Although IT crime is declining in Hong Kong, the territory’s police report a rise in financial computer crimes. In addition, company insiders commit half of all IT crimes, the police said.
As of October this year, IT crime reported in Hong Kong totalled 217 cases, representing a decrease of one-third over the same period last year. The fall is mainly attributed to a decline in the number of hacker attacks reported, according to the latest figures released by the Hong Kong Police. While criminal damage cases such as virus and online shopping fraud have seen an increase in the past 10 months, online bank theft has witnessed the most significant growth, rising from no reported incidents to eight cases this year.
According to Hilton Chan, superintendent of the newly established Technology Crime Division (TCD) of the Police’s Commercial Crime Bureau, the increase in financial crimes as opposed to general malicious attacks is a result of the current economic downturn.
In the investigation of IT crimes, the police also found that insiders pose serious threat to a company’s computer security: About half the crimes are associated with people close to the company, including disgruntled employees and other insiders with legitimate access to critical business networks.
In the United States, internal threats to data security are even higher. According to a March survey conducted by the Federal Bureau of Investigation and the U.S.-based Computer Security Institute, insiders accounted for more than 80 per cent of the cyber attacks against U.S. companies last year.
Although the recorded number of IT crimes is lower this year, IT professionals should not let down their guard.
According to Collins Leung, acting chief inspector at the TCD, many computer crimes go unreported in Hong Kong. Many companies remain reluctant to involve law enforcement in computer crime investigations for fear that publicity will hurt their firm’s reputation, he said.
As a result, one of the main charters for TCD, formally established in September, is to educate the public about IT crime, so that the division can correctly identify threats and establish policies to deal with incidents, Leung said.
Other responsibilities of the TCD include the development of accredited computer forensics, legal and technical research related to cyber policing, intelligence gathering and liaison with industry professionals and overseas law enforcement agencies.
TCD also works with local tertiary institutions, such as the Hong Kong University of Science and Technology, on programs including computer forensic examinations and digital evidence recovery, Chan said.
By year-end, a Computer Forensics Examination Laboratory will also be established in the police headquarters in Admiralty, Chan added.
James Ellerbeck contributed to this report.