By Kenneth Chow
Article in the same section: Netcops

Computer hacking crimes are getting more serious in Hong Kong. The number of crimes increased dramatically from four in 1995 to 138 in the first eight months of 1999.

Mr. Paul A. Jackson, senior inspector in the Police Computer Security Unit, said criminals can be categorized into three main types. "A large proportion of them are teenagers aged between 15 to 18. They just want to demonstrate their computer skills to their peers," said Inspector Jackson.

A teenage hacker who refused to disclose his name said that his intentions were to test his computer skills and obtain some useful files from other computers. He said that hacking skills could easily be mastered, as there are many web sites and books on the subject.

"I just need to send programmes downloaded from hackers' web sites to the targets through ICQ. Then I will be able to get all the information stored in their computers,' he said.

Inspector Jackson said the second type of hackers are those who hack for financial benefits. They are more skillful.

"They are interested in financial information like credit card details of Internet shoppers and confidential plans of listed companies which will affect the stock market." Hackers can also send offensive e-mails to companies using the target's computer systems.

I"In this sense, the targeted company may suffer a huge loss due to those insulting e-mails and messages," he said. "Some hackers are also motivated by boredom. They may also feel socially isolated," he said.

"For this type of criminal, they would like to challenge important organizations like the FBI by sending embarrassing messages to their confidential files." Inspector Jackson said there are two common methods used by unskilled hackers.

The first one is social engineering skills. This is adopted by those with no computer knowledge.

They just ring up big companies and claim that they are from the technical support department for network maintenance.

"They will then ask for login ID and passwords for locating the network problems," said he.

Generally, most people will not be aware that they are hackers and give them the password and login ID.

The second method is to access other computers by hacking their dial-up account passwords. He said, "there are many web sites containing programmes for hackers. After downloading the programmes, hackers are capable of hacking the passwords of individual computers or computer systems.

Login IDs can easily be obtained as they are mostly the first part of the e-mail address, said Inspector Jackson.

Inspector Jackson said that since the censorship over the Net is not strict in Hong Kong, hacking cannot be easily prevented.

"Unless you have installed monitoring software, it is difficult for individuals to detect whether they are being hacked," said Inspector Jackson.

He said that reports from big companies involving computer-hacking crimes are also rare. Even though computer systems are being hacked, big corporations are not willing to report such cases as they want to protect their images.

"Their reputation is very important. In case their computer systems are being hacked, they employ specialists to cover up the problem," Inspector Jackson said. For those Internet shopping service providers "business-to-consumer e-commerce, "computer security is an even more important issue.

"For security purposes, Internet shopping companies use encryption software like SET (Secure Electronic Technician) to encode customer information like delivery address and credit card information."

"Therefore it will take hackers longer time to decode the information," Inspector Jackson said.

How to guard against hackers

Besides, there are some programmes like FIREWALL that help users check what is in and out from the computer to prevent hackers from obtaining information.

The most common types of software systems used by companies in Hong Kong include Windows NT, Novell, Linux and Sun Solaris.


There are some intrusion detection programs available for users on the market like ISS and AXENT to help users detect abnormal activity in their computers.
ICQ users should watch out for hackers

"O-oh!" To many, the sound of ICQ is music. ICQ, meaning "I Seek You" has become a popular way of Internet communication in the past few years.

ICQ is a computer programme through which users can chat, send files or even talk real time. But sometimes, it can be a disaster.

According to Miss Vivian Lau, a university student from Hong Kong, a bad experience on ICQ has made her less reliant on the software.

"I got over 300 messages at the same time. All from people I don't know," said Miss Lau. ICQ bombing was a simple way to play a trick on somebody or making others' life miserable.

The purpose of bombing is to overload the ICQ account of a particular person so that he or she can't receive any message from others.

Clearing messages is tedious and time-consuming.

ICQ users are vulnerable to such attacks because their IP addresses are highly accessible. A lot of web pages teach people how to bomb others' ICQ or e-mail accounts.

Even novices know how to do it.

Miss Lau said although the bombing upsets her, she is grateful that no more harm was done to her computer.

"I have a friend whose computer was hacked into through ICQ and lost a lot of data," she said.

Miss Lau wondered if there is any legislation to protect Internet users from such indecent activities.

"I feel very insecure when using my computer. I tend to rely less on it now," said she.


All Rights Reserved