LeapRate Exclusive… LeapRate has learned that a number of both large and small Retail Forex brokers running MT4 have been the subject of successful DDoS (distributed denial-of-service) attacks originating out of China.
The hackers have apparently exploited a vulnerability in MT4, which is difficult to protect because of decryption. That has enabled the hackers to create high levels of false traffic on the MT4 servers being run by the brokers. The ‘false’ traffic has the effect of causing service disruptions and slowing down the performance of the servers for real clients of these brokers when they log in and attempt to trade. And in some instances, the hosting providers for the MT4 servers shut down access altogether once they detect high levels of questionable traffic or DDoS attacks.
As far as we know, no client accounts have been hacked and no client data compromised at any of the affected brokers. The hackers have just been able to cause havoc and connection issues for real clients of these brokers by virtue of the attacks.
And the payoff?
The hackers have then been contacting the affected brokers one by one, demanding sums ranging from $50,000 to $200,000 in order to halt the attacks.
We understand that some affected brokers have indeed paid off the hackers in order to restore service, while other brokers have refused, instead working with MT4 provider MetaQuotes to work on a patch for the vulnerability, as well as a solution to better filter ‘real’ from ‘false’ traffic. Filtering traffic against DDoS attacks of this nature (see more below) can be very difficult to do – especially for retail brokers who need to provide open access to thousands of clients, and who rely on MT4 encrypted protocol which MetaQuotes does not disclose.
LeapRate contacted MetaQuotes on the subject, but the company declined comment.
What are DDoS attacks?
A distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. It is the result of multiple compromised systems (for example a botnet) flooding the targeted system – usually one or more web servers – with traffic. The most serious attacks are distributed, meaning that the attack source is more than one (and often thousands) of unique IP addresses. Many of the cases involve forging of IP sender addresses (IP address spoofing) so that the location of the attacking machines cannot easily be identified, nor can filtering be done based on the source address.
For these and other reasons, DDoS attacks are typically very effective and difficult to mitigate.
LeapRate will continue to follow this story as it develops.