back to article Lloyds Bank outage: DDoS is prime suspect

A DDoS attack was reportedly behind online outages at Lloyds Bank a fortnight ago. As previously reported by El Reg, the banking group suffered several interruptions to its online service on 11-12 January that it initially blamed on "unspecified technical glitches". Customers were unable to check their account balances or make …

  1. Uk_Gadget

    Saved me a fortune as the wife could not get into our account for two days

    1. John H Woods

      9 upvotes but ...

      ... Mrs Uk_Gadget clearly reads El Reg

  2. Your alien overlord - fear me
    Coat

    Probably refused a loan/credit card/mortgage to an IT chap.

    Mine's the one with an approved application form in it :-)

  3. Version 1.0 Silver badge

    DDoS or ?

    The trouble with Lloyds is you never know whether it's DDoS or a chai walla just got promoted to IT.

  4. Frank Bitterlich
    FAIL

    To DDoS or not to DDoS?

    I'm not sure which version is worse: That they don't know whether it's a DDoS or not, or that they don't want to be open about the cause.

    The former means that they are absolutely clueless (how hard can it be to tell that you're being flooded with bogus traffic), the latter means that they're dishonest and that the real cause was even more embarassing than simply refusing to answer the questions.

    Either one would make me worried if that was my bank.

    1. Baldrickk

      Re: To DDoS or not to DDoS?

      Maybe they are taking the position that they want to know if anything untoward has taken place before saying anything.

      Last thing they want is to say "it was only a ddos attack, no problems here" and then have to retract that because a real hack took place.

      There could be other similar reasons too.

    2. allthecoolshortnamesweretaken

      Re: To DDoS or not to DDoS?

      Not wanting to know is worse. Because it's stupid. It will also kick you in the nuts, from behind, when you least expect it, wearing boots with steel caps.

  5. theModge

    DDOS as a cover for intrusion?

    Sure they could just have been blackmailing the bank. But that would seem lazy wouldn't it? Why not do both?

    1. Naselus

      Re: DDOS as a cover for intrusion?

      Because it doesn't really make much sense to do it that way, tbh.

      The secret to a successful hack is to get in undetected and then spend months or years extracting information. A DDoS doesn't help with either of these things, while also flooding so much traffic into the target system that you kill your own extraction mechanism and drawing lots of attention from infosec professionals - exactly the stuff which you want to avoid, really.

      Generally, if you've hacked a system, you've done it silently months ago and either want to just take the stolen data quietly (to prevent useful stolen card info being quickly cancelled by the target), or you can implement something much more effective than a DDoS for ransom purposes ('hey, we encrypted everything on your netapps and now we want you to give us X money for the key').

      DDoSes are what you do if you're not very capable, which is why script kiddies like them so much but serious 'most wanted' hackers ignore them. They rely on using off-the-shelf bot software to compromise unsecure computers for generating traffic because botmasters generally aren't capable of breaching even basic security directly, and so need to rely on threatening to force the target offline rather than extracting information.

      1. Anonymous Coward
        Anonymous Coward

        Re: DDOS as a cover for intrusion?

        Well, you might also employ a DDoS whilst fuzzing for vulnerabilities, as the fuzz will be partially hidden by the noise. Allegedly.

  6. JimboSmith Silver badge

    They might have been advised to say what they have, by whichever of the plod/security services is dealing with it.

    1. Adam 52 Silver badge

      It was the National Cyber Security Centre that blabbed to the press.

  7. Anonymous Coward
    Black Helicopters

    Rumour mill

    I heard the cause was a rubber key sticking down on one of the half million "surplus stock" Sinclair Spectrums the servers run on.

    Is that a helicopter or an ink sp.............................

    1. Captain DaFt

      Re: Rumour mill

      Naw, nothing so modern as that! Their computer broke one of the wires on his abacus spilling beads everywhere. When he tried to retrieve them he slipped and fell, knocking over his inkwell and spilling ink all over the ledger.

      1. Captain Badmouth
        Coat

        Re: Rumour mill

        "Their computer broke one of the wires"

        Should have used a modified wrap.

        Mine's the one with the electric gun in the pocket.

  8. Anonymous Coward
    Anonymous Coward

    Lloyds

    Are legendary when it comes to firing people. My money is on disgruntled former employee.

  9. Anonymous Coward
    Anonymous Coward

    Still down on Tuesday?

    10.30am on Tuesday and I still can't get in to Lloyds internet banking.

    Internal Server Error - Read

    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Reference #3.9d81655f.1485253769.69e1a523

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022