Update: Contrary to HSBC's claim, FawkesSecurity said they did in fact steal sensitive debit card information for 20,000 accounts, but have not yet provided proof. The group also named the Electronic Diversity Visa Lottery website as a future target. The site is a resource for non-citizens seeking work authorization in the United States.
The multinational London-based bank HSBC yesterday (Oct. 18) became the latest to have its website knocked offline by hacktivists.
But it's not clear exactly which hacktivists did it, now that a group with ties to the Anonymous hacking collective has claimed responsibility and said it has plans to target other U.K. banks.
"Banks are the sole cause of our current worldwide economic problems. They deserve to get hit. RBS, Lloyds TSB and Barclays are next," FawkesSecurity told TechNewsDaily via Twitter.
Despite the focus on British banks, the group said it is not based in Britain.
"British banking systems are corrupt and only profit those in high places," the Twitter feed said.
Not the usual suspects
Initial reports assumed that the HSBC attack was part of the month-long campaign launched by an Islamist group against U.S. banks.
Yet FawkesSecurity claimed ownership of the attack on Pastebin and on an announcement on their Twitter feed hours before the HSBC outage was first reported. It was no smoking gun, but it did lend their claim some credibility.
Despite FawkesSecurity's claim, Fox Business reported that that the Islamist group, which has targeted American banks in response to the "Innocence of Muslims" YouTube video, had claimed responsibility for this latest attack.
" The Izz ad-Din al-Qassam Cyber Fighters took responsibility for the attack that at points crippled users' access to hsbc.com and other HSBC-owned properties on the Web," the FoxBusiness report said.
TechNewsDaily, however, could find no evidence of such a claim.
The Qassam Cyber Fighters' most recent post on Pastebin is dated Oct. 16 and said only that "the chain of cyber attacks on U.S. banks will continue this week."
The posting made no mention of HSBC, which is based in London and Hong Kong and has only a regional presence in the United States. The Islamist group has usually named its targets before attacking them.
No danger to customers
The attack "affected a number of HSBC websites around the world," HSBC said in a statement today (Oct.19) but assured customers that their data had not been compromised.
HSBC customers reported outages on the HSBC UK and First Direct sites which were a result of a distributed denial-of-service (DDoS) attack. Other reports indicated that the U.S. site was down as well.
Follow Ben on Twitter.