Stolen Personal Data Found On Seized HK Servers

Police say they’ve seized servers containing intimate pictures and private information on more than 500 people around the world as part of a major international operation against hacking.

Officers say none of the victims were in Hong Kong and the suspected perpetrators are also outside the SAR, but that the case underlines the increasing risk of malicious software being used to target smartphones.

Acting on information from Interpol, the force’s Cyber Security and Technology Crime Bureau took control of 192 servers between February and December.

"During our investigation, it was found that the local servers contained a large [number] of victim's photos stolen from their mobile phone's album. Some of the photos contain intimate, personal parts, identity cards, bank cards [and] login credentials," said Fan Chun-yip, a superintendent in the bureau.

Fan said the information was collected worldwide using some 563 malicious apps disguised as legitimate software and downloaded by users.

The superintendent added that the force had, for the first time, been able to seize the dashboard software used by the hackers, which showed how the personal data was distributed to servers worldwide.

The information has been passed on to Interpol. It’s not yet clear how the hackers had intended to use it, but Fan said there were several possibilities.

"Together with the stolen phone book, scammers could blackmail the victim by sending the photos to their friends or family,” Fan said.

“And the confidential information contained in the photos could be further used by the scammers to impersonate the victim themselves and cause further monetary loss by logging in to their online bank or social media accounts."

While no Hong Kong people were among the targets this time, Fan said criminals were increasingly targeting smartphones, and users should be aware of the risks.

"I would advise the user to patch up the system regularly and install antivirus software, and closely observe whether there is any abnormal data usage or battery usage,” Fan said, adding that operators of data centres also had a responsibility to be aware of how their servers were being used.

He said people could visit the bureau’s "Scameter", at the website CyberDefender.hk, where they can check whether a particular web address, phone number or account detail was suspicious.

Fan also cautioned against “jailbreaking” smartphones, a process in which a user removes software restrictions put in place by manufacturers, and urged people to download software only from official platforms and sites.