, I'll save you the hassle. Because it's ridiculous that I can't even check balances despite going through authentication because your system just falls over.

  8. Rob84
    Megaphone

    Article Needs Updating Again

    "HSBC customers were once again locked out of online banking this morning..."

    ...and into the afternoon, with no apparent end to the disruption in sight!

  9. Colonel Mad

    My Direct Line a/c is fine :-)

  10. heyrick Silver badge

    PhotoShop fail

    Either that, or the girl in the picture has an unexpected large hole in her...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon