The number of cybercrime reported cases in Hong Kong spurred 70% in 2013 to reach a total of 5,133, as compared to only 3,015 in 2012, according to the Hong Kong Police Force (HKPF).

The amount involved in these cases have also skyrocketed by 170% to reach HK$916.9 million, said Louis Lau, detective senior inspector, commercial crime bureau, technology crime division, HKPF.

At the 8th Annual Counter eCrime Operations Summit (CeCOS VIII), an event for first responder and forensic professionals, Lau shared the cybercrime situations locally and the enforcement strategy at the HKPF.

He attributed the increased cybercrime from the rising number of email scams, e-banking fraud and ransomware. These cases all fall under the category of access computer with dishonest intent. Lau said other cybercrime categories that the division handles include online-game related and e-commerce fraud.

Top cybercrimes: Email scam and MITB

"The major contributor to the lost among the reported cybercrime cases is email scam, as each case could involve as much as a million dollars," said Lau.

The number of reported email scam cases has doubled in 2013 to reach 1,153. But the percentage of local companies involved in these cases has been declining, from 37% in 2011 to 28% in 2013. He attributed the rising awareness among local business users and the effectiveness of their education programs.

Other prominent cases are e-banking fraud through Man-in-the-browser (MITB). Attackers infect the web browser and modify the e-banking transactions, diverting funds transfer from the victims' bank accounts towards the attackers. Lau said most of the victims' machines were infected by malware, which lead to the MITB attack.

He added that since most beneficiary bank accounts were overseas, it is more challenging for HKPF to trace and press charges to the account owners, as collaboration with overseas law enforcement authorities is required. For the local beneficiary bank accounts, Lau said they can often be traced and are found involved in money laundering.

Strategy for investigation

HKPF's investigation strategy is primarily based on tracking the involved bank accounts, according to Lau. He noted that HKPF has not been successful in identifying any individuals behind the DDoS attacks.

"We had more than 20 reported DDoS cases last year that involved blackmailing for money," said Lau. Since many of these cases involved the use of bank accounts in China, HKPF is working the Mainland authorities to investigate and tackle the cases. "But when criminals start to use bitcoin, it'd be more difficult for us," he added.

With the rising numbers of cybercrime, Lau said HKPF Commissioner's operation priorities in 2014 have included cyber security and technology crime. The technology crime division is also expected to be upgraded into a bureau within the year.

"These initiatives will bring us more resources and enhance collaboration with other law enforcement agencies to target technology crime," said Lau.