First published: 11th August 2011
The Hong Kong Stock Exchange (HKEx) adopted a half-day (one trading session) suspension policy for issuers that announced price-sensitive information during the lunch hour on 10th August. The decision was made because the Hong Kong Stock Exchange's regulatory disclosure website, HKExnews became unavailable, thus creating a situation where some investors might be unaware of information that others knew.
HKExnews began to have problems about midday and was mostly inaccessible for the rest of the day, thus triggering the suspension of trading as part of a contingency plan. Announcements were made through an alternate website, bulletinboard.hk. The HKEx said that the failure was due to malicious outside attacks, but the source of the attacks and motive behind them were unknown. The trading systems were not affected. The Police and the Securities and Futures Commission have been contacted about the incident.
Seven stocks were affected by the suspension, HSBC, HKEx (the stock exchange itself), Cathay Pacific Airways, China Power International, China Resources Enterprise, Dah Sing Financial and Dah Sing Bank. The first three account for 18% of the Hang Seng Index.
Some investors and brokers criticised the decision because it prevented them profit-taking after Tuesday's 5.66% fall and Wednesday's 2.34% rebound in the HSI.
No information has been released about the mode of the attack, though a Distributed Denial of Service attack seems likely.
Updated: 12th August 2011
Attackers continued disruption attempts on the HKEx disclosure website on 12th August, but trading continued as the attempts failed and other methods for disseminating statutory information were in place. Details of the attacks are still sketchy, but Bill Chow Tang-bill, chief technology officer of HKEx, described a Distributed Denial of Service (DDoS) attach in a press briefing, "The malicious traffic originated from a network of hundreds of personal computers, most of which were based outside Hong Kong". He also said that a mixture of techniques were used.
The Police say that they suspect overseas attackers are responsible and they will, if necessary, get outside assistance in their investigation. The motive for the attack is unclear, there has been no blackmail attempt and no trading information or money was lost. If the intent was to use the disruption of results announcements to make favourable trades with ignorant investors, then the suspension effectively countered the risk.
The exchange plans to prevent a recurrence by introducing more diverse channels for information dissemination. The backup website, bulletinboard.hk, was already available, but it is now much more widely known. Starting on the 12th August, the exchange will use newspaper advertisements to publicise in advance when companies will have result announcements. Thirdly, the exchange will use email to alert brokers and the press when companies have published financial information on their own websites. These multiple channels will make a future DDoS attack more complex and less likely to succeed.