Technology Crime Division
 

Introduction to Technology Crime and Prevention Tips

The rapid development and global utilization of new technology have not just brought revolutionary changes to our daily lives, but also provide a platform for the commission of a new type of crime, commonly known as technology crime or computer crime.

This page outlines the common technology crimes encountered in our daily lives, and situations under which you may become a victim.

There are different types of criminal activities: - some are traditional crimes committed though the Internet, some use computers to commit crime whilst some crimes are targeting against computer system.

  1. Hacking (Unauthorized access, access with criminal intent)

  2. Criminal Damage

    1. Website Defacement

    2. Denial of Service Attack

    3. Spreading Virus

  3. Internet Fraud

    1. Internet shopping Fraud

    2. Online Sweepstakes, Lottery Fraud

    3. Replication of Hong Kong Mark Six Fraud

    4. Bogus Websites

    5. Internet Commercial Fraud

  4. Misuse of accounts

  5. Online Theft

    1. Abusive Use of Password (Theft of Personal Identity Number(PIN))

    2. Online Games Theft (Theft of virtual Property)

    3. Theft of Corporate Information

    4. Internet Banking

  6. Illegal Materials/Websites

    1. Internet Pornography

    2. Internet Gambling

  7. Offences relating to the use of Instant messaging tools
  1. Hacking (Unauthorized Access, Access with Criminal Intent)

    The abusive use of and unauthorized access to computer system are commonly referred to as hacking, which often involve the gaining of access by either using a number of different hacking programs to exploit the vulnerability of computer system and the abusive use of account ID or passwords. The intent of such hacking activities varies and can be summarized as follows: -

    • Browsing information on computer system for 'Fun'
    • Misuse of computer system to launch further cyber attacks
    • Disruption or destruction of computer data and file
    • Obtaining sensitive information such as personal data, passwords, credit card account etc. to commit further offences such as Internet Banking Theft, Internet Shopping Fraud and various other scams using the stolen password (identity).
    • Carrying out other illegal activities on the compromised network or computer systems
    • And MORE........

    Most hacking activities encountered are unsophisticated and often involving young persons. They are unaware of the implications of their illegal activities or unconcerned about the consequences of their actions. The hacking tools used by them can be easily found or downloaded from the Internet. Most of the time they are doing the hacking for fun and are causing minor damage.

    To date, there is little evidence to suggest that organized criminals are using hackers in support of their criminal activities in Hong Kong.

    Hackers are able to attack computer networks because they are riddled with security vulnerabilities on the system. In fact, security vulnerabilities are existed in many computer systems and the Internet. Hackers are making use of these vulnerable features to launch their attacks. Nonetheless, the Internet has been used as a global information and communication backbone because of the extensive uses and user friendly technology, security awareness of the Internet users has to be increased.

    There is no simple solution to deter hacking activity. Viable solutions to avoid such illegal activities involve a combination of measures ranging from the technological set-up of a system ( such as firewalls, intrusion detection system, virus detection software, etc.), physical security and incident response procedures, and high security awareness.

    In view of the fact that there is a high proportion of young persons involvement, crime prevention and education focusing at young people is one of the priorities of Hong Kong Police.

    Laws against Hacking

    There are two offences under the laws of Hong Kong aiming at "Hacking" activities:-

    Safety Tips

    • Install a personal firewall & Intrusion Detection System
    • Upgrade anti-virus protection frequently,
    • Upgrade operating systems and applications files frequently using the security patches provided by the develop
    • Back up critical data files regularly
    • Use secure password and change regularly
    • Scan all e-mail attachments for virus before opening them
    • Do not give out personal information to any caller or e-mail recipient unless you know them or trust the company they represent
    • Monitor the activities of all underage computer users and teach them how to avoid security breaches
    • Shred all paper files, bills, correspondence and personal documents before placing them in the trash for disposal
    • Do not use pirated software or software from untrusted sources
    • Never play with hacking tools

  2. Criminal Damage

    The abusive use of a computer or system rendering it to perform function that is not what it has been designed originally to perform by its owner amounts to the offence of criminal damaging of a computer system, besides the physical sense of causing actual damage. A number of different programs are written by hackers with the intent of disruption or destruction of computer data and files. There are three most commonly encountered malicious programs - computer viruses, Trojan horses and logic bombs. The common types of attack are introduced in the following paragraphs.

