[ISN] WorldPay struggles under DDoS attack (again)

InfoSec News isn at c4i.org
Tue Oct 5 07:29:03 EDT 2004


By John Leyden
4th October 2004 

WorldPay, the Royal Bank of Scotland's internet payment transaction
outfit, is continuing to fight a sustained internet attack which has
left its services largely unavailable for a third successive day.

Since Saturday (2 October), WorldPay's online payment and
administration system has been reduced to a crawl, due to a malicious
DDoS attack by unidentified computer criminals. A spokesman for the
company stressed that although is fighting a serious
"denial-of-service" attack, its systems is uncompromised and customer
data remains secure. "We are processing transactions securely but the
attack is blocking our ability to operate normally. We apologise
unreservedly for any inconvenience caused," he added. WorldPay's
techies are working overtime to restore service but can't say when
normal service will be restored.

In a notice to customers on Saturday (2 October), WorldPay said: "We
regret that access to our payment and administration systems is
severely disrupted due to a planned and large scale Denial of Service
(DDOS) attack by a third party. Our payment and administration systems
are working, safe and secure, but the networks around them are being
flooded with requests on a huge scale, causing 'service denials'. We
are processing payments, but far slower and fewer than we normally

"We are executing our contingency plans to move to full restoration of
the service but cannot at this point in time predict when all
customers will have the service restored without further interruption.  
While attacks of this type can be anticipated, it does take time to
identify and deal with the exact nature of a particular attack. We are
doing everything that is possible to restore a full service as soon as
is possible," it added.

Users are advised to check WorldPay's customer service portal for
updates. WorldPay was the subject of a similar three-day long denial
of service attack last November.

One Reg reader writes: "Looks like they have not learned much from
last year/s dos attack as the service has been down for most of the
day. We have lost thousands in orders."

A WorldPay spokesman said the vast majority of customers had been
supportive and understanding. He noted that many businesses had
experienced DDoS attacks in recent months. Many of these attacks have
been linked to extortion attempts, but WorldPay declines to say if it
has received any demands from its attackers.

More information about the ISN mailing list