An IT systems expert in China was handed a suspended three-year jail term and ordered to pay a fine of 6,000 yuan (US$978) for hacking into the server of Net263 Ltd. (002467.CN) and accessing the internal communication of thousands of Chinese and overseas firms as well as some government departments, according to mainland media.
The person, identified by his surname Wang, is said to have accessed data on more than 16,000 Chinese and overseas companies and some government agencies after hacking into Net263, which claims to be the largest operator of corporate mailing systems in China.
The list of companies whose data has been accessed includes Lenovo Group Ltd. (00992.HK), AIA Group Ltd. (01299.HK), Nike Inc., McDonald’s Corp., Seiko Epson Corp. and Koninklijke Philips N.V, according to mainland newspaper The Mirror.
As for the government agencies that were affected, the China Insurance Regulatory Commission is said to figure on the list.
Wang, an expert on internet protection, has apparently told authorities that he just wanted to show off his skills and that he did not actually leak any information to others.
In August last year, technicians of Net263, while conducting a routine check, found that their server had been hacked into. Wang was found to have gained access rights to information on 16,208 companies. He is also said to have broken into two email accounts and successfully changed the parameters on one of them.
Wang told the police that he was just checking if Net263 was really secure, given the systems security breaches suffered by some major overseas websites at that time.
He added that he downloaded the information but did not share it with anyone. He is said to have captured photographic evidence of his success and sent it to colleagues — via a QQ instant messaging group — in a bid to impress them.
Zhang Xiaodan, product director of 263, said lack of protective measures on the part of the companies, rather than the hacking skills of Wang, was to be blamed for the data breach. Firms should beef up security measures though initiatives such as password encryption and protected logins, Zhang suggested.
– Contact us at [email protected]