Cyberport was hacked in mid-August, involving the theft of up to 400GB of staff data, including identity documents, but Cyberport delayed the announcement for half a month. According to the hacker's latest website, the information has been "leaked" and can be downloaded for free from the dark web. A computer researcher looked at some of the leaked data on the dark web and found that 208.5GB of the data was related to projects, which accounted for the largest portion of the data. In addition, there was also information on human resources, leasing, and finance, etc. Not all of the files could be downloaded without problems, and some of the files were encrypted, but many of the files could be opened directly to peek into the salaries of some employees and the resumes of job applicants. A computer security researcher criticized the Cyberport for its poor security awareness, "It has not done its job well in terms of management responsibility, so is there anyone to be held accountable for this? I think there is a need to do so, because there is no proper management. Not only personal data, but also government contracts, which can be seen by our neighbors, who can see our projects and kill our business."
The hacker group Trigona's website indicates that Cyberport's stolen data has been "leaked". According to computer practitioners, the information can be downloaded directly from Trigona's dark web page for free, and is 400GB in total, of which 208.5GB is for Project, 86.3GB is for HR, 125.01GB is for Finance, and 2.56GB is for FintechTeam. The remaining 15.75GB was for Leasing.
Among the above 400GB of data, many of them are "PDF" and "EXCEL" files, and some of them are photos and videos, including some office pictures. However, when clicking on some of the files in Trigona's webpage, the files could not be read, and some of the "EXCEL" files needed to be opened by entering a password after downloading.
However, not all files are encrypted. For example, some of the files containing salary information of staff can be opened directly; the curriculum vitae of some job applicants can also be viewed, and there are even files containing comments from interviewers, which can be seen at a glance. There are even documents containing interviewer's comments which can be viewed at a glance. In addition, there are also documents on tenancy agreements signed between some companies and Cyberport.
Lai Zhuo Dong, a computer security researcher, said that, in fact, on average, every two or three days there are enterprises, schools, or different organizations were ransomware attacks, similar incidents are quite common. He said that the reasons for the attack, generally from the system is not patched, lack of awareness of digital security, lack of resources to strengthen the security system, lack of talent, etc. He said that there have been companies that do not have their own backups. He said that there were cases where companies did not have their own backup information and had to pay "ransom".
Asked whether Cyberport's security awareness was inadequate, Mr. Lai criticized, "It is impossible for such a big organization to be so bad. He said that in general, it is true that fewer people would encrypt the "EXCEL" one by one, but they would double authenticate the whole system and the hard disk, and confirm their identity when logging in before decrypting the data. "Obviously, they didn't do this, they didn't authenticate themselves, and they didn't even fix the loopholes. He described the incident as negligence and said, "If there had been an audit of the servers or double authentication, there would not have been any problem.
Mr. Lai also criticized that the incident not only affects personal privacy, but also involves commercial confidentiality, which is detrimental to the interests of Hong Kong, and that the Cyberport management should be held accountable, "They have not done a good job in managing their responsibilities, so should someone be held accountable for this incident? I think there is a need for accountability, because the management has not done a good job. It's not only personal data, but also government contracts, which are seen by the neighboring districts and they can see how we do our projects and how they can kill our business."
Mr. Lai pointed out that there is no relevant legislation in Hong Kong to penalize data leakage, but there are relevant laws in the Mainland and Singapore, and the relevant companies are usually fined, but there is no penalty in Hong Kong, "You don't want to have a safety rack? You don't want to be safe? Why can't we just forget about the data leakage? Why do you think the leakage of data can be left unattended? Apologize and it's over, no penalty, no need at all? He reminded all industries to pay attention to information security, and all industries have the responsibility to protect information security.
Mr. Fong Po-kiu, Honorary President of the Hong Kong Information Technology Federation (HKITF), said that the incident is very serious because the leakage of information not only involves Cyberport staff, but also tenants, partners and applicants, and that the most important thing is to get hold of the information of those who are affected and notify them as soon as possible.
