First published: 31st December 2014
If anything, 2014 emphasised that security is an ongoing battle. The year in Hong Kong started with the news that technology crime rose 70% in 2013, and the following events suggest that the statistics for 2014 will be as bad.
There have been a constant stream of phishing webpages, mostly imitating banks, hosted on poorly-secured legitimate websites. The criminals are not fussy about the websites they misuse, they have included a Hong Kong CPA and even the Thai Police. The message here is that no website is too small or unimportant to become the target of criminals; fake bank webpages have a lifespan of hours, so the attackers are constantly looking for new hosts.
Although online banking login webpages are imitated most often, scammers will try anything to get your information. Examples have included fake tax returns, fake Hong Kong Monetary Authority website, and fake Purchase Orders.
Efforts have been made in user education, with both the Hong Kong Police and the Hong Kong Monetary Authority releasing videos on recognising scams and information security. However, the design of online banking sites and procedures may be contributing to the problem.
You cannot avoid the threats by changing platform. Malicious software has been discovered for PCs, Macs, Android and IOS. Vulnerabilities have been found in a lot of very common software, with a few incidents even making headline news in the mainstream media and gaining names. Heartbleed in April affected SSL encryption software, most commonly used for securing websites. Shellshock in September affected many Unix-family systems, and, most disturbingly, turned out to have existed for over 20 years.
Whistle-blowers have an important role in warning us about problems. Worldwide, Edward Snowden and others have continued to reveal details of extensive Government surveillance programmes. On a much smaller, local scale, a leak from the Immigration Department was revealed by an anonymous whistle-blower.
Politics has been intertwined with information security, particularly in Hong Kong. The ongoing intense political debate over free elections for Hong Kong's Chief Executive have led to several incidents. In June, a massive DDoS attack targeted an online political poll. In September, a fake Android App targeted pro-democracy activists. In October, a misguided website defacement and DDoS campaign led to the arrest of 5 people. Later the same month, four pro-democracy websites were compromised and malicious code was added.
The problems of information security have never been greater. Stay safe in 2015.