Now on Demand Ransomware Resilience & Recovery Summit - All Sessions Available
Connect with us

Hi, what are you looking for?



Anonymous Site Ramps Up ‘Doxxing’ Campaign Against HK Activists

Since her personal phone number was posted online, Hong Kong pro-democracy activist Carol Ng has received menacing calls from strangers and been bombarded with messages calling her a “cockroach”.

She is not alone.

Since her personal phone number was posted online, Hong Kong pro-democracy activist Carol Ng has received menacing calls from strangers and been bombarded with messages calling her a “cockroach”.

She is not alone.

A sophisticated and shady website called HK Leaks has ramped up its “doxxing” — where people’s personal details are published online — of Hong Kong political activists, targeting those it says have broken a sweeping new national security law.

Promoted by groups linked to the Chinese Communist Party and hosted on Russia-based servers, HK Leaks has become the most prominent doxxing site targeting democracy activists since it first emerged in 2019.

The website continues to operate despite requests last year from Hong Kong’s Privacy Commissioner to remove all personal profiles, and it has been referred to the Hong Kong Police for investigation.

Home addresses, social media profiles and telephone numbers feature alongside descriptions of individuals’ alleged “crimes”.

The website published information on at least 14 people it claims broke the security law — a charge which carries a maximum sentence of life in prison — within weeks of the legislation being imposed by Beijing on the city, an AFP investigation found.

“When it first happened I was very stressed,” Ng, chairwoman of the Hong Kong Confederation of Trade Unions, told AFP.

Advertisement. Scroll to continue reading.

“I received some phone calls and messages from ‘blue ribbon’ people on Facebook,” she said, referring to government supporters who adopted the colour because it is associated with the police.

“Every now and then, I receive a mass of WhatsApp messages, thousands of stickers. They call us cockroaches.”

“They know they will make people very scared. But I’m not afraid, because this is my freedom and I will defend my freedom,” Ng added.

– ‘Bulletproof hosting’ –

HK Leaks has so far posted the personal details of more than 2,000 people it deems guilty of various “misdeeds” — a tenfold increase in a year.

Registered on a Russian server, it is specifically designed to evade prosecution, experts say. It uses so-called bulletproof anonymous hosting — also favoured by controversial white supremacist-linked sites such as 8kun — and regularly shifts domains.

Online traffic has increased to about 230,000 annual unique page views, according to SiteWorthTraffic.

In an update since last year, the site now features a pop-up window saying “rioters have ruined the rule of law and order of society in Hong Kong”, and claims more than 2,000 police and pro-China individuals have themselves been doxxed by activists.

Prominent pro-democracy leaders Joshua Wong and Agnes Chow, co-founders of the disbanded Demosisto party, are on the site under a subsection named “Hong Kong independence rioter”, while media mogul Jimmy Lai is also listed.

Also among the 14 alleged national security law offenders to have been doxxed are well-known activists Tony Chung, Nathan Law and Ray Wong.

Chung in July became the first political figure to be arrested under the law over allegations he had promoted Hong Kong independence through Studentlocalism, a group he co-founded in 2016.

Law, former chairman of Demosisto, fled to Britain after the national security law was passed.

Later that month, Chinese state media reported Law and Wong were among six people wanted by the Hong Kong Police on charges of “inciting session and colluding with foreign and external forces”.

Ray Wong, who was granted political refugee status in Germany in May 2018, told AFP he suspects he has been targeted as part of a harassment campaign by Hong Kong and mainland Chinese authorities.

“I am not surprised at all,” he said. “The Hong Kong government said they would try to arrest me by any means.”

Online archives suggest HK Leaks migrated to its latest Pakistani domain address in November 2019.

The site moved its domain multiple times last year, apparently in an attempt to avoid detection, analysis by AFP has found.

To date, however, no one has been charged over the doxxing campaign.

Related: Facebook, Others, Block Govt Requests on Hong Kong User Data

Related: Chinese Threat Actor Uses New MgBot Variant in Attacks on India, Hong Kong

Related: Chinese Hackers Target Hong Kong Universities With New Backdoor Variant

Related: Spyware Delivered to iPhone Users in Hong Kong Via iOS Exploits

Written By

AFP 2023

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Bill Dunnion has joined telecommunications giant Mitel as Chief Information Security Officer.

MSSP Dataprise has appointed Nima Khamooshi as Vice President of Cybersecurity.

Backup and recovery firm Keepit has hired Kim Larsen as CISO.

More People On The Move

Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.