Chinese hackers are allegedly launching cyber attacks on the popular MetaTrader 4 trading platform and are demanding ransom from online forex brokers using it, in order to stop the attacks.
According to a report of the LeapRate website, quoting broker sources, the hackers are exploiting an encryption vulnerability in the platform protocol and launch distributed denial of service (DDoS) attacks, causing service disruptions and crippling trading activities. In some cases the cyber attacks have been so severe, that the MT4 hosting servers shut down altogether.
The report also claims that the hackers have then contacted each affected broker demanding sums varying from $50 000 to $200 000 to stop the DDoS attacks and restore the services. Some brokers have reportedly paid the ransom, while others refused and are working with the developer of the MT4 – MetaQuotes – to patch the vulnerability.
According to LeapRate, no data of the affected brokers’ clients has been compromised. So far MetaQuotes has declined comment.
One victim of the blackmailing scheme may have been one of the major forex brokers in terms of trading volume – Exness. In early April it reported an ongoing DDoS attack – first on its website and then indeed on its MT4 trading servers. The onslaught slowed down trading and caused service disruptions for weeks. In a statement from April 20, Exness expressed its suspicions that the attack may have been provoked by its recent successes, but did not mention any blackmailing.
Either way, this is not the first time hackers have been exploiting MT4 vulnerabilities. In the autumn of 2014 the PrimeXM MetaTrader 4 Server suffered an attack causing more than 20 forex brokers to experience considerable disruption in their services including up to 30 seconds delays, frozen quotes and memory fluctuations. Back the attack came from a single client account exploiting the vulnerability of the whole system. After the account was shut down, the service was restored to normal.
The main goal of a DDoS attack is to make a website or other internet service unavailable to its intended users. It is launched by a botnet, consisting of thousands of infected computers and servers, which simultaneously send millions of access requests to the target, thus “clogging” the normal data flow and disrupting the normal operation of the website or the internet service. DDoS attacks are often targeting sites and services of high-profile institutions such as banks, credit card payment gateways, rendering them useless for hours or even months. A notorious case was the massive DDoS attack against US financial institutions, such as Citigroup, Capital One and HSBC. It was launched by an infected Swedish military server in 2012, lasted for months and back then was considered one of the biggest in internet history.