China is hacking to hunt its minorities far and wide
Advertisement
SAN FRANCISCO – China, state-sponsored hackers have drastically changed their way of working over the past three years. They have replaced the previous purpose with selectivity and show a new determination of Beijing to push its surveillance state beyond its borders.
The government has put significant resources into transformation, which is part of a reorganization of the National People, Liberation Army initiated by President Xi Jinping in 2016, security researchers and intelligence officials said.
China, hackers have since built up a new arsenal of techniques, such as sophisticated hacks of iPhone and Android software that goes beyond e-mail attacks and other, more basic tactics they had previously used.
The primary targets for these sophisticated attacks: China, ethnic minorities and their diaspora in other countries, the researchers said. In several cases, hackers have been targeting the cell phones of a minority known as Uighurs, whose home region of Xinjiang has seen a tremendous increase in surveillance technology in recent years.
,quot;The Chinese use their best resources against their own people because they are the most afraid of them,,quot; said James A. Lewis, a former US government official who writes about cybersecurity and espionage for the Center for Strategic Studies in Washington , ,quot;Then they turn those tools over to foreign targets.,quot;
China, willingness to increase its coverage and censorship was revealed after a National Basketball Association Houston Rockets manager tweeted support for demonstrators in Hong Kong this month. The reaction from China was fast and threatened a number of business relationships of the N.B.A. forged in the country.
In August, Facebook and Twitter said they had launched a large network of Chinese bots spreading disinformation about the protests. And in recent weeks, a security firm has attributed a month-long attack on Hong Kong media companies to Chinese hackers. Security experts say that Chinese hackers are very likely to target protesters,#39; phones, but have yet to release evidence.
Some security researchers said that the improved capabilities of Chinese hackers equated them with elite Russian cyber units. And the attacks on Uyghur cell phones gave a rare glimpse of China, most advanced hacking tools used to silence or punish critics.
Google researchers tracking the attacks on iPhones said details of the software bugs the hackers had committed would have cost tens of millions of dollars on black market sites selling information about software vulnerabilities.
On the streets of Xinjiang, a variety of high-end surveillance cameras use facial recognition software to identify and track people. Specially designed apps were used to check the Uyghur phones, monitor their communications and register their whereabouts.
Getting access to the Uyghur phones that fled China – a diaspora that was increasingly locked away at home – would be a logical extension of all this monitoring effort. Such communities in other countries have long been a concern to Beijing, and many in Xinjiang have been sent to camp because relatives have traveled or live abroad.
The Chinese police have also made less sophisticated efforts to control escaped Uighurs. With the chat app WeChat they could be tempted to return home or threaten their families.
The Chinese Foreign Ministry did not respond to a request for comment. China has rejected past allegations of cyber espionage and added that it is often a target.
Security researchers recently discovered that the Chinese used National Security Agency hacking tools after appearing to be a N.S.A. Cyberattack on own systems. A few weeks ago, a Chinese security firm, Qianxin, released an analysis linking the Central Intelligence Agency with a hack of the Chinese aviation industry.
The slump in iPhones has long been considered the holy grail of cyber espionage. ,quot;If you can invade an iPhone, you have a spy phone yourself,,quot; said John Hultquist, Director of Intelligence Analysis at FireEye, a cybersecurity firm.
The F.B.I. could not do it without help during a showdown with Apple in 2016. The bureau paid more than $ 1 million to an anonymous third party to hack an iPhone used by an armed man involved in the murder of 14 people in San Bernardino, California.
Google researchers said they found that iPhone vulnerabilities were exploited to infect visitors to a number of websites. Although Google did not publish the names of the targets, Apple said they were found on about a dozen Uighur-focused websites.
,quot;You can meet a high school student from Japan who visits the site to write a research report, but you will also meet Uyghurs who have family members in China and support the cause,,quot; said Steven Adair, the president and founder of the security firm Volexity in Virginia.
The technology news site TechCrunch reported for the first time on the Uighur connection. A software update from Apple has fixed the bug.
