Hacking tops viruses as key threat to computer users
The good news is that computer-virus attacks are way down, but hacking is on the rise, the city's computer security watchdog said.
The Hong Kong Computer Emergency Response Team Co-ordination Centre, which collects computer-incident reports from local users, issued 308 security alerts last year, the most in 10 years. However, it did not send out a single virus alert for three consecutive years. The centre is a subsidiary of the Productivity Council.
The centre received 980 reports regarding computer-security breaches, up 19 cases year on year. Of these, 382 were about hacking, up 71 per cent. Another 298 were about phishing - the criminally fraudulent process of attempting to acquire sensitive information - up 14 per cent. There were only 162 reports of virus attacks, the least since 2002.
Roy Ko Wai-tak, the centre's manager, said popular platforms like social networking websites would be an obvious attack target.
'We can see the trend for malware attacks is ongoing. We do not have large-scale virus outbreaks now. Instead, more and more Trojan horses, spyware and other hacking software intrude on our computers. They are of small scale but mutate quickly.'
He said such malware, which secretly assessed information stored on computers, spread by being downloaded inadvertently by unsuspecting users. Links embedding malware are sent out through e-mail, instant messengers and social networking websites to lure users to click on and download them.
He said it was the financial incentive for trading personal data that prompted attackers to shift from using viruses to malware as a means of intruding on computers.
Ko said Hongkongers were not sufficiently aware of the dangers of putting too much personal information, such as their phone numbers or e-mail addresses, on websites like Facebook.
'An e-mail address is the simplest resource for hackers. Once they have collected e-mail addresses, they can send out spam mail or links to phishing sites,' he said.
Citing a report from worldwide IT research firm Gartner, Ko said smartphones would replace personal computers as the most common Web-access device by 2013, and people were likely to store sensitive information such as passwords to their bank accounts on phones, which could lead to the theft of their money if collected by hackers.
He said there was not much security software on smartphones currently on the market. He reminded people to be aware of malicious applications and to carefully read terms and conditions before using apps that would collect personal data.
Ko also said a new way of spreading malware, called social engineering techniques, was gaining popularity overseas, where attackers stirred up public sentiment online and incited people to join massive attacks against certain targets, often subjects of current affairs.
'This would be a rather serious problem. Attackers do not need to infect computers proactively. People are attracted to install malware and carry out such attacks for 'justice' and to support certain groups. But we might in fact be manipulated as a tool of intrusion,' he said.
Samson Tam Wai-ho, legislator for the information technology functional constituency, said there was a law that regulated intrusion on computers, but it was difficult to enforce because such attackers or sites were usually located outside Hong Kong. Tam also said it was not an offence to sell personal data obtained from the internet, but that hopefully there would be a penalty soon, as the privacy ordinance was under review.