{"id":1831,"date":"2020-08-17T21:00:34","date_gmt":"2020-08-17T12:00:34","guid":{"rendered":"https:\/\/yuzb.net\/en\/?p=1831"},"modified":"2020-08-17T21:00:34","modified_gmt":"2020-08-17T12:00:34","slug":"chinas-software-stalked-uighurs-earlier-and-more-widely-researchers-learn","status":"publish","type":"post","link":"http:\/\/yuzb.net\/en\/2020\/08\/17\/chinas-software-stalked-uighurs-earlier-and-more-widely-researchers-learn\/","title":{"rendered":"China\u2019s Software Stalked Uighurs Earlier and More Widely, Researchers Learn"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.nytimes.com\/2020\/07\/01\/technology\/china-uighurs-hackers-malware-hackers-smartphones.html?fbclid=IwAR0kpMPj0GO2ZuIlv-qMAuW8kDJKPZyP4xma2Bj_ZbGt1mPy9endITe7gO8\">https:\/\/www.nytimes.com\/2020\/07\/01\/technology\/china-uighurs-hackers-malware-hackers-smartphones.html?fbclid=IwAR0kpMPj0GO2ZuIlv-qMAuW8kDJKPZyP4xma2Bj_ZbGt1mPy9endITe7gO8<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><br>A new report revealed a broad campaign that targeted Muslims in China and their diaspora in other countries, beginning as early as 2013.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">TAIPEI, Taiwan \u2014 Before the Chinese police hung high-powered surveillance cameras and&nbsp;<a href=\"https:\/\/www.nytimes.com\/2019\/08\/31\/world\/asia\/xinjiang-china-uighurs-prisons.html\">locked up<\/a>&nbsp;ethnic minorities&nbsp;<a href=\"https:\/\/apnews.com\/269b3de1af34e17c1941a514f78d764c\" rel=\"noreferrer noopener\" target=\"_blank\">by the hundreds of thousands<\/a>&nbsp;in China\u2019s western region of Xinjiang, China\u2019s hackers went to work building malware, researchers say.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The Chinese hacking campaign, which researchers at Lookout \u2014 the San Francisco mobile security firm \u2014 said on Wednesday had begun in earnest as far back as 2013 and continues to this day, was part of a broad but often invisible effort to pull in data from the devices that know people best: their smartphones.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Lookout found links between eight types of malicious software \u2014 some previously known, others not \u2014 that show how groups connected to China\u2019s government hacked into Android phones used by Xinjiang\u2019s largely Muslim&nbsp;<a href=\"https:\/\/www.nytimes.com\/2020\/07\/06\/world\/asia\/china-xinjiang-uighur-court.html\">Uighur<\/a>&nbsp;population on a scale far larger than had been realized.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The timeline suggests the hacking campaign was an early cornerstone in China\u2019s&nbsp;<a href=\"https:\/\/www.nytimes.com\/2019\/05\/22\/world\/asia\/china-surveillance-xinjiang.html\">Uighur surveillance efforts<\/a>&nbsp;that would later extend to collecting&nbsp;<a href=\"https:\/\/www.nytimes.com\/2019\/02\/21\/business\/china-xinjiang-uighur-dna-thermo-fisher.html\">blood samples<\/a>, voice prints,&nbsp;<a href=\"https:\/\/www.nytimes.com\/2019\/12\/03\/business\/china-dna-uighurs-xinjiang.html\">facial scans<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/www.nytimes.com\/2019\/12\/17\/technology\/china-surveillance.html\">other personal data<\/a>&nbsp;to transform Xinjiang into a&nbsp;<a href=\"https:\/\/www.nytimes.com\/2018\/09\/08\/world\/asia\/china-uighur-muslim-detention-camp.html\">virtual police state<\/a>. It also shows the lengths to which China\u2019s minders were determined to follow Uighurs as they&nbsp;<a href=\"https:\/\/www.dw.com\/en\/how-china-intimidates-uighurs-abroad-by-threatening-their-families\/a-49554977\" rel=\"noreferrer noopener\" target=\"_blank\">fled China<\/a>&nbsp;for as many as 15 other countries.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The tools the hackers assembled hid in special keyboards used by Uighurs and disguised themselves as commonly used apps in third-party websites. Some could remotely turn on a phone\u2019s microphone, record calls or export photos, phone locations and conversations on chat apps. Others were embedded in apps that hosted Uighur-language news, Uighur-targeted beauty tips, religious texts like the Quran and details of the latest Muslim cleric arrests.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u201cWherever China\u2019s Uighurs are going, however far they go, whether it was Turkey, Indonesia or Syria, the malware followed them there,\u201d said Apurva Kumar, a threat intelligence engineer at Lookout who helped&nbsp;<a href=\"https:\/\/blog.lookout.com\/multiyear-surveillance-campaigns-discovered-targeting-uyghurs\" rel=\"noreferrer noopener\" target=\"_blank\">unravel the campaign<\/a>. \u201cIt was like watching a predator stalk its prey throughout the world.\u201d<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Thanks for reading The Times.