Consumer Council computer system was hacked, staff and subscribers personal information may have been leaked, the Consumer Council this morning (22nd) that the hackers asked to be paid before tomorrow night $ 500,000 in ransom, the incident is following the Cyberport last month announced that there was a data leakage, a public organization was hacked again. Government Chief Information Officer Wong Chi-kwong met with the media this afternoon at the Government Secretariat, said the Government is highly concerned about the successive public organizations have network security incidents, and condemnation of the crime, the Office of the Information Technology Services Branch has contacted the relevant organizations to provide technical support, the Government's mode of operation experience, etc., in order to strengthen the two organizations network security protection.
Mr. Wong Chi-kwong pointed out that each organization's computer system was different and had to work on a system-by-system basis, and that OGCIO would provide assistance and useful tools for reference. He said he had checked with the Cyberport and the Consumer Council and said that the security measures for government systems were "adequate and in place" for the time being, as government systems were now centrally managed and protected by departments.
Mr. Wong Chi-kwong pointed out that cyber security incidents occur everywhere, and reminded the public and organizations to pay more attention to information from different sources, such as emails from unknown sources, attachments or unverified websites should be careful and take precautionary measures.
As for government data, Wong Chi-kwong said there are three directions of protection. Firstly, on the technical side, most of the government systems are centrally managed in the government's private cloud system, which is accessed through a centralized Internet communication set with different firewalls, intrusion detection, 24-hour network data traffic analysis and provision of alert arrangements.
Mr. Wong Chi-kwong also pointed out that there were sufficient guidelines and technical measures to arrange segregation of departmental systems in different networks. For example, for systems involving Government's internal information systems, there would be segregation of externally accessible Internet systems, with security measures to be strengthened according to the security needs and the importance of the data, and data encryption would be provided for data protection at different levels according to the level of the system.
He pointed out that the Central Internet Communications Group (CICG) would monitor both outgoing and incoming emails, and would block emails with malicious attachments and malicious links, and label even suspicious or suspected phishing or large-scale fraudulent emails to raise the alertness of colleagues.
Secondly, in terms of the system, Mr. Wong said that there are systems and comprehensive guidelines that require strict compliance, including strict network security and privacy assessment and audit for all systems put into service, and the same audit should be done before the system is upgraded or put into service, and a new audit should be conducted after the system has been in operation for two to three years. He said that the cyber security team of OGCIO would conduct compliance audits with departments on a regular basis to ensure that they strictly adhere to the government's cyber security regulations, policies and measures.
Apart from the policy and arrangements, he said that each department had been requested to set up a computer security incident response team to liaise closely with OGCIO, and to notify the OGCIO co-ordination team immediately when an incident occurred, and when an incident occurred, the department would be requested to report it to the monitoring organizations, such as the Office of the Privacy Commissioner for Personal Data and the Cybercrime Division of the Police, and OGCIO would take the initiative to assist in the contingency and recovery work.
Wong pointed out that the third aspect was to enhance the training skills of government staff. Exercises with the Cyber Crime Division of the Police would be stepped up to strengthen the response and skills of staff in the relevant areas, and the OGCIO would regularly strengthen its liaison with national and international cyber incident response organizations to share information and technical intelligence, and to participate in regional cyber security incident drills to enhance its skills.
Mr. Wong Chi-kwong said that the Government Network Security System mainly targets government departments and systems, and requires government departments to notify within 24 hours after the occurrence of relevant incidents, including the use of Internet information by civil servants, but does not cover public and private organizations, so it does not include the Consumer Council. He emphasized that all public and private organizations had the responsibility to protect their data. He also said that organizations could seek assistance from the Computer Emergency Response Teams (CERTs) set up by OGCIO under the Health Promotion Board (HPB) if necessary.
He also said that organizations should do a good job in the aftermath of an incident and conduct a comprehensive check on the system to see what problems have occurred, and that the Government has relevant guidelines for reference.
Mr. Wong continued that the Government monitors cyber attacks 24 hours a day, but there are occasional attempts to attack government systems, which are "very common and random". He pointed out that such attacks would depend on whether the systems of individuals or organizations were lax to see whether there were opportunities to take advantage of them, and called on everyone to be vigilant and strengthen personal education, as well as to do a lot of publicity and promotion of cybersecurity.
