Hong Kong Exchanges & Clearing Ltd., the world’s biggest bourse operator by market value, suspended trading yesterday for companies including lender HSBC Holdings Plc (HSBA) after its website was hacked.
Europe’s largest bank by market capitalization, Cathay Pacific Airways Ltd. (293) and five other stocks were halted after a “malicious attack” on the exchange’s website for corporate filings, Chief Executive Officer Charles Li said yesterday. The website was partially disabled as companies including Hong Kong Exchanges reported earnings.
The bourse joins companies from Sony Corp. to Citigroup Inc. and Nasdaq OMX Group Inc. that have been targeted by hackers. The attack came as Hong Kong stocks were rebounding after losing $323 billion in value since Aug. 1 amid a global rout spurred by concern that the U.S. economy is slowing and Europe won’t be able to contain its sovereign-debt crisis.
“This has affected the creditability and trustworthiness of information at a very critical time,” said Charles Mok, who heads the Hong Kong division of the Internet Society, an international standard-setting group. “The situation is very worrying because the hacking is targeted at the information disclosure mechanism.”
The exchange suspended trading of companies that published price-sensitive information, including on earnings and acquisitions, after noon to ensure investors had equal access to statements, Li said. It set up an online bulletin board as an alternative, and will place advertisements in newspapers to tell investors where to find filings, said Mark Dickens, the exchange’s head of listing.
“Our current assessment is that this is the result of malicious attack by outside hacking,” Li said yesterday at a press conference to announce a 14 percent increase in first-half earnings. The exchange is working to discover the objective of the attack, he said.
The website was disabled after traffic exceeded normal levels, Hong Kong Exchanges Chairman Ronald Arculli said in an interview on Bloomberg Television today. The exchange is planning to review its technology infrastructure, he said.
Hong Kong Exchanges said today that the website has resumed operation. Shares of the bourse dropped 2.6 percent to HK$137.40 as of 11:52 a.m. local time.
The Technology Crime Division of the Hong Kong Police’s Commercial Crime Bureau is investigating the matter, said Anita Chow, a spokeswoman for the force. The Securities and Futures Commission is also following up, spokesman Jonathan Li said.
In March, the U.S. National Security Agency was reported to have joined an investigation of an October 2010 attack on Nasdaq OMX. The second-largest U.S. equity exchange operator by trading market share said in February that “suspicious files” discovered on a website prompted it to start an investigation with federal authorities into possible computer hacking.
Trading of HSBC, which makes up 15 percent of Hong Kong’s Hang Seng Index, and Hong Kong Exchanges, which has a 2.6 percent weighting, was suspended yesterday. Cathay Pacific, Dah Sing Banking Group Ltd. (2356), Dah Sing Financial Group, China Resources Microelectronics Ltd. and China Power International Development Ltd. (2380) were also halted.
HSBC, Hong Kong Exchanges, Dah Sing Banking and Dah Sing Financial said in filings yesterday that they would resume trading today. HSBC said it was halted because of its statement on the sale of its U.S. card and retail-services units.
The exchange “should have had the proper measures to make sure this is secure,” said Terrace Chum, Hong Kong-based managing director of greater China equities for Manulife Asset Management, which oversees $210 billion. “In other media channels, you can always find falsified news and rumors, but this is supposed to be more official.”
Companies in Hong Kong face an increase in computer intrusions as hackers target security flaws in some software, Roy Ko, centre manager at the Hong Kong Computer Emergency Response Team Coordination Centre, said in a telephone interview today. The center, funded by the government, found 22 websites this year in which content was “defaced” by hackers, Ko said.
The suspensions didn’t disrupt the calculation of the Hang Seng Index (HSI), said Vincent Kwan, director and general manager at Hang Seng Indexes Co. in Hong Kong. The last trades before the halt were used to calculate the equity gauge, he said.
‘One Little Incident’
“Trust is something that takes years to build and accumulate, so one little incident is not enough to cause a lot of damage to the confidence in the exchange,” said Jonas Kan, a Hong Kong-based analyst at Daiwa Securities Capital Markets. “It’s not something you can lose overnight.”
Sony, Japan’s largest exporter of consumer electronics, estimated the attack that crippled its online services this year may cost the company 14 billion yen ($183 million). The International Monetary Fund said in June it was hacked.
China was the target of 493,000 cyber attacks last year, according to a report by the National Computer Network Emergency Response Coordination Center of China, the state-run Xinhua News Agency said Aug. 9. About half the attacks originated from internet protocol addresses outside the nation, including from the U.S. and India, the report said.
“Anything that disrupts the flow of information is serious,” said Steve Vickers, chief executive of Steve Vickers Associates, a Hong Kong-based risk-consulting company. “Can you defend a website absolutely against attack? The answer is no.”
To contact the reporter on this story: Lynn Thomasson in Hong Kong at email@example.com