    1. Website Defacement

      Website defacement refers to the change of the content (usually the front/main page) of a web site with some messages by hacker or by virus.

    2. Denial of Service Attack

      Denial of service attacks (DoS) use a networked computer or computers to bombard another networked computer or server communication traffic with the intention of disrupting or rendering the latter inoperable, or enabling unauthorized access. Such attacks often result in significant financial loss as a result of down time, damage to computer systems, and loss of reputation.

    3. Spreading Virus

      Computer viruses get their name from their biological counterparts, true Viruses. While a true virus replicates itself within a host species with variable impacts, a computer virus is "a specific type of malicious computer code that replicates itself or inserts copies or new versions of itself in other programs when executed within the infected program. The virus can manifest itself in several ways including signs on the screen regarding its existence, erasure of memory or destruction of hard drive contents. Viruses can be written for all platforms, including PC, Macintosh and UNIX. Estimates of the total number of computer viruses vary dramatically.

    Laws against Criminal Damage

    Safety Tips

    • Use anti-virus software with frequent updates.
    • Scan floppy disks, compact disks and other storage media, especially those of unknown sources, before use.
    • Consider security measures like Personal Firewall and Intrusion Detection System to protect your computer if it has a broadband connection to the Internet.
    • Apply updates and patches to your computer to fix known security vulnerabilities.
    • Do regular back-ups of your system and data and store it securely. Recovery from backup is the most secure and effective way to recover the lost data.
    • Do install software according to installation instructions.
    • Don't use illegal software and programs or those from untrustworthy or doubtful sources

  3. Internet Fraud

    The Internet offers a global marketplace for individuals and businesses. At the same time, Criminals also recognize the potentials of cyberspace. The same scams that have been conducted by mail and phone can now be found on Internet and in email, and new cyberscams are emerging. It's sometimes hard to tell the difference between reputable online sellers and criminals who use the Internet to rob people. You can protect yourself by learning how to recognize the danger signs of fraud. If you are a victim or attempted victim of Internet fraud, it's important to report the scam quickly so that law enforcement agencies can shut the fraudulent operations down. The followings are the common type of on-line frauds you may encounter:

    • Internet Shopping/Auction Fraud

      The Internet is open 24 hours a day, seven days a week and offers shopping that can be just convenience as a supermarket or mail orders if you buy from a responsible and reputable business over a secure web-server. Your credit card information is protected by encryption during transmission and cannot be seen by anyone ¡V not even the seller in some cases. But it is important that you know who you're conducting business with, what security features they offer, their privacy policy, and their return or refund procedure. Criminals are making use of the convenient shopping business to exploit their victims. Many victims pay their money in e-auction but cannot get what they have purchased. On the other hand, e-shop operators have failed to receive the money after they have delivered their goods as criminals are using either forged or stolen payment cards to settle their purchases.

      Safety Tips

      • Do check the terms and disclaimers of an e-shopping site before acquiring its service, e.g. check statements for personal privacy.
      • Do choose e-shopping sites of providing well-known or trusted services.
      • Do notice key measures on providing information or making purchasing on a web site:
        • Informed consent on personal information
        • Seals of Approval applied (e.g. TRUSTe or WebTrust)
      • Do check security of e-commerce website before submitting personal information and transaction (e.g. SSL, https, lock icon in browser, the issuing authority of certificate)
      • Do apply for a Digital Certificate for electronic transactions
      • Do consider using Encryption to protect sensitive data transmitted over public networks and the Internet.
      • Do keep transaction records. Most e-commerce sites present you with a summary of your transaction before you click a Send or Buy button. Print this out or save it as a file to refer to later if necessary.
      • Do avoid submitting any data that is irrelevant for the purposes for which it is being collected. Be particularly cautious if asked for personal information, such as credit card or bank account numbers.
      • Do be alert to the latest news on sites that are famous for suspicious or labeled as "bad sites".
      • Don't download data from doubtful sources.
      • Don't try to visit untrustworthy sites out of curiosity
      • Don't forget to check the privacy policy of a web site, ensuring that the personal data you provided is properly used and protected.

