Skip to main content

The Globe and Mail

Attack on TD website likely a prank, expert says

Attack against TD website likely a prank, expert says


The cyber attack that bogged down Toronto-Dominion Bank's website this week was most likely a prank to attract attention, rather than a threat to sensitive financial data, says an expert in computer hacking.

Iain Kenny, a partner at MNP Investigative and Forensic services in Calgary who studies hacking efforts against companies, said the type of attack that stalled TD's website Thursday is becoming increasingly easy for low-level hackers to execute, but is more of a nuisance for companies than a risk to their security.

TD, the second-largest bank in Canada, disclosed it was the victim of a "targeted" attack that caused its website to go offline for about four hours starting in the morning. Known as distributed denial-of-service (DDoS) attacks, the incidents involve a virus infecting numerous computers and using them to barrage a website with requests for information. Eventually the website clogs up from the surge in traffic and legitimate users are unable to access the site.

Story continues below advertisement

"It's like drinking from a fire hose. At the end of the day, there's no loss of data, no detrimental harm to the infrastructure or the systems. But it makes [the site] unavailable for the average citizen to conduct transactions, which will obviously have a reputational impact for the business," Mr. Kenny said.

"It's no similar or different to a group of protesters marching down the street and blocking an intersection so people can't get to work, or can't get their car to the office," he said. "It's exactly that, except it's happening on the cyber highway instead of the street corner outside your office. And it can be accomplished by one individual."

TD spokeswoman Barbara Timmins said Friday that customer data were not compromised, and the bank continues to monitor the situation. Customers were mostly unable to log-in during the four-hour period, and those who could sign on experienced delays.

Though it's not clear who targeted the bank, Mr. Kenny said such attacks are done increasingly for notoriety among hackers.

"We're seeing more organizations or groups take credit for these types of activities. It's no different than graffiti taggers: they don't gain anything at the end of the day, other than notoriety and reputation," Mr. Kenny said.

"This is very likely just a small group that's basically trying to create more of a political statement than anything else."

Report an error Licensing Options
About the Author
Senior Writer

Grant Robertson is an award-winning journalist who has been recognized for investigative journalism, sports writing and business reporting. More


The Globe invites you to share your views. Please stay on topic and be respectful to everyone. For more information on our commenting policies and how our community-based moderation works, please read our Community Guidelines and our Terms and Conditions.

We’ve made some technical updates to our commenting software. If you are experiencing any issues posting comments, simply log out and log back in.

Discussion loading… ✨