IT CAN BE WORSE: STUXNET (2010)
• Targeting critical infrastructure
• State-backed (American and Israeli intelligence)
• Targeting Iranian nuclear facilities
• Spread via Microsoft Windows
• Targets Siemens industrial control systems –
controlling, monitoring these systems
• Spread via malware or infiltrating
a loaded USB stick
WHO IS HE?
• Born June 21, 1983
• High school dropout
• Worked for NSA, then CIA, then employed by
subcontractor Booz Allen Hamilton, working in NSA again
• Salary: roughly US$200,000 (―took a pay cut to get back
• Lived in Hawaii before coming to Hong Kong on May
• Left Hong Kong on June 23, 2013 to Moscow, Russia
FIRST, IT WAS VERIZON…
• First revealed by the Guardian (UK), NSA granted a
court order under FISA (Foreign Intelligence
Surveillance Act) of unlimited access to obtain
Verizon phone data
• Is it ―legal‖?
AND THEN, THERE WAS PRISM
• A "clandestine mass electronic
surveillance data mining program"
since 2007, after the passage of the
―Protect America Act‖ under the
• PRISM is "the number one source of raw intelligence
used for NSA analytic reports", and it accounts for
91% of the NSA's Internet traffic acquired under FISA
section 702 authority
MORE OF SNOWDEN’S REVELATIONS
• More secret programs to be revealed…
• 4 surveillance programs (US)
• Collecting and analyzing meta data on the internet (i.e. emails)
and telecom (i.e. call logs)
• Other released programs
• Evil Olive – broadening the scope of data collecting
• Shell Trumpet – another similar program revealed
• EU and its alliance were one of the top targets
WHAT ABOUT OTHER COUNTRIES?
British – Tempora (sharing information with the US)
France – "collects signals from devices in France, and
Germany – Providing intercepted data to the NSA
Russia – SORM, another surveillance programs
SNOWDEN ON HONG KONG
• Why he chose to
come to Hong Kong?
• He told SCMP:
• Hacking into
in HK and China
• At least several
hundred times (>61,000 times globally)
• University, public officials, students, businesses
• Undersea cables
WORK IN COUNCIL
- June 15 rally
- June 19: followup on
urgent oral question;
amendment passed on
―building a safe city‖;
debate on cyber security
- Letter to CE, Security
Bureau and PCPD
- June 26 Written question
on government response
- Forum on Infosec
- July 17: Amendment on motion debate
• Seeking response from the US government
• HKSARG sent a letter to the US government on June
21 – no answer
• Concrete measures to improve information security
measures and awareness of local users and SMEs
• Revive the Interdepartmental Working Group on
Computer-Related Crime to review and propose new
• No problem, it’s all fine – ―we are not aware of any
• OGCIO’s infosec website
• Police’s Cyber Security Center
• Interdepartmental WG on cyber security? No.
• Everything is fine. Really.
• The US or other governments can
view almost everything they want
• Can we still trust the Internet and
• Brazil’s President is pushing new legislation to force
Internet providers to store data locally gathered in Brazil
• But is it practicable?
IS FISA JUST AND FAIR?
FISA (Foreign Intelligence Surveillance Act)
• Repeatedly enforced after 911 attacks
• Said to be for monitoring foreign threats in the US
• But the truth is that it allows surveillance on global
citizens, and even Americans
IS FISA JUST AND FAIR?
• The United Nations Human Rights Commission
recently discussed about regulating surveillance
technology on global citizens
• Suggest to advance international human rights
obligations on privacy
WHAT SHOULD WE DO?
• World class information security
capabilities in HK
• Highest density of CISSPs in the
• SMEs and individuals do not appreciate the importance of
• Protection from ―basic hacking‖ as a start
• Set targets to reduce botnets?
• Legal or regulatory measures?
Legislative Councilor (Information Technology)
Facebook: Charles Mok B
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.