    • Online Sweepstake, Lottery Fraud

      From time to time, you might receive e-mails telling you that you have won a grand prize and in order to claim the prize, you have to pay a fee. Of course, this is all part of a scam. It is most likely that after you pay the fee, you will never hear from the scammer again. There are also fraudulent lottery websites charging people fees to be members offering them "sure win" tips for betting on various lottery or sweepstake games and these are scammers too. After a certain period, the website will disappear.

      Safety Tips

      • "Sure Win" tips on betting do not exist. It's a common scam for a company to suggest that your chances will be better if you make a purchase.
      • Never pay to play. Fraudulent companies will require you to buy something or pay a fee in order to win or claim a prize.
      • Be cautious about emails for contests and sweepstakes. Many unsolicited emails are fraudulent.
      • Guard your credit card and bank account numbers.
      • Watch out for imposters. Some con artists use company names that are identical or very similar to well-known, legitimate operators such as the Hong Kong Jockey Club. Tell them that you'll get back to them and contact the real companies to ask if there is any connection.
      • Get all the details. Legitimate sweepstakes companies will tell you exactly how the contest works, including the odds of winning, the value of the prizes, the date that the contest ends, and how you can find out who won.

    • Replication of Hong Kong Mark Six Fraud

      It has come to the Police attention that some websites are making use of the Hong Kong Mark SIX Lottery and claiming to have tips to win the Mark SIX. They invite members of the public to join them as members charging large sums of membership fees for providing the Hong Kong Mark Six lottery analysis and predicting ¡§sure win¡¨ results. Some websites even claim that the lottery itself is controlled by technology thus controlling the result in which the said websites claim that they could provide.

      The Hong Kong Jockey Club confirmed that they have received reports of similar scams filed by members of public. The said activities are in no way connected to the official organizations promoting the Hong Kong Mark SIX Lottery.

    • Bogus Websites

      There exist on the Internet many bogus sites which are very cleverly designed to look like the real website. They even use very similar domain names as the genuine websites. The main purpose of these websites is to make you believe that they are either the original company /organization or subsidiaries with a view to deceiving you to join in their bogus business.

      Examples are bogus cyber banks and investment house in which culprits created the websites with features of a mix of legitimate text and logo taken from a genuine website, say a bank. Then solicit potential victims throughout the world by e-mail and letters offered bank accounts and service similar to those of a legitimate bank. These banks may be used by culprits as a mean of added creditability in order to lure their victims to join into the plots. Again once money has been paid into any investment plan or service, the cyber bank will disappear.

      Safety Tips

    • Internet Commercial Fraud

      Use of the Internet for the sale of a wide range of services or products is an effective and legitimate marketing tool for any businesses. However, criminals have also making use of these opportunities to organize their plots. Scammers use the same techniques as legitimate companies, but hide behind the anonymity of the Internet to deceive their victims. They either advertise their service or products via the Internet, but using anonymous or false registration information. Once they obtain the trust from their victims, they would require the victims in paying down payments and afterwards disappear and would never deliver the promised service or products.

      Another type of fraud commonly encountered in the Internet is the '419' advance fee fraud in which culprits (usually originated from some South African countries, such as Nigeria) using the benefit of the Internet to send out e-mail claiming to have a huge sum of money held in the name of a deceased person or large contract sums due for payment, which need to be move to foreign accounts but require the payment of advance fee to cover the administration or transport. Again once the advance fee has been paid, culprit will be disappeared, but there are incidents in which the victims after paying the initial sum continued to pay another sum in the belief that the huge sum promised by the culprits would be coming through.

      Safety Tips

      A few basic suggestions should help ensure that you do not fall victim to the tactics of fraudulent Internet marketers:

      • Don't believe that an e-mail with an exciting promotion or investment opportunity is trustworthy, especially if the e-mail is anonymous.
      • Don't invest or purchase a product or service without carefully checking out the investment, product, service, and the company.
      • Don't be afraid to request further documentation from the marketer so you can verify the validity of the company.
      • Don't be fooled by the promise of a valuable prize in return for a low cost purchase.
      • Don't be pressured to send money to take advantage of a "special offer or deal."
      • Don't be hurried into sending money to claim a prize that is available for only a limited period.
      • Don't disclose information about your finances, bank accounts or credit cards ( not even the credit card expiry date).
      • If you find websites which appear to be a scam, please let us know. Click here to e-mail us.


