His 44th was a particularly cruel birthday for Rajesh Sadhwani. It was the day in March last year that he received an e-mail on his BlackBerry telling him that his password for his Yahoo e-mail account had been changed. Shortly afterwards, the jewellery designer received an e-mail from an account called 'happybirthdayasshole' warning him to 'enjoy what else is to be unleashed'. There was also a message from his account with social networking site Facebook telling him to 'watch his back'. Sure enough, when Sadhwani checked, he could not log into his Yahoo and Facebook accounts. Then he discovered friends of his had been sent abusive messages from his Facebook page. The hacker had also cracked his Expedia and Orbitz travel accounts, destroying his itinerary for an upcoming business trip to the Basel Jewellery Show in Switzerland. Sadhwani went to the Central Police Station and made a detailed report. He also confirmed with Yahoo, Expedia and Facebook that he was indeed the proper account owner and his passwords were changed back. But the damage was done. Sadhwani had used his Yahoo account as an online database to help organise his life, which included seven years' worth of copies of all the designs for his successful jewellery company, as well as all his business contacts and correspondence. There were also details of his teenage daughter's plans to study in the United States. Investigators in the US found the e-mails had originated from Bergen county in New Jersey. Sadhwani now had his suspicions about who the hacker was, as the area is home to estranged relatives who are also competitors in the jewellery business. In the next few months, he learned that some of his clients had been contacted in Europe, obviously using the details stolen from his Yahoo account. But he decided to leave the case alone. 'My contacts, connections and business dealings had been obviously forwarded on. But it was really commercial espionage and I really thought it would end there,' he said. This was wishful thinking. Six months later, on September 12, Sadhwani received his most distressing e-mail from the hacker. This time there was a direct threat against his daughter. 'Don't think I don't know your schedule ... London one day, New York the next ... you really think she'll be safe when she goes to school all by herself???' This prompted him to act, making a photocopy of his daughter's passport and sending it to the US consulate general to ask for help. The e-mail was again traced to Bergen county in New Jersey, and the Apline Police Department, responsible for the area, in tandem with the county Computer Crimes Department, conducted an investigation from information provided by Sadhwani and raided a home there. During a police interview, one of the occupants of the house admitted his relative, who was based in Hong Kong but travelled to the US on business, used the computer. The occupants of the house then admitted the relative had been responsible for hacking the accounts. They expressed their regret, and said it would not happen again. Sadhwani wants the case prosecuted in Hong Kong, as this is where the hacker is based, and where he lives with his daughter. But the matter has not moved so quickly in Hong Kong as it has in the US. The South China Morning Post last week identified several loopholes in the city's statutes governing identity theft, which in some cases may make it more difficult for police to identify what an offender should be charged with. Hong Kong law does not recognise one's 'identity' - much less virtual identity - as someone's personal property, capable of being owned and protected. Relying on an existing law such as the Theft Ordinance as protection against internet identity theft was therefore likely to be difficult. This contrasts with the US, where the Identity Theft and Assumption Deterrence Act makes it a federal offence to 'knowingly transfer or use, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity'. There also has been criticism that in Hong Kong, the offence of hacking only attracts a fine, compared with other places including Britain and Singapore, which have stiff jail sentences. And unlike some jurisdictions Hong Kong has no laws that allow computer crimes committed outside its borders to be prosecuted in courts here. That is a major problem, considering the borderless nature of much internet crime. Sadhwani made his second report to police on January 8. He provided the police with a full statement as well as all the evidence collected by the police in the US. Police investigators have confirmed the investigation into the case is ongoing and a person of interest has been interviewed. Sadhwani said he was frustrated with the slow progress of the case in Hong Kong. 'The guy is here, he has committed this crime, why can he not be prosecuted now?' he said. Cybercrime is a growing phenomenon in Hong Kong. In 1996, police investigated only 21 computer crime cases. By 2008, that number had grown to 791, mostly involving unauthorised access to a computer, criminal damage, theft and obtaining property by deception. Experts often say most internet crimes are unreported because people and companies do not want to draw attention to their poor data security. Despite the growing incidence of internet crime, a cyber-criminal in Hong Kong is highly unlikely to be prosecuted. Of the 791 such reported cases in 2008, only 25 were prosecuted and 19 people convicted. In 2005, of the 667 reported cases, there were 17 prosecutions and 15 convictions. That is a conviction rate for internet crimes of 2.5 per cent and 2.4 respectively for those two years. A Department of Justice spokesman said Hong Kong had a specialised department tackling computer crimes, and is at the forefront in tackling commercial crimes, including computer and electronic crime. There were already statutory offences for the dishonest use of a computer and the criminal regime was available to deal with crimes associated with the internet, the spokesman said.