Hong Kong's Web3 industry has been developing at a rapid pace. Cyberport, as a wholly-owned enterprise of the Hong Kong government and a policy enforcer, has been instrumental in promoting the development of the Web3 ecosystem in Hong Kong. Since the announcement of Hong Kong's Virtual Asset Development Declaration in October last year, the industry has grown rapidly.
Hang Seng Bank is one of the banks with three selected use cases, including programmable payment for merchant reward schemes and disbursement of government qualifications. Four real-world simulation tests were successfully completed in September. Over 500 simulated digital Hong Kong dollar transactions were processed.
BOC Hong Kong has successfully overlaid smart contracts in its Digital Hong Kong Dollar application. The first phase of the trial is open to some of the Bank's staff to purchase prepaid service contracts through the BoC Pay mobile payment application. After purchasing a pre-paid service contract from a preferred participating merchant, the customer's funds will be converted into a digital Hong Kong dollar.
The first phase of the trial is open to some of the world's leading banks and financial institutions. The trial is designed to test the feasibility of using digital currency in a variety of ways. The second phase will be open to anyone who wants to take part in the trial. The third stage will be for those who want to participate in the digital currency trial.
The Consumer Council computer system was hacked, staff and subscribers personal information may have been leaked. The hackers asked to be paid before tomorrow night $ 500,000 in ransom, the incident is following the Cyberport last month announced that there was a data leakage. Government Chief Information Officer Wong Chi-kwong met with the media this afternoon at the Government Secretariat.
Cyberport and the Consumer Council have been hacked and blackmailed, resulting in the leakage of personal data. Mr. Yau Tat-kan, Legislative Council Member for Technology and Innovation, pointed out that hacking will definitely be a problem in the future. He suggested that the government should subsidize small and medium-sized enterprises (SMEs) to strengthen their network security systems.
The Cyberpolice International Forum, organized by the Police Force, will be held for three consecutive days from today (13) The recent hacking of Cyberport has aroused public concern over cyber security. Senior police officers and cybersecurity experts from more than 40 countries or regions, including France, Australia and Israel, participated.
Cyberport is suspected to have lost more than 400 gigabytes of personal data to a hacking group last month. The data included personal names and contact details, information on employees, former employees and job applicants, and a small amount of credit card information. Cyberport said it had contacted the potentially affected individuals directly and would provide them with free identity monitoring services by professional security consultants.
More than 15,000 technology crimes in Hong Kong in the first half of this year, which soared by nearly half compared with the same period last year. Police jointly organized the first "Net Hunting Campaign with Cyberbay, a start-up in cyberport network vulnerability detection. During the event, network security experts discovered a total of 197 network security vulnerabilities.
Charles Li, the former Chief Executive of Hong Kong Exchanges and Clearing Limited (HKEX), has passed away at the age of 76. He made significant contributions to the development of Hong Kong's financial and securities industry. Zhang Huafeng, former member of the Legislative Council representing the financial services sector, expressed that his death is a loss to Hong Kong's financial industry and expressed eternal remembrance for him.
The Hong Kong Monetary Authority (HKMA) has officially launched the Digital Hong Kong Dollar Pilot Project, with 16 companies selected to participate in testing across six major application scenarios. The Digital Hong Kong Dollar will serve as a bridge between traditional currency and virtual assets, primarily used for settlement of tokenized assets and international cross-border trade payments. It is expected to reduce intermediaries and transaction costs in cross-border payments.
The Hong Kong Housing Society and Cyberport held an inauguration ceremony yesterday at the new office, "Housing Society Centre," announcing the establishment of the first-ever shared workspace for property technology (PropTech) in Hong Kong. The shared workspace, named Smart-Space PropTech, is located in the northern metropolitan area and has already accommodated 13 start-ups since July. These start-ups will develop innovative PropTech products and solutions and conduct concept verification and testing. This project marks the first initiative in the northern metropolitan area concerning the development of property technology.