Hong Kong stock exchange has been hacked

A security incident could have compromised millions of dollars. According to web application security specialists, the chief executive of the Hong Kong Stock Exchange recently admitted that the platform was targeted by a series of cyberattacks detected over the last six days.

In addition to these attacks, some local media reported a massive disruption to stock exchange operations; however, the official claims that this incident was a failure in the computer systems of the stock exchange, so it is not the responsibility of a hacker.

After multiple investors reported difficulties when conducting some trades in the exchange-derived futures trading system, chief executive Charles Li acknowledged the incident to the media. “Our web application security team detected some connectivity issues, so we suspended system usage so as not to destabilize the rest of the exchange’s operations,” the executive said.

All stock exchange activities were resumed this Friday morning, after it was announced that software failures had been corrected, specifying that the error originated from a third-party service that managed to extend to the Hong Kong stock exchange backup systems.

During his media appearance, the chief executive also mentioned that the Hong Kong stock exchange was the victim of a denial of service (DDoS) attack targeted against their website; during this incident, the hackers overloaded the network and affected the website’s request processing capacity, so it was not possible to publish up-to-date information, according to the report of the stock exchange’s web application security team.

Charles Li asked investors to remain confidence and not lose patience, as the incident has already been contained: “We will continue to improve to secure trading on the stock exchange, we expect users to have confidence in our system,” he added.

Although the incident did not result in the losses that were calculated at the outset, web application security experts from the International Institute of Cyber Security (IICS) are not entirely convinced by Li’s claims. “Saying it was all a software error is too poor an explanation,” a cybersecurity consultant said. “There must be something else behind the stock market manager’s words,” he concluded.  

It is important to add that this is not the first time that a DoS attack on the stock exchange is detected, as in 2011 a similar incident achieved to cripple operations for nearly $200 billion USD value. The Hong Kong Stock Exchange became fully electronic at the end of 2017, making it a very attractive target for multiple groups of threat actors.

To prevent future incidents, the Hong Kong Stock Exchange has released a budget of about $250 million to upgrade its computer security systems.