Wikileaks-Inspired Web Assault Affects MasterCard's SecureCode
After cutting off payments to Wikileaks, MasterCard Inc., Visa Inc. and PayPal Inc. have found themselves under assault.
MasterCard said its SecureCode payment verification system experienced disruptions temporarily Wednesday as part of an attack that also took out its main website by overwhelming it with high traffic. PayPal Inc. said it has been fighting a similar attack, though its website remained up. Visa said its website was inaccessible Wednesday afternoon due to high traffic.
"This is really an all-out war … that pretty much puts a big stop sign on e-commerce," said Avivah Litan, a vice president and distinguished analyst at the Stamford, Conn., market research company Gartner Inc.
According to a group of hackers who claim credit for the attacks, the outages were retaliation for the companies' decisions to stop accepting payments for Wikileaks after it exposed numerous classified documents. The companies said they were cutting ties with Wikileaks due to contractual violations that prohibit companies on their payments networks from engaging in or encouraging others to engage in illegal activity.
A MasterCard spokesman said in an e-mail Wednesday afternoon that "there were issues earlier in the day with SecureCode — they have been resolved and everything is fully functional." The spokesman attributed the SecureCode outage to the attacks.
A spokesman for PayPal, a subsidiary of eBay Inc., said the San Jose payments company's website had been the target of denial-of-service attacks, the name for a tactic of preventing access to a public website by overwhelming it with more traffic than it is designed to handle.
"These attacks have at time slowed the website itself down," said Anuj Nayar of PayPal, "but have not significantly impacted payments."
Jacob Jegher, a senior analyst for the Boston market research firm Celent, said the attacks can rise to the level of shutting down a business by stopping its flow of funds.
"It shows how vulnerable external websites of payment providers are, which is certainly not the image of security that these firms tend to portray," he said. "Having your external website compromised by hackers is horrible for your image."
MasterCard has been pushing to have a stronger presence for online payments. Its $526 million purchase of DataCash Group PLC in October was viewed as a way for MasterCard to be more competitive with its rivals online.
MasterCard said Tuesday that it was in the process of suspending payments to Wikileaks. It is among several companies that have been attempting to cut ties to Wikileaks and its founder Julian Assange after Wikileaks exposed thousands of classified documents.
The website of one of the largest retail banking companies in Switzerland, PostFinance, which closed an account Assange held, has been inaccessible since Dec. 8, according to media reports.
"We are glad to tell you that http://www.mastercard.com/ is down and it's confirmed!" said Operation Payback, the hacker group that claimed credit for the outage, on its Twitter account. "There are some things Wikileaks can't do. For everything else, there's Operation Payback."
Visa Europe and PayPal have also said they are suspending the accounts for Wikileaks.
The website of the Swedish prosecutor's office was also shut down, according to a statement from the agency, which said it was "impossible to get into our site due to overload" from Tuesday night until Wednesday morning. Assange was arrested after turning himself in to British police Tuesday on a Swedish arrest warrant for alleged sex crimes.
Brian Riley, a research director in the bank cards practice at TowerGroup, said in an e-mail that "something this rogue effort brings to light is the vulnerability of open networks such as the internet."
He said the instance could prove to be an opportunity for the payments networks to examine their processes to ensure that the payment industry is "adequately protected" to withstand this sort of attack.
Litan said MasterCard should have expected a hostile response.
"If you don't allow donations for the Wikileaks guy, you know there is going to be revenge," she said. "And meanwhile MasterCard is probably shaking in their boots. There is havoc going on. Chaos."