  4. Misuse of Internet Access Accounts

    It is quite common for criminals to get hold of other users' accounts on the Internet. The main purpose is to avoid billing or to act with other people's identity for different reasons, such as :

    • Abuse of Internet Service (Identity / Password Theft)
    • Abuse of Online Game Service

    In Hong Kong, the popularity of online PC games has increased tremendously over the past year, especially amongst youngsters whose security awareness on the use of Internet is relatively low. This increase in the use of Internet and the poor security awareness have lead to the increase of abusive use of the on-line game services.

    Safety Tips

    • Password Control:-
      • Do choose a password of length more than 6 characters. Mixing letters and numbers in a random manner is a good idea.
      • Do change your password periodically to prevent password hacking. Default passwords and passwords generated by others should be changed promptly.
      • Do remember to log off system when you leave or finish with the Internet in public places, such as school, library, or cafe.
      • Don't disclose your user ID or password.
      • Don't share account with others.
      • Don't use your personal information for your password, e.g. your name, address, birthday, etc.
      • Don't give away your user ID or password when completing an on-line form.
      • Don't store your password in the browser, or leave it around, in particular near the computer.
      • Don't reuse passwords.
    • You can't be sure what your kids and their friends are doing. This is very important if you are using Internet banking. If something goes wrong, your bank will probably not accept losses if you share your password with someone else, even if it is a family member.

  5. Online Theft

    As a result of advances in technology, stealing of information stored in computer has become an increasingly popular method for criminals to make money, such as cash in your e-banking account, on-line game tokens or points which you have attained when playing online games etc. The following criminal activities are commonly encountered:

    • Abusive Use of Password (Theft of Personal Identity Number(PIN))

      Identity theft involves stealing or hijacking of the Internet identity (password) of another person - or in some cases of a business ¡V for the purpose of illegal use of Internet service or to impersonate for commission of other crimes.

      Besides, the thief of password, especially for those who use one password for all their Internet services, can lead to the taking over of the victim's financial accounts, open new bank accounts, transfer bank balances, apply for loans, credit cards and other services, purchase vehicles, take luxury vacations, which leads to various offences such as fraud, theft and others.

      Safety Tips

      Review and remember the following points to avoid becoming an easy target:

      • Sign all credit cards when you receive them
      • Never loan your credit cards to anyone
      • Cancel credit cards you do not use and keep a list of the ones you use regularly
      • Immediately report lost or stolen credit cards and any discrepancies in your monthly statements to the issuing credit card company
      • Never leave receipts at bank machines, bank wickets, in trashcans, or at unattended gasoline pumps; ensure you destroy paperwork you no longer need
      • Never provide personal information such as SIN, date of birth, credit card numbers, or PIN over the telephone unless you initiate the call
      • Remove mail from your ¡¥secure' mailbox after delivery and do not leave pieces of mail lying around your residence or work site
      • Shred or otherwise destroy pre-approved credit card applications, credit card receipts, bills and related information when no longer needed
      • Avoid keeping a written record of your bank PIN number(s) and other passwords, and never keep this information in your wallet or hand bag

    • Online Games Theft (Theft of virtual Property)

      In Hong Kong, the popularity of online PC games has increased tremendously over the past year, especially amongst youngsters whose security awareness on the use of Internet is relatively low. Many of the games offer virtual weapons which can be purchased by players. The higher level you attained in the game with your virtual weapon, the more monetary value your weapon is worth.

      Recently, there are increasing number of complaints regarding virtual weapons being stolen from online game players' account. Some complaints also refer to online gaming accounts being misused thus accumulating large sums to the victims' monthly bills. From the Police's enquiry, there are several ways in which the culprits could have stolen the virtual weapons or misuse the accounts:-

      • Social Engineering - victims could have revealed their user ID or passwords to their online game partners or even to close friends thus allowing their accounts to be abused by the culprits
      • Plug-ins - Some victims revealed that they have downloaded plug-in programs for online games so that the game can be set at "auto play" mode. These plug-ins are often downloaded from unknown sources and some may contain hacking program such as Trojan Horse.

