HSBC down: What is a DDoS attack, why are they so common, and how can you avoid one?

Millions of customers were affected after HSBC's online banking services went down due to a DDoS attack

Online banking services for millions of HSBC customers around the country went down this morning, after the bank's computer systems were attacked by hackers.

A spokesperson for HSBC told Sky News that it had been hit by a distributed denial of service (DDoS) attack, which resulted in the service being interrupted for most account holders.

Normal service is now being resumed and HSBC apologised for the outage, but the issues proved that even the most secure internet services are not immune to DDoS attacks.

What is a DDoS attack? 

A distributed denial of service attack occurs when a huge network of computers all try to access a certain website or internet service at the same time, causing it to collapse under the strain of too much traffic.

The majority of the computers used in these attacks are 'bot' computers - ordinary personal computers that have been infected with malware, putting them partially under the control of hackers.

These networks, or 'botnets', can be made up of tens of thousands of computers, which have been compromised by malicious hackers without the knowledge of their owners.

When an attack begins, the hackers in charge of a botnet issue instructions to all the computers to access a certain website at the same time, repeatedly.

Bombarded by massive amounts of traffic, a website can collapse. Some website owners choose to shut down their sites themselves when a DDoS attack begins, to prevent any malware or bugs being released into their systems. However, as long as the site has gone down, the hackers have got what they want.

Why are DDoS attacks so common?

DDoS attacks are in the news fairly frequently. This was the kind of attack used in the recent HSBC incident, but similar attacks have taken down computer networks at a number of UK universities, the website of a Tokyo airport, and all the BBC's online services in the last few months.

DDoS attacks happen so often because they're very hard to prevent - since the traffic comes from ordinary household computers, it's difficult for website owners to simply block certain machines from accessing their site, because they have no way of knowing whether the visits are legitimate or not.

And even if they do manage to identify suspect computers and block them, there's thousands of others all over the world available to carry on the attack.

DDoS attacks are also relatively easy and cheap to perform, compared to some other hacking methods.

It's also possible to hire hackers to carry out DDoS attacks for you. According to recent security reports, a DDoS attack that disables a website can cost as little as £25 an hour, although more major attacks like the one on HSBC would naturally cost more.

DDoS attacks are practically impossible to prevent for most organisations, but companies like HSBC will have huge security teams trained to respond to such an attack and ensure that as little damage is done as possible.

Cybersecurity companies will also monitor social media and known hacker websites to try and spot planned attacks early. 

How can I prevent my PC becoming a bot computer?

The malware used to turn a computer into a bot is typically spread through spam emails or dodgy downloads - being vigilant when you're browsing and steering clear of anything that looks suspect could help you avoid malware.

Antivirus software can be good, but the companies that develop them can't keep up with the number of new threats developed by hackers every day.

Fortunately, a number of malicious software detection programs, like Microsoft's Malicious Software Removal Tool or Bot Revolt can be downloaded for free, and could help keep you safe from hackers.

Comments