Hackers from mainland China have gained unauthorised access to a Google Drive account belonging to a well-known student activist group in Hong Kong. The personal data of around 1,000 members was stolen, according to the group. One lawmaker suspects the attack was state sponsored.

Scholarism, one of the student organisations that led Hong Kong’s pro-democracy Occupy protests last year, said in a statement on Wednesday that the suspected hackers were based in Nanjing, Jiangsu Province.

A screenshot taken by the group appears to show that someone with an IP address in Jiangning District, Nanjing changed the password of Scholarism’s Google Drive account. The second password change was made by an user apparently based in Osaka, Japan.

The hackers had previously succeeded in accessing Scholarism’s Facebook account, but were immediately fended off by Scholarism members, the group said.

The personal data obtained included names, phone numbers and school names. But the stolen documents did not contain identity card numbers or home addresses.

A screenshot shows that some people with IP addresses in Nanjing, China and Osaka, Japan changed Scholarism’s password. Photo: Scholarism via Facebook.

Scholarism spokesperson Wong Ji-yuet said that it was an “orchestrated attack” and criticised hackers for using “underhand” tactics to target political opposition.

The group said that its online accounts were protected by strong passwords — with a mix of alphabetic characters, numbers and symbols — but it could not set up two-factor verification to strengthen security, as the accounts were managed by several people.

Lawmaker Charles Mok, who is helping the group liaise with IT experts, told HKFP that the hack might be state-sponsored. 

“As [Scholarism is] one of the most high profile student activists groups in Hong Kong, the [Chinese government] would want to know the inner workings of [the] organisation,” said Mok.

He urged Hong Kong police to investigate the case with mainland authorities, but said that the possibility of arresting the hackers was “very low” since the attack might be politically motivated.

Mok added that civil society groups and pan-democrats, including himself, had “long suffered from different types of fraud and attempted hacks”.

This is not the first time pro-democracy activists have been targeted by hackers. Benny Tai, HKU law professor and founder of the Occupy Central campaign, and his supervisor Johannes Chan are under internal investigation after leaked emails revealed that Tai had transferred money from anonymous donors to HKU accounts.

Tai has denied the charges and many consider both the email hack – and pro-government newspapers’ extensive coverage of the incident – to be politically motivated.

CUHK professor Chan Kin-man, who headed Occupy Central alongside Tai, has also said that he received numerous malicious emails and experienced failed hack attempts after founding the campaign. In August 2013, CUHK’s cybersecurity team advised Chan to report to police after hackers from China launched a continual attack on his email account.

Update (July 25): A police spokesperson said that the Cyber Security Bureau had not received any report relating to the incident. Police would investigate into technology crime cases reported to them, and seek assistance from overseas counterparts if required, the spokesperson said.

Ellie Ng

Ellie Ng has written for Foreign Policy, the Daily Telegraph, Global Voices Online and others.