Experts issue warnings about internet security

Phishing and smartphone apps are the new focus of computer security

Macau is vulnerable to cybercrime owing to the volume of tourists and spreading Wi-Fi coverage, information technology experts believe, and they warn IT users to be extra cautious about internet security.
“You have more than 25 million people visiting Macau annually and you cannot control all this human traffic,” University of Insubria law lecturer Giuseppe Vaciago told Business Daily yesterday.
“Ninety percent of these people are spending money and making transactions via the Internet, so there is a great problem with security issues like money laundering or fraud.”
Mr Vaciago and UN Inter-regional Crime and Justice Research Institute project officer Francesca Bosco are conducting a five-day cybercrime seminar which began here on Monday.
“I’m quite optimistic over Macau’s legal instruments, like the personal data protection law, and the expertise in dealing with it,” said Mr Vaciago.
“But open Wi-Fi can be a delicate point, especially in hotels,” he said.
“People can easily forget security principles, open the Wi-Fi and connect with banks to make payments, which would expose them to a lot of possible risks.”
Geoffroy Thonon, the principal consultant of the Macao Computer Emergency Response Team Coordination Centre, told Business Daily that phishing websites had been the main problem for organisations and individuals here.
Phishing is an attempt to acquire information by posing as a trustworthy website.
“Bank customers are targeted,” said Mr Thonon. “There is a phishing website saying, ‘Please log in or you will longer be able to access the site,’ where, indeed, the name of the user and password get hacked. This has happened quite often.”

Caution required

Users also overlooked keeping their web servers constantly up to date, Mr Thonon said.
“A lot of people have not patched their servers,” he said.
“The government sector and commercial units did keep up to date with the servers, but the dot org and the dot mo are the weak parts.”
Out-of-date web servers can be vulnerable to outsiders “taking over the administrative rights of your computer and putting up ‘phishing’ websites,” Mr Thonon said.
“We did see cases happen here in Macau before, not only those hosted overseas.”
He said he had not seen any reports of social engineering cases happening in Macau so far.
In a typical social engineering case, a hacker poses as a customer of a company to receive payments or get access to the company’s confidential information.
“We’re keeping an eye on bitcoin mining, though we haven’t seen any cases of that in Macau yet,” said Mr Thonon.
Malicious software can hijack a computer and force it solve complex mathematical problems in order to gain bitcoins, a virtual currency.
Mr Vaciago said cyberattacks via smartphone apps could be a new trend.
“Recently, in Europe, there was a case where a smartphone game app succeeded in hacking users’ personal data,” he said.
“This is the next challenge now: the perception of consumers over smartphone security or privacy protection is totally zero in some parts of the world.”