Hong Kong Stock Exchange suffers second day of DDoS attacks

The Hong Kong Stock Exchange came under fire for the second day in a row on Thursday after a distributed denial-of-service attack on its HKExnews web site for regulatory filings and disclosures.

The exchange was forced to suspend trading on several stocks, including HSBC and Cathay Pacific Airways, on Wednesday after fears that the site outage may have meant that not all investors had equal access to the vital trading information.

In an update on Thursday, the exchange noted that the attack had been launched from a botnet outside the country.

"Experts from the technology vendor supplying HKEx's intrusion protection technology successfully implemented a filter mechanism to fend off further attacks last night," it added.

"Today, HKEx is still observing malicious traffic attempting to access the HKExnews web site and is continually adjusting and strengthening the filter mechanism."

The exchange said that it has been forced to decentralise the system of providing important trading announcements.

This includes publishing paid advertisements in local newspapers with a list of companies planning to release results announcements, as well as emailing snapshots of the notices of announcements published on the Bulletin Board.

Sophos Canada senior technology consultant Chester Wisniewski welcomed the approach taken by the exchange and its chief executive Charles Li.

"Mr Li has been very forthcoming with the information needed most by those affected, and has implemented measures to ensure that this criminal operation will not continue to have impact on companies trading on the exchange," he said in a blog post.

"This could not come at a worse time, as the global financial markets teeter on the brink of another recession. Nevertheless, Mr Li appears to be taking a measured and appropriate response to the attacks."