The cyber attack that bogged down Toronto-Dominion Bank’s website this week was most likely a prank to attract attention, rather than a threat to sensitive financial data, says an expert in computer hacking.
Iain Kenny, a partner at MNP Investigative and Forensic services in Calgary who studies hacking efforts against companies, said the type of attack that stalled TD’s website Thursday is becoming increasingly easy for low-level hackers to execute, but is more of a nuisance for companies than a risk to their security.
TD, the second-largest bank in Canada, disclosed it was the victim of a “targeted” attack that caused its website to go offline for about four hours starting in the morning. Known as distributed denial-of-service (DDoS) attacks, the incidents involve a virus infecting numerous computers and using them to barrage a website with requests for information. Eventually the website clogs up from the surge in traffic and legitimate users are unable to access the site.
“It’s like drinking from a fire hose. At the end of the day, there’s no loss of data, no detrimental harm to the infrastructure or the systems. But it makes [the site] unavailable for the average citizen to conduct transactions, which will obviously have a reputational impact for the business,” Mr. Kenny said.
“It’s no similar or different to a group of protesters marching down the street and blocking an intersection so people can’t get to work, or can’t get their car to the office,” he said. “It’s exactly that, except it’s happening on the cyber highway instead of the street corner outside your office. And it can be accomplished by one individual.”
TD spokeswoman Barbara Timmins said Friday that customer data were not compromised, and the bank continues to monitor the situation. Customers were mostly unable to log-in during the four-hour period, and those who could sign on experienced delays.
Though it’s not clear who targeted the bank, Mr. Kenny said such attacks are done increasingly for notoriety among hackers.
“We’re seeing more organizations or groups take credit for these types of activities. It’s no different than graffiti taggers: they don’t gain anything at the end of the day, other than notoriety and reputation,” Mr. Kenny said.
“This is very likely just a small group that’s basically trying to create more of a political statement than anything else.”