Internet security experts are warning multinational firms with offices in Hong Kong that they are not immune at all to cyber attacks originating from China, despite the apparent shared sovereignty between the Special Administrative Region (SAR) and its mainland parent. This isn’t the first time that Hong Kong has been advised to take precautions when it comes to its cyber security.
In the past, the Chinese government has often been blamed for either officially sanctioning cyber espionage attacks on foreign countries, as well as private and public organizations, or just simply turning a blind eye to financially motivated or patriotic attacks on western companies and states launched from within China.
Some internet security experts strongly believe that there is an unwritten agreement between the chinese hacking community and the authorities that these activities can continue as long as no government organizations or firms operating in China are directly affected.
But experts in the SAR have said multinationals appear to be fair game for Chinese hackers. Roy Ko, center manager of the Hong Kong Computer Emergency Response Team (HKCERT) says that his team works closely with its Chinese counterpart to pinpoint the exact location of attacks on local companies.
“Hong Kong’s overall immunity depends on our capabilities to defend ourselves, not because we’re part of China,” he argued. “We have a good communications channel in place with China’s CERT organization, so when the internet attacks come from China, we can seek their help and advice fairly quickly.”
To be sure, Ian Christofis, an acting manager for Verizon Wireless in North Asia, recently said that multinationals on the mainland were worried about intellectual property theft from malicious insiders and said that Hong Kong companies were equally in the crosshairs as well.
“On any given day, Hong Kong is just as much a target as anywhere else. Hong Kong companies should not be complacent,” he added.
And for his part, Guido Crucq, general manager of internet security solutions at Asia Pacific for data systems integrator Dimension Data, agreed strongly with that notion.
“Today, cybercriminals are into hacking for the big money, so we advised our clients that we can’t let our guard down simply because we are doing business in a location which we consider as friendly territory,” he said.
But lawmaker Samson Tam, who is a legislative councillor for IT in the SAR, preferred to play up the threat to locally-based firms from outside of China.
“Most attacks come from smaller countries or areas with much looser controls and more liberal standards, so international police force co-operation is very important,” Tam added.
“Mainly, they are financially-motivated internet attacks because we don’t have many political, cultural or religious tensions here,” he said.
At any rate, and as it’s been proven many times in the recent past, it can be frustratingly difficult for experts to accurately trace back a cyber attack to its very source.
Given its large online population, China will naturally have a sizeable number of compromised machines which either home-grown or foreign hackers can use to launch more and more internet attacks, said HK CERT’s Ko, and that’s really the very worrisome part.