Online retailers appear to have emerged relatively unscathed from denial of service attacks launched on three payment companies by internet campaigners in defence of WikiLeaks.
PayPal, Visa and Mastercard are being targeted by online campaigners from the Anonymous group in response to reports that they have withdrawn their payment processing facilities from WikiLeaks following the high-profile leak of US diplomatic cables. Amazon, which previously hosted the WikiLeaks website before ending the association last week, is also understood to have been targeted.
According to Twitter user AnonOpsNet, understood to be orchestrating the online campaign, PayPal’s website was down during the course of this morning following a by a distributed denial of service attack, while MasterCard’s corporate website has also been offline for up to six hours in the last day. Visa is also believed to have been targeted by the campaigners.
But while some Twitter users claim that the attacks have affected Christmas online shopping, payment companies say their ability to process transactions has not been affected by the campaign. Retailers should therefore emerge unaffected – though anecdotally some retailers have reported being affected by the attacks.
A spokesperson for Visa Europe told Internet Retailing today: “Visa Europe’s payment processing has not been affected at all and therefore there will be no effect for online retailers.”
Meanwhile MasterCard said in a statement that it had seen “limited interruption in some web-based services” but that “cardholders can continue to use their cards for secure transactions globally”.
It added: “Our core processing capabilities have not been compromised and cardholder account data has not been placed at risk.”
And PayPal today issued a statement saying: “The PayPal.com site is fully operational. We can confirm that there was an attempted DDoS attack on paypal.com on Monday morning for about half an hour. The attack slowed the website itself down for a short while, but did not significantly impact payments.”
A spokesman for IMRG, the trade body for online retailers, said: “As far as we are aware there has been no significant disruption.”
Peter Wood, member of the ISACA Security Advisory Group and chief executive of First Base Technologies, says such an attack would have serious implications for online retailers if the payment process was involved. “Attacks against credit card companies can have significant impact for online retailers,” he said. “Credit cards comprise the vast majority of online transactions and any reduction in service by the card companies will affect retailers and hence consumers. A distributed denial of service attack against a card company’s web site would have no real impact on their ability to trade, but an attack against the payment process itself would have serious repercussions.”
And Professor John Walker, member of the ISACA Security Advisory Group and chief technology of Secure-Bastion, said: “In the new age of 2011 cyber threats, any industry or organisation who utilise the openness of the public backbone called called the internet to carry their services or offers goods online must understand their security posture, their levels of resilience and identify if any requirement exists for enhancement of their deployed alerting and security.”