<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.nytimes.com\/subscription?campaignId=9YLQH\" target=\"_blank\" rel=\"noreferrer noopener\">Subscribe to The Times<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A decade ago, the People\u2019s Liberation Army\u2019s hackers were notable not so much for their sophistication as for the volume of their attacks. But under threat of American sanctions, President Xi Jinping of China struck an agreement with President Barack Obama in 2015 to cease hacking American targets for commercial gain. The agreement stuck&nbsp;<a href=\"https:\/\/www.nytimes.com\/2016\/06\/21\/us\/politics\/china-us-cyber-spying.html\">for a time<\/a>, with a significant drop in&nbsp;<a href=\"https:\/\/www.nytimes.com\/2016\/06\/21\/us\/politics\/china-us-cyber-spying.html\">Chinese hacks<\/a>&nbsp;in the United States.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Last fall, private researchers determined that \u2014 over that same period \u2014 China had turned its most advanced hacking tools on&nbsp;<a href=\"https:\/\/www.nytimes.com\/2019\/10\/22\/technology\/china-hackers-ethnic-minorities.html\">its own people<\/a>. In overlapping discoveries, researchers at Google, the security firm Volexity and the Citizen Lab at the University of Toronto\u2019s Munk School of Public Affairs separately uncovered what amounted to an advanced Chinese hack against iPhones and Android phones belonging to Chinese Uighurs and Tibetans throughout the world.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/static01.nyt.com\/images\/2020\/06\/23\/business\/00china-hack-02\/00china-hack-02-articleLarge.jpg?quality=75&amp;auto=webp&amp;disable=upscale\" alt=\"A security checkpoint equipped with facial recognition technology at the entrance of a park in Xinjiang.\"\/><figcaption>A security checkpoint equipped with facial recognition technology at the entrance of a park in Xinjiang.Credit&#8230;Gilles Sabri\u00e9 for The New York Times<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Google\u2019s researchers discovered that hackers had infected websites frequented by Uighurs \u2014 inside China and in other countries \u2014 with tools that could hack their iPhones and siphon off their data.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Lookout\u2019s latest analysis suggests that China\u2019s mobile hacking campaign was broader and more aggressive than security experts, human rights activists and spyware victims had realized. But experts on Chinese surveillance say it should come as no surprise, given the lengths to which Beijing has gone to monitor Xinjiang.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u201cWe should think about smartphone surveillance being used as a way to track people\u2019s inner life, their everyday behavior, their trustworthiness,\u201d said Darren Byler, who studies surveillance of minority populations at the University of Colorado, Boulder.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In 2015, as Beijing pushed to crack down on sporadic ethnic violence in Xinjiang, the authorities grew \u201cdesperate\u201d to track fast-growing Uighur communications online, Mr. Byler said. Uighurs began to fear that their online chats discussing Islam or politics were risky. Savvier Uighurs took to owning a second \u201cclean phone,\u201d said Mr. Byler, who lived in Xinjiang in 2015.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">On the streets of Xinjiang, the police began confiscating Uighurs\u2019 phones. Sometimes, they returned them months later with new spyware installed. Other times, people were handed back entirely different phones. Officials visiting Uighur villages regularly recorded the serial numbers used to identify smartphones. They lined the streets with new hardware that tracked people\u2019s phones as they walked past.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The authorities dragged Uighurs off to detention camps for having two phones or an antiquated phone, arbitrarily dumping a phone, or not having a phone at all, according to&nbsp;<a href=\"https:\/\/www.nytimes.com\/2019\/05\/22\/world\/asia\/china-surveillance-xinjiang.html\">testimonials<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/www.nytimes.com\/interactive\/2019\/11\/16\/world\/asia\/china-xinjiang-documents.html\">government documents<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Over that same period, Lookout said China\u2019s mobile hacking efforts accelerated. One type of Chinese malware, known as GoldenEagle after the words hackers littered throughout their code \u2014 an apparent reference to the eagles used for hunting in Xinjiang \u2014 was used as early as 2011. But its use picked up in 2015 and 2016. Lookout uncovered more than 650 versions of GoldenEagle malware and a large number of fake Uighur apps that function as a sort of Trojan horse to spy on users\u2019 mobile communications.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The malicious apps mimicked so-called virtual private networks, which are used to set up secure web connections and view prohibited content inside China. They also targeted apps frequently used by Uighurs for shopping, video games, music streaming, adult media and travel booking, as well as specialized Uighur keyboard apps. Some offered Uighurs beauty and traditional-medicine tips. Others impersonated apps from Twitter, Facebook, QQ \u2014 the Chinese instant messaging service \u2014 and the search giant Baidu.