Net loss

HK netizens must guard their privacy in an age where everyone's cross-platforming in the cloud.儲存倉 Lin Jing reports. First it was disclosures by US whistleblower Edward Snowden on the American government's massive Internet surveillance involving billions of communications, and now it's Hong Kong's privacy commissioner's office warning that the majority of mobile applications violate privacy laws by collecting data from phone users without warning — most often without them ever knowing. Whatever the scale and level of intrusion, be it global or local, both events underscore for ordinary consumers the need for user vigilance over personal electronic security. Cyber security in Hong Kong is porous, pretty much the same everywhere, but that's cold comfort for those whose bank account passwords, credit card information, other consumer accounts and personal details are stored online, like myriad daisy chains, just waiting to be unlocked and exploited by intruders. The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT), part of the Productivity Council, reported 1050 security breaches last year. It may sound insignificant, but there were only 426 reports of hacking in Hong Kong in 2011. Indications are that things are getting worse. On July 12, the Hong Kong Monetary Authority (HKMA) issued an alert about fraudulent e-mails sent to consumers from authentic-looking addresses: hkma_invoice@hkma.gov.hk and invoice@hkma.gov.hk. The authority said both were fraudulent and had no connection with HKMA. On July 17, another fraudulent website, .whgbkhk.com, was identified. The URL appears to be the official website for Wing Hang Bank Ltd (WHB), but WHB warned it was a fraud. Bogus websites continue to gull credulous netizens into revealing personal details, bank passwords and any other snippets of information fraudsters can use to rip them off. An innocent click on a fraudulent site can make consumers vulnerable to cyber attack. Social networking Lawrence Li, systems engineering manager for Symantec, a US security software company, says the Internet era has made people more willing to share personal information online, particularly on social networks. It is, after all, what the Internet is all about — sharing, communication. But the risks are huge. Personal information stored online, even e-mail addresses, become high-value commodities on the international black market, he says. "The high Internet penetration rate in Hong Kong and fast development of social networks (SNS) has put users on the spot," says Li. "While they can store their information online for easy access, hackers have easy access too." An Internet Security Threat Report by Symantec shows that social media combines two facets capable of being exploited by cyber criminals. The first is social proofing, based on the psychological principle that convinces people if their friends are doing something, it must be OK. A simple example: people are more likely to click on a message from a trusted friend on their Facebook account. But as social networking accounts are being hijacked all the time, that message from an SNS "friend" could carry a computer virus. Cases have been reported with WeChat, the instant messenger on smartphones. WeChat does have a warning system to alert users if certain links or key words related to banks or similar accounts pop up in messages. Sharing is the second issue and the foundation of social networking. If a hacker wants to take control of your accounts, he is likely to start by seeking clues from your social networking profiles. People who use birthdates, wedding anniversaries, their kids' names and other choices a hacker is likely to guess, are especially vulnerable to having their accounts hacked, losing their usernames and having passwords reset. Home addresses, and other personal details are high-value assets to identity thieves. Changing patterns Li says hackers' tactics are changing. Random attacks are out, stealing money is in. "They target servers with lots of information, such as username, bank accounts, addresses, and other private and financial information," says Li, adding that intellectual property (IP) related information can be of great value to hackers. "In the past year, we have noticed a change in top targeted industries迷你倉沙田 from finance to manufacturing. Manufacturing has more intellectual property information, such as product design and R&D." Attacks have become harder to detect, as viruses transition faster. "In earlier times, when a computer was infected by a virus, it would operate more slowly, or experience a breakdown. Hackers don't want this, because the computer owner might be alerted. Now they just watch quietly and grab confidential data when the time comes." Matthew Cheung, research director with Gartner Inc, a world leader in information technology research, says privacy protection awareness in Hong Kong is quite low. "I don't see many people paying high attention to protecting their privacy on mobile devices or when using the Internet. The situation is not improving either, when using SNS, users tend to depend on big companies or antivirus software to protect their privacy," says Cheung. Cloud era Data from InvestHK shows that the city has mobile device penetration in excess of 223 percent. Household broadband penetration is more than 86 percent, among the highest in the world. Cloud services worldwide are forecast to grow 18.5 percent in 2013 to an aggregate value of $131 billion, $20 billion more than in 2012, according to Gartner. The popularity of tablets and smartphones in Hong Kong has given users convenient access to cloud services, which allow them to store and access their documents on a remote server through any mobile devices. Li says cloud services can be complicated, as people may lose their protection under some circumstances. "It depends on how you upload your information to the cloud," says Li. "Obviously accessing important documents via public Wi-Fi is not a good choice, especially when the Wi-Fi is not authenticated." Wi-Fi remains the only channel through which mobile devices are capable of accessing e-mail accounts or other online resources. Cases have been reported of users having personal data stolen when duped into using bogus public Wi-Fi connections. He suggests users should at least use password protection for their important documents on the cloud. Failing that, they risk having their content stolen. Encryption of confidential information is also recommended, because "even if it is stolen, others will not be able to read it." Li says there is much encryption software and applications available in the app store. Users can choose those developed by well-known companies. No systems exempt There is an ongoing debate as to whether iOS, the operating system developed by Apple Inc, is more secure than the alternatives, because of better design, creating a software environment less vulnerable to attacks and virus. Apple tests and validates all applications in its app store, to prevent widespread malware infection of iOS users. While Symantec research shows that in 2012, a virus called Flashback infected over 600,000 iOS machines globally. And only 2.5 percent of all viruses target the iOS system exclusively. The remainder is designed for cross-platform attacks on operating systems, from which there is no safe haven. Li says that for better protection, users of iOS systems should avoid jailbreak, a process that can remove the limitations on devices. Jailbreak can help users to download some free software, which should be paid otherwise, from the app store. And users can change the icons of the apps as they like, or even use iPhone as a mobile USB disk. Android users should avoid rooting their smartphones with Android operating system — developed by Google — which replace normal system applications and settings on their devices. "Most importantly," says Li, "Downloading applications from unofficial App stores should be avoided because you don't know what they can do to your devices." The high Internet penetration rate in Hong Kong and fast development of social networks (SNS) has put users on the spot." Lawrence Li systems engineering manager for Symantec I don't see many people paying high attention to protecting their privacy on mobile devices or when using the Internet. The situation is not improving either, when using SNS, users tend to depend on big companies or antivirus software to protect their privacy." Matthew Cheung research director with Gartner Inc Contact the writer at linjingcd@chinadaily.com.cn 迷你倉價錢