Internet gang claims it caused Lloyds Bank outage via a DDoS attack

But did a denial-of-service attack actually take place?

David bisson
David Bisson
@

Internet gang claims it caused Lloyds Bank outage via a DDoS attack

An internet gang claims it used a distributed denial-of-service (DDoS) attack to interrupt services at the Lloyds Banking Group.

The group, which includes Lloyds Bank, Halifax Bank, and the Bank of Scotland, suffered a series of outages on 11-13 January 2017. During that time, customers experienced difficulty logging into their accounts. Some individuals subsequently took to social media to vent their frustration.

One frustrated customer addressed Lloyds Banking Group directly at the time via Twitter, as quoted by BBC News:

Sign up to our free newsletter.
Security news, advice, and tips.

“Haven’t been able to access the site or app for over 36 hours now – is anything being done about this?”

The Register reports that Lloyds Banking had no idea what was causing the outages on the first day of the attack. On 12 January, it said services were returning to normal but it was unsure if that would continue.

Cant reach lloyds

The round of outages ended in the afternoon on 13 January.

As of this writing, the bank has yet to reveal what caused the service interruptions. A statement sent to Bloomberg reveals as much… or as little:

“We had a normal service in place for the vast majority of this period and only a small number of customers experienced problems. We will not speculate on the cause of these intermittent issues.”

But a pair of individuals claim to know what happened.

On 13 January, the duo reached out to Bleeping Computer.

One of them sent over a link to a Pastebin page containing an email. The email, which the actors claim they sent to Lloyds, explains how the duo found several flaws on the group’s website and that they demanded 100 BTC (approximately US $100,000) in payment as a “consultancy fee.” Otherwise, they would continue to interrupt the bank’s service.

Extortion
Source: Bleeping Computer

Meanwhile, the second alleged attacker provided a demo illustrating that the pair were behind the outages. They also tweeted about their attacks against the group from a now-dormant Twitter account.

Tweet 1
Source: Bleeping Computer

Lloyds has yet to comment on those materials.

Assuming what the pair said is true, by no means would this the first time a group of attackers held a bank (or its data) for ransom. Nor will it be the last.

With that said, the UK National Cyber Security Centre feels it is up to banks to defend themselves. As it told the Financial Times:

“The more information a company shares in a timely manner, the better we are able to support them and prevent others falling victim. But companies ultimately hold responsibility for their cyber security risks — and they should invest appropriately to ensure their networks are secure.”

Organizations can protect themselves against ransom-based attacks with a layered defense, which includes investing in DDoS mitigation technologies and encrypting customers’ sensitive financial information.


David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

6 comments on “Internet gang claims it caused Lloyds Bank outage via a DDoS attack”

  1. Elliot Alderson

    ah, more lazy hackers. they're so smart, they're stupid! lol

    tor needs to be vaporized, like yesterday.

  2. Techno

    Soon, choosing a bank will not be about interest rates or how friendly the branch staff are, but how good its internet security is.

    1. Elliot Alderson · in reply to Techno

      and, your point is?

  3. BaliRob

    If the world governments, banks and large companies had agreed to outlaw, prohibit and legislate againt Bitcolins and their use in any form from the outset which myself and
    many others campaigned for – then there would be none of this holding to ransom.

    And, I do know what I am talking about – I quickly became a victim of these evil-dooers
    but I never paid them a smell of a Bitcoin.

    1. Elliot Alderson · in reply to BaliRob

      so you pretty much don't know what you're doing when using a computer, right?

    2. Bob · in reply to BaliRob

      I suggest you watch a simple, explanatory film BaliRob – "Bitcoin: The End of Money As We Know It."

      It's not as simple as legislating "against Bitcoins". Any financier, computer expert or market trader will tell you this.

      The only reason people fall victims to ransomware is because they choose to make themselves and others a target by paying the ransom.

      Proper security systems, anti-virus, firewall, encryption and backup plans are essential if you want to use a computer these days and NOT because of Bitcoin.

      The internet is a dangerous place.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.