Internet gang claims it caused Lloyds Bank outage via a DDoS attack

But did a denial-of-service attack actually take place?

Internet gang claims it caused Lloyds Bank outage via a DDoS attack

An internet gang claims it used a distributed denial-of-service (DDoS) attack to interrupt services at the Lloyds Banking Group.

The group, which includes Lloyds Bank, Halifax Bank, and the Bank of Scotland, suffered a series of outages on 11-13 January 2017. During that time, customers experienced difficulty logging into their accounts. Some individuals subsequently took to social media to vent their frustration.

One frustrated customer addressed Lloyds Banking Group directly at the time via Twitter, as quoted by BBC News:

"Haven't been able to access the site or app for over 36 hours now - is anything being done about this?"

The Register reports that Lloyds Banking had no idea what was causing the outages on the first day of the attack. On 12 January, it said services were returning to normal but it was unsure if that would continue.

Cant reach lloyds

The round of outages ended in the afternoon on 13 January.

As of this writing, the bank has yet to reveal what caused the service interruptions. A statement sent to Bloomberg reveals as much... or as little:

"We had a normal service in place for the vast majority of this period and only a small number of customers experienced problems. We will not speculate on the cause of these intermittent issues."

But a pair of individuals claim to know what happened.

On 13 January, the duo reached out to Bleeping Computer.

One of them sent over a link to a Pastebin page containing an email. The email, which the actors claim they sent to Lloyds, explains how the duo found several flaws on the group's website and that they demanded 100 BTC (approximately US $100,000) in payment as a "consultancy fee." Otherwise, they would continue to interrupt the bank's service.

Extortion

Source: Bleeping Computer

Meanwhile, the second alleged attacker provided a demo illustrating that the pair were behind the outages. They also tweeted about their attacks against the group from a now-dormant Twitter account.

Tweet 1

Source: Bleeping Computer

Lloyds has yet to comment on those materials.

Assuming what the pair said is true, by no means would this the first time a group of attackers held a bank (or its data) for ransom. Nor will it be the last.

With that said, the UK National Cyber Security Centre feels it is up to banks to defend themselves. As it told the Financial Times:

"The more information a company shares in a timely manner, the better we are able to support them and prevent others falling victim. But companies ultimately hold responsibility for their cyber security risks — and they should invest appropriately to ensure their networks are secure."

Organizations can protect themselves against ransom-based attacks with a layered defense, which includes investing in DDoS mitigation technologies and encrypting customers' sensitive financial information.

Tags: ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

,

6 Responses

  1. Elliot Alderson

    January 25, 2017 at 12:20 am #

    ah, more lazy hackers. they're so smart, they're stupid! lol

    tor needs to be vaporized, like yesterday.

  2. Techno

    January 25, 2017 at 8:56 am #

    Soon, choosing a bank will not be about interest rates or how friendly the branch staff are, but how good its internet security is.

    • Elliot Alderson in reply to Techno.

      January 25, 2017 at 9:24 pm #

      and, your point is?

  3. BaliRob

    January 25, 2017 at 10:31 am #

    If the world governments, banks and large companies had agreed to outlaw, prohibit and legislate againt Bitcolins and their use in any form from the outset which myself and
    many others campaigned for – then there would be none of this holding to ransom.

    And, I do know what I am talking about – I quickly became a victim of these evil-dooers
    but I never paid them a smell of a Bitcoin.

    • Elliot Alderson in reply to BaliRob.

      January 25, 2017 at 9:25 pm #

      so you pretty much don't know what you're doing when using a computer, right?

    • Bob in reply to BaliRob.

      January 26, 2017 at 10:48 am #

      I suggest you watch a simple, explanatory film BaliRob – "Bitcoin: The End of Money As We Know It."

      It's not as simple as legislating "against Bitcoins". Any financier, computer expert or market trader will tell you this.

      The only reason people fall victims to ransomware is because they choose to make themselves and others a target by paying the ransom.

      Proper security systems, anti-virus, firewall, encryption and backup plans are essential if you want to use a computer these days and NOT because of Bitcoin.

      The internet is a dangerous place.

Leave a Reply