Standard Chartered Hong Kong and Giesecke+Devrient have recently completed trials for the HKMA's Digital Hong Kong Dollar Pilot Program. These tests and experiential activities covered a range of application scenarios, including public transportation, restaurants, small businesses and university campuses.
Hang Seng Bank is one of the banks with three selected use cases, including programmable payment for merchant reward schemes and disbursement of government qualifications. Four real-world simulation tests were successfully completed in September. Over 500 simulated digital Hong Kong dollar transactions were processed.
The Hong Kong Ballet announced today (16th) that its computer network system has been hacked by ransomware, resulting in unauthorized access to its internal computer system. HKB has immediately conducted an internal investigation, hired a network security expert to assess the situation, and reported to the police and the Office of the Privacy Commissioner for Personal Data.
BOC Hong Kong has successfully overlaid smart contracts in its Digital Hong Kong Dollar application. The first phase of the trial is open to some of the Bank's staff to purchase prepaid service contracts through the BoC Pay mobile payment application. After purchasing a pre-paid service contract from a preferred participating merchant, the customer's funds will be converted into a digital Hong Kong dollar.
The first phase of the trial is open to some of the world's leading banks and financial institutions. The trial is designed to test the feasibility of using digital currency in a variety of ways. The second phase will be open to anyone who wants to take part in the trial. The third stage will be for those who want to participate in the digital currency trial.
The Cyberpolice International Forum, organized by the Police Force, will be held for three consecutive days from today (13) The recent hacking of Cyberport has aroused public concern over cyber security. Senior police officers and cybersecurity experts from more than 40 countries or regions, including France, Australia and Israel, participated.
Cyberport was hacked in mid-August, involving the theft of up to 400GB of staff data. According to the hacker's latest website, the information has been "leaked" and can be downloaded for free from the dark web. A computer security researcher criticized the Cyberport for its poor security awareness.
Cyberport is suspected to have lost more than 400 gigabytes of personal data to a hacking group last month. The data included personal names and contact details, information on employees, former employees and job applicants, and a small amount of credit card information. Cyberport said it had contacted the potentially affected individuals directly and would provide them with free identity monitoring services by professional security consultants.
Falcon Feedsio, a cyber security platform, posted on social media that Cyberport Hong Kong had been hacked. Hackers had stolen up to 400GB of personal data of Cyberport's start-up staff, including proof of identity documents. The hackers are now demanding US$300,000, equivalent to HK$2.35 million, for the information. The Office of the Privacy Commissioner for Personal Data said today (7) that it had received notification of the data leakage incident on August 18.
More than 15,000 technology crimes in Hong Kong in the first half of this year, which soared by nearly half compared with the same period last year. Police jointly organized the first "Net Hunting Campaign with Cyberbay, a start-up in cyberport network vulnerability detection. During the event, network security experts discovered a total of 197 network security vulnerabilities.
Hong Kong will allow individual retail investors to trade cryptocurrencies, including Bitcoin and Ethereum, starting from June. This move signifies an important step by the Hong Kong government towards opening up cryptocurrency trading and embracing innovation in the Web3 space. Additionally, the Hong Kong Monetary Authority has launched a pilot program for a digital Hong Kong dollar. While the underlying technology of virtual assets can address the issue of trustless automated transactions, the risks associated with them cannot be ignored, making them unsuitable as widely used payment tools or for expanding financial inclusion. Therefore, the 'digital Hong Kong dollar', backed by strong endorsement, has now garnered public attention as it will serve as a backbone linking fiat currency and virtual assets, providing necessary digital financial infrastructure for the development of Hong Kong's Web3 ecosystem and digital economy.
The Hong Kong Monetary Authority (HKMA) has officially launched the Digital Hong Kong Dollar Pilot Project, with 16 companies selected to participate in testing across six major application scenarios. The Digital Hong Kong Dollar will serve as a bridge between traditional currency and virtual assets, primarily used for settlement of tokenized assets and international cross-border trade payments. It is expected to reduce intermediaries and transaction costs in cross-border payments.