E*Trade flooded with DDoS before Christmas

news ANZ Bank’s stockbroking service E*Trade was hit by a distributed denial of service attack in the lead-up to the 2011 Christmas season. After initial denials that the site had been attacked, the company sent its customers a letter informing them about the attack yesterday.

The problem was first reported by the Australian Financial Review when the platform’s overseas customers were unable to access the trading platform for more than a week (with some reporting access issues for two weeks) in the latter half of December.

A DDoS attack implies that numerous independent, or distributed, computers continuously make millions of requests for information and overwhelm the victim’s resources. The consequent slowdown or shutdown in response hinders the ability to provide efficient service to legitimate requests. Executors of DDoS attacks usually target services that are hosted on high-profile Web servers, including those of credit card payment gateways and banks. DDoS attacks violate the acceptable use policies of Internet service providers.

In the letter sent out to customers, Stuart Sayers, Managing Director, E*Trade Australia, stressed that immediate action had been taken to restrict access from some overseas locations, and that the security of the E*Trade website had not been breached at any point. It is believed that access was restored after risk assessments were completed on each country. Sayers explained the initial lack of information to customers as being due to the nature of the incident, and conveyed the company’s apologies for the inconvenience and frustration caused to customers.

Customers from the United States, China, United Kingdom, Indonesia, Thailand, United Arab Emirates and Japan were among those who experienced interruption of service from 19 December onwards. To carry out trades, overseas customers had to phone the bank directly. Some affected customers have threatened on online forums to leave the trading platform, expressing annoyance at the lack of communication about the problem and assurance about security of their funds and accounts.

E*Trade began as the Australian wing of the global E*Trade brand that made it big in the 1990s, and was acquired by ANZ in 2007.

Image credit: Robert Linder, royalty free