Date
23 October 2017
FreeBuf (inset) published some vulnerabilities in CloudFlare which was used by POP to protect sensitive voter data in the June 22 mock referendum. Photos: POP, FreeBuf
FreeBuf (inset) published some vulnerabilities in CloudFlare which was used by POP to protect sensitive voter data in the June 22 mock referendum. Photos: POP, FreeBuf

Mystery calls raise voter hacking fears in referendum

Voters in the June 22 mock referendum are worried about the security of their personal data after random Hong Kong identity card numbers and mobile phone contact details surfaced on the internet.

Four people have been contacted by anonymous callers who knew their private information including their ID card numbers, Ming Pao Daily reported Friday.

The four have reported the matter to the police which have referred it to the Commercial Crime Bureau for further investigation.

A post showing how to crack CloudFlare, a data encryption software developed in the United States, came with the stolen private information on the internet.

CloudFlare was used by the Public Opinion Program (POP) of the University of Hong Kong, which provided the voting platform for the referendum, to protect sensitive data.

The POP database is thought to contain the private information of 800,000 voters.

Chan Kin-man, convenor of Occupy Central, which organized the vote, urged POP director Robert Chung to ease public concerns with a public statement.

However, Chan also said the information could have come from another source.

On Tuesday, FreeBuf, a mainland-based website published some of CloudFlare’s vulnerabilities, using the POP voting platform as an example, the report said.

POP information technology manager Jazz Ma said it is impossible for third parties to obtain information from its server.

Ma said the server and database were shut down after the voting and cannot be routinely reconnected.

However, a data security expert said POP should review the log and see if hackers had attacked the server.

– Contact us at [email protected]

AM/JP/RA

EJI Weekly Newsletter

Please click here to unsubscribe