      Safety Tips

    • Theft of Corporate Information

      The advance of technology has created a paperless environment in most offices with most of the corporate information such as staff details, accounting information, confidential projects etc. stored in the companies computer systems. Recently, there have been complaints from employers that their ex-employees have taken corporate information when they left the company. There have also been cases where ex-employees have hacked into the companies' computer systems to look at the boss's e-mails. To prevent this from happening, implementing a set of information security policy is essential.

      Safety Tips

      • Upgrade anti-virus protection at least every two weeks
      • Classify all essential information
      • Upgrade all operating systems and applications files frequently, using the security patches provided by the developers
      • Back up all data files regularly and store the backup files in a secure location off-site
      • Provide security training for all personnel who use workstations or deal with sensitive paper files
      • Shred all sensitive paper documents (anything containing payroll, personnel, financial or corporate data) before recycling or disposing

    • Internet Banking Theft

      Since the launch of Internet banking services in Hong Kong, there have been several cases of Internet banking theft where money was stolen from victims¡¦ Internet banking account. Similar to Internet shopping, Internet banking is safe providing the end-user security is up to standard. In most of the Internet banking theft, the end-user¡¦s bank PIN or password have been stolen by the culprits through social engineering processes such as picking of bank document from letter box, victim wrote down his bank particulars with PIN in his notebook that is later lost and picked by culprit, or victim receiving phone calls from culprit claiming to be bank staff and victim disclosed his PIN to the culprit over the phone, etc. In some overseas countries, victim¡¦s computer system was being infected by Trojan Horse programs thus allowing culprits to capture the user IDs and passwords, however, this has not been surfaced in Hong Kong.

      Safety Tips

  6. Illegal Materials/Websites

    • Internet Pornography

      The Internet provides users with a wealth of information. It is both interesting and exciting to explore sites on the Internet. However, there are sites with indecent contents which are not suitable for children and young persons. Parents are slowly learning that through the Internet pornography has invaded their homes. The electronic revolution has made pornography more accessible, bringing decadent and hard-to-get images into the home. The expansion of computer databases on the Internet has provided the greatest access to sexually explicit images accessed by both adults and children. Common complaints received in relation to pornographic materials include :-

      • Access into a normal website but other windows pop up containing pornographic materials
      • Receiving anonymous e-mails containing pornographic images
      • Pornographic materials posted in newsgroups
      • Culprit uses the Internet to solicit the sale of pornographic VCD or DVD.
      • Some websites also showing child pornography.

      No matter which way you have unwilling come across the pornographic materials, it is often annoying and is harmful to your children.

      Laws relating to Pornography

      Safety Tips

    • Internet Gambling

      Same with Internet pornography, Internet gambling websites are also common over the Internet. Most common ways of unwillingly accessing these websites are either by clicking advertisement banners placed on many websites or through the junk mail which you received from the overseas gambling operator. Whichever way, it causes a great deal of annoyance and according to the Laws of Hong Kong it is illegal to place a bet over the Internet as well as promote or facilitate bookmaking.

      Laws relating to Gambling

      Safety Tips

  7. Offences relating to the use of Instant Messaging Tools

    With friends and family in other parts of the world, instant messaging (IM) is a way to rapidly communicate to people through the Internet. IM is provided by a downloadable program which communicates with a server, making it possible to converse with others who use the same service.

    IM started with ICQ in 1996. Since then, many instant messaging systems begun. The most popular today are AOL Instant Messenger, Yahoo! Messenger, MSN Instant Messenger and ICQ.

    There are a lot of features on IM programs. People can send instant messages and users can invite their friends and family to private chat rooms and engage in conversations. On the messengers, a person can send a hypertext link to another person and that person can click on it and go to the Web site. Most IM also allow users to swap images, sounds and other files. One person could download a song and transfer it to a friend¡¦s computer so that person can listen to it. Another new feature is the talk program. Using microphones, two people can hold a conversation much like on the phone

    IM/ICQ is a very useful communication tool, however, it is essential to recognise that this facility can also be abused by a criminal to make contact with users especially women and children with a view to establishing and developing a sexual relationship with them in the 'real world'.

    There has been only a handful of offences which occurred in recent years such as rape, indecent assault, unlawful sexual intercourse, robbery etc. after contact was made on the internet. The paucity of brutal incidents after contact through the internet is no consolation for the victims and their families, and the potential for harm is enormous. If you want to protect yourself and your children, due care must be taken when considering whether to meet an online friend on not.