Botnet's takedown puts Hong Kong's cyberguardians in the thick of things

High-profile action against online theft network brings rare attention to behind-the-scenes unit that keeps internet secure

PUBLISHED : Sunday, 09 June, 2013, 12:00am
UPDATED : Sunday, 09 June, 2013, 8:26am

Cyberspace has been in the headlines a lot recently - from US government snooping on citizens to the hacking of online banking passwords.

Hong Kong's defence against malicious activity online is the Hong Kong Computer Emergency Response Team (HKCERT ), set up in 2001 and managed by the Hong Kong Productivity Council. Its main role is to collect information on cyberattacks and work with the police and internet service providers.

The breaking up of multimillion-dollar online theft network Citadel last week is a stark reminder that in our increasingly wired world, we all face an enemy we can't see, touch or hear but which has the potential to wreak havoc in our daily lives.

"Security attacks are growing in number and complexity," said HKCERT senior consultant Leung Sie-cheong. "Newer attacks are targeting high-profile targets like critical infrastructure and also financial institutions, which are a pillar of the economy of Hong Kong."

Within hours of Microsoft's digital crimes unit notifying local authorities about Citadel last Thursday, staff at HKCERT's co-ordination centre were doing all they could to trace two machines in Hong Kong that were part of an estimated network of 1,400 computers spreading the malware that enabled it to function.

So far, about 1,000 of these command and control computers have been taken down worldwide.

The Citadel malware monitored keystrokes on the computers it infected and sent sensitive details such as account numbers and passwords to hackers who then illegally accessed online bank accounts.

HKCERT 's staff began analysing malware samples and published guidelines on how businesses and internet users in Hong Kong - one of the worst hit jurisdictions - could detect and get rid of the Citadel code.

"The Citadel botnet global takedown is a good example of the collaboration of HKCERT with other parties, and how we are responsible to Hong Kong citizens," said Leung.

He said the centre was now preparing for the second wave of the Citadel operation, which involves an effort by more than 80 countries.

"When Microsoft provides us with a list of bots in Hong Kong, we will relay a message to the related internet service providers to inform their customers who is infected," he said.

HKCERT is part of a regional network of 30 response centres in Asia-Pacific and a member of FIRST, the international Forum of Incident Response and Security Teams.

HKCERT currently has 10 staff: four consultants, five officers and one administrative support officer.

Last year, the centre handled 1,189 security incidents, up 30 per cent compared to 2011, most related to hacking and phishing.