Police investigate hacking attack on HKU polling programme

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.scmp.com/news/hong-kong/article/1266332/police-investigate-hacking-attack-hku-polling-programme

Hackers may have gained access to more than 2,000 sets of personal
data, including names, ID card numbers and phone details, in recent
attacks on University of Hong Kong computers.

Systems of the university's public opinion programme had suffered
"several illegal intrusions", a spokeswoman for the programme said. A
police report was made two days ago.

A police spokesman said: "So far, there is no sign that this incident
is related to recent reports of local computer systems being
intruded."

Whistle-blower Edward Snowden told the Post last week that Chinese
University was a target of American cyberspying.

Last month the HKU programme said it would organise the first
"deliberation day" for organisers of Occupy Central, a civil
disobedience movement aimed at achieving genuine universal suffrage
that has been widely criticised by Beijing loyalists.

The programme's spokeswoman would not say whether the names hacked
included those of the more than 700 people at the deliberation day on
June 9.

"When we first found out about the unusual activities on May 5 we did
not consider it so serious that a report to the police was needed,"
she said.

Police said the hackers could have had obtained the bank details,
e-mail and home addresses and dates of birth of more than 2,300
people.

Officers are still trying to find out how the system was hacked.
Computer records from internet service providers would be needed to
ascertain the hackers' location, as technology such as proxy servers
and springboards could have been used to hide their whereabouts.

Police are treating the case as one of accessing computers with
criminal or dishonest intent.

The public opinion programme was established in 1991. In 2001, its
head pollster Dr Robert Chung Ting-yiu claimed chief executive Tung
Chee-hwa had pressurised him to drop polls on Tung's popularity,
triggering a huge row about academic freedom and a public inquiry.

Last year an official at the central government's liaison office, Hao
Tiechuan, attacked a poll on national identity conducted by Chung's
programme and suggested some organisations "conduct surveys that serve
the interests of certain political parties".

The same programme suffered a cyberattack last year. Its mock
"universal suffrage" poll for the chief executive election recorded up
to a million hits a second shortly before the 1,193-strong Election
Committee picked Leung Chun-ying.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.