Hong Kong’s stock exchange is blaming hackers for a trading disruption yesterday afternoon that led to the suspension of some of the city’s biggest stocks, including Cathay Pacific, HSBC and even the exchange itself.
Charles Li, HKEx’s chief executive, told reporters that he suspected a “malicious attack” caused the disruption. Securities and derivatives trading platforms were not affected directly, but the attack prevented seven listed companies from publishing price-sensitive lunchtime announcements on the exchange’s news website.
Surprisingly, officials at the exchange took the view that retail investors might be disadvantaged by this and suspended all seven stocks from afternoon trading — a move that seemed far more disruptive than warranted by the small technical breach.
Some participants have speculated the exchange feared that the disruption was not only malicious but perhaps also aimed at securing some kind of trading advantage. In the wake of an almost 6% sell-off on Tuesday and on the day of its own earnings announcement, the exchange clearly opted for caution in suspending the stocks.
Besides the three blue chips, the other issuers were China Resources Microelectronics, China Power International Development, Dah Sing Banking Group and Dah Sing Financial Holdings. HSBC had announced the sale of its US credit card business to Capital One before the trading halt.
Li revealed very little information about the attack and stressed that hacking was only the “current assessment”.
A series of recent cases have highlighted significant security flaws at some high-profile websites and online networks, including attacks by a group known as LulzSec on Sony, the Arizona Department of Public Safety and News Corporation, among others. However, such attacks are rarely “malicious” and are typically aimed at causing embarrassment and reputational damage, rather than stealing or altering data.
That might yet be the case here. It is certainly embarrassing for the stock exchange, but the truth is that most websites are vulnerable to so-called denial-of-service attacks, including the CIA's, which LulzSec has also claimed responsibility for taking down.
Yesterday should have been far more positive for the exchange. The news might have struggled to get out (or not), but HKEx posted impressive results yesterday. Net profits in the second quarter were up 19.5% over the same period last year on the back of heightened trading activity.