In recent weeks, security researchers from Volexity have uncovered Chinese hacking campaigns that also exploited vulnerabilities in Google, Android software. Volexity found that several sites focused on Uyghur topics were infected with Android malware. The attacks were attributed to two Chinese hacking groups.
Since the hacks were aimed at Android and iPhone users, although Uighurs in Xinjiang usually do not use iPhones, Adair said that they were partly aimed at living abroad Uighurs.
,quot;China is expanding its digital surveillance beyond its borders,,quot; he said. ,quot;It seems like the Diaspora really is.,quot;
Another group of researchers working at the Citizen Lab of the Munk School of Global Affairs at the University of Toronto recently found an overlap that used some of the code discovered by Google and Volexity. It attacked until May the iPhones and Android phones of the Tibetans.
WhatsApp news turned on Chinese hackers who posed as New York Times reporters and representatives of Amnesty International and other organizations against the Dalai Lama, private office, members of the Tibetan Parliament, and Tibetan non-governmental organizations.
Lobsang Gyatso, the secretary of TibCERT, an organization working with Tibetan organizations on cybersecurity threats, said in an interview that the recent attacks were a notable escalation of previous Chinese surveillance attempts.
For a decade, Chinese hackers have beaten Tibetans with emails with malicious attachments, Lobsang said. If they have hacked a person, computer, they have hit all the people in the victim, address books, throwing them into the net as much as possible. But in the last three years, Mr. Lobsang said, a big change has taken place.
,quot;The recent targeting was something we have not seen in the community before,,quot; he said. ,quot;It was a huge shift in resources. They aimed at mobile phones and there was much more education. They had private telephone numbers of people, even people who were not online. They knew who they were, where their offices were and what they were doing. ,quot;
Adam Meyers, CrowdStrike, Vice President of Intelligence, said these operations are far more sophisticated than five years ago when security firms discovered that Chinese hackers were targeting the Hong Kong demonstrators in the so-called Umbrella Revolution.
At that time, Chinese hackers could only penetrate phones that had been ,quot;jailbroken,quot; or altered in any way to allow the installation of apps that were not verified by the official Apple Store. The recent attacks against the Uighurs broke into current iPhones, without giving the owner a hint.
,quot;In terms of the ranking of Chinese threats, the highest threats are domestic threats,,quot; said Lewis. ,quot;The biggest threat to the Chinese is the loss of control over their own people. But the United States is certainly number two. ,quot;
Chinese hackers have also used their improved capabilities to attack foreign government and corporate computer networks. They have targeted Internet and telecommunications companies and have broken into the computer networks of foreign technology, chemical, manufacturing and mining companies. Airbus recently said China has hacked it via a supplier.
In 2016, Mr. Xi consolidated several Army Hacking Departments under a new Strategic Support Force, similar to the United States Cyber Command, and relocated much of the country, foreign hacking operations from the Army to the more advanced Department of State Security , China, most important espionage agency.
The restructuring coincided with a slowdown in Chinese cyberattacks after Mr Xi and President Barack Obama agreed in 2015 to cease cyber espionage operations for commercial purposes.
,quot;The deal gave the Chinese the time and space to focus on professionalizing their cyber espionage capabilities,,quot; said Lewis. ,quot;We did not expect that.,quot;
According to security researchers, Chinese officials have also suppressed the moonlight of government-sponsored hackers in fundraising plans – a ,quot;corruption problem,quot;, which Mr. Xi concluded was, according to security researchers, sometimes a threat to hackers,#39; identity and tools.
As China revised its operations, security experts said it was also slowing down security research to keep advanced hacking methods in house. Chinese police have recently announced that they will enforce national laws against disclosure of security vulnerabilities, and Chinese researchers have recently been banned from participating in Western hacking conferences.
,quot;They circle the cars,,quot; said Mr. Hultquist of FireEye. ,quot;They recognize that they can use these resources to support their offensive and defensive cyber operations.,quot;
Related
Advertisement
Gloss