Cyber attacks on Hong Kong universities are on the rise amid fresh fears that state-backed hackers are the main culprits, with one campus admitting that it is fighting an unprecedented number of daily intrusions.
Top security experts have warned of a noticeable rise in the number of cyberattacks on the SAR that bore the hallmarks of state-sponsored hackers.
There had been a 38 per cent rise of hacking incident reports this year, according to Hong Kong’s cybersecurity watchdog. The major increase comes from phishing incidents seeking names and data that have increased by 213 per cent over the same period last year.
The trend comes amid a fierce debate over academic freedom at the city’s universities following the controversial rejection of Professor Johannes Chan Man-mun’s appointment as pro-vice chancellor at the University of Hong Kong.
Bryce Boland, chief technology officer for Asia-Pacific at cybersecurity firm FireEye, observed “very high” and “actively targeted” attacks on local universities that he described as “quite interesting”.
He said that before the student-led Occupy protests began last September, Hong Kong had not been a major target but in the past year, the situation had changed dramatically.
“Ever since the ‘umbrella movement’ got under way, there has certainly been a big uptick in targeted attacks in Hong Kong,” Boland said. “It’s related to types of attacks coming out of China… to gain access to information.”
Boland said that FireEye’s cybersecurity analysts had examined the types of attacks on its clients and discovered that a growing trend of sophisticated attacks launched by government and criminal outfits.
According to its half-yearly report on Asia, Boland said one in two of its clients reported “advanced persistent threat” attacks such as email phishing where attempts were made to steal usernames, passwords and other sensitive information. This made Hong Kong “the most targeted nation in Asia, which is somewhat concerning,” he said.
Across Asia Pacific, one in three of FireEye’s clients reported such attacks and globally, it was just one in five.
Data experts at The Hong Kong Computer Emergency Response Team Coordination Centre echoed their concerns, saying that a handful of reports from universities contributed to a 38 per cent rise of hacking incident reports in the year to August.
Leung Siu-cheong, a senior consultant at HKCERT, said the FireEye report was consistent with the increasing reports of cyber crime. The major increase comes from phishing incidents with 1,175 incident reports, which have increased by 213 per cent over the same period last year.
Hackers accessed University of Hong Kong vice chancellor Professor Peter Mathieson’s email account several times in the past year. HKU legal academic and Occupy Central co-founder Benny Tai Yiu-ting also suffered email hacking attacks over HK$1.45 million in donations he had received. The university’s polling programme was also hacked two years ago.
Two months ago, some of Hong Kong’s major universities were allegedly the victims of a major global hack that encompassed more than 100 academic and government agencies.
Information technology sector lawmaker Charles Mok said hacking threatened universities.
“There is certainly a possible trend there and it is worrying. “It is clear from the Johannes Chan affair that political interference in our leading universities is not just a growing trend but apparently an operation already set in motion and only to be enhanced in its scope and scale.”