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Once downloaded, the apps gave China\u2019s hackers a real-time window into their targets\u2019 phone activity. They also gave China\u2019s minders the ability to kill their spyware on command, including when it appeared to suck up too much battery life. In some cases, Lookout discovered that all China\u2019s hackers needed to do to get data off a target\u2019s phone was send the user an invisible text message. The malware captured a victim\u2019s data and sent it back to the attackers\u2019 phone via a text reply, then deleted any trace of the exchange.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In June 2019, Lookout uncovered Chinese malware buried in an app called Syrian News. The content was Uighur focused, suggesting China was trying to bait Uighurs inside Syria into downloading their malware. That Beijing\u2019s hackers would track Uighurs to Syria gave Lookout\u2019s researchers a window into Chinese anxiety over&nbsp;<a href=\"https:\/\/apnews.com\/79d6a427b26f4eeab226571956dd256e\/AP-Exclusive:-Uighurs-fighting-in-Syria-take-aim-at-China\" rel=\"noreferrer noopener\" target=\"_blank\">Uighur involvement<\/a>&nbsp;in the Syrian civil war. Lookout\u2019s researchers found similarly malicious apps tailored to Uighurs in Kuwait, Turkey, Indonesia, Malaysia, Afghanistan and Pakistan.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Researchers at other security research groups, like Citizen Lab, had previously uncovered various pieces of China\u2019s mobile hacking campaign and linked them back to Chinese state hackers. However, Lookout\u2019s new report appears to be the first time researchers were able to piece these older campaigns with new mobile malware and tie them to the same groups.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u201cJust how far removed the state is from these operations is always the open question,\u201d said Christoph Hebeisen, Lookout\u2019s director of security intelligence. \u201cIt could be that these are patriotic hackers, like the kind we have seen in Russia. But the targeting of Uighurs, Tibetans, the diaspora and even Daesh, in one case, suggests otherwise,\u201d he added, using another term for the Islamic State.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">One clue to the attackers\u2019 identities came when Lookout\u2019s researchers found what appeared to be test versions of China\u2019s malware on several smartphones that were clustered in and around the headquarters of the Chinese defense contractor Xi\u2019an Tianhe Defense Technology.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A large supplier of defense technology, Tianhe sent employees to a major defense conference in Xinjiang in 2015 to market products that could monitor crowds. As a surveillance gold rush took over the region, Tianhe doubled down, establishing a subsidiary in Xinjiang in 2018. The company did not respond to emails requesting comment.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u201cThat could be an interesting coincidence,\u201d Mr. Hebeisen said, \u201cor it could be the smoking gun.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>https:\/\/www.nytimes.com\/2020\/07\/01\/technology\/china-uighurs-hackers-malware-hackers-smartphones.html?fbclid=IwAR0kpMPj0GO2ZuIlv-qMAuW8kDJKPZyP4xma2Bj_ZbGt1mPy9endITe7gO8 A new report revealed a broad campaign that targeted Muslims in China and their diaspora in other countries, beginning as early as 2013. TAIPEI, &hellip; <\/p>\n","protected":false},"author":1,"featured_media":1832,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[21,4,5],"class_list":["post-1831","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","tag-ethnic-cleansing-crime-against-humanity-genocide","tag-human-rights","tag-mass-detention"],"_links":{"self":[{"href":"http:\/\/yuzb.net\/en\/wp-json\/wp\/v2\/posts\/1831","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/yuzb.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/yuzb.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/yuzb.net\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/yuzb.net\/en\/wp-json\/wp\/v2\/comments?post=1831"}],"version-history":[{"count":1,"href":"http:\/\/yuzb.net\/en\/wp-json\/wp\/v2\/posts\/1831\/revisions"}],"predecessor-version":[{"id":1833,"href":"http:\/\/yuzb.net\/en\/wp-json\/wp\/v2\/posts\/1831\/revisions\/1833"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/yuzb.net\/en\/wp-json\/wp\/v2\/media\/1832"}],"wp:attachment":[{"href":"http:\/\/yuzb.net\/en\/wp-json\/wp\/v2\/media?parent=1831"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/yuzb.net\/en\/wp-json\/wp\/v2\/categories?post=1831"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/yuzb.net\/en\/wp-json\/wp\/v2\/tags?post=1831"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}