Expert shocked at many firms' security
The first step of the investigation into how the personal details of 20,000 complainants against police appeared on a public website will determine if there was any link between the internet and the Independent Police Complaints Council's database.
Leading Hong Kong internet security firm Network Box said that, although the council has claimed that their database was separate from the internet, many firms held this mistaken belief. If there was no link, then someone on the inside has deliberately posted the information on the internet.
'We are horrified at the security at many companies which is just a complete afterthought,' Network Box's managing director Michael Gazeley said.
Mr Gazeley said only one or two computers on a local network needed to be connected to the internet to give a hacker potential access to the network's information. Mr Gazeley said it was clear that the website where the information was found, www.china2easy.com, had no connection with the IPCC.
Network Box chief technology officer Mark Webb-Johnson said Google was not to blame for the information being made publicly available.
He said someone using sophisticated hacking software could have taken the files and dumped them on the website if someone had put the database 'somewhere where it shouldn't have been'.