News / Asia

    China Declares Cyber-war on Hong Kong Protesters

    Protesters turn on their mobile phone flashlights as they block an area outside the government headquarters building in Hong Kong Oct. 1, 2014.
    Protesters turn on their mobile phone flashlights as they block an area outside the government headquarters building in Hong Kong Oct. 1, 2014.

    Days after demonstrators in Hong Kong began filling streets protesting what they call a power grab by Beijing, the Occupy Central battles began moving online.

    Shortly thereafter, a mobile digital security firm discovered something no one had yet seen before: a Chinese-authored spyware bug specifically designed and targeted to infect protestor’s iPhones and iPads.

    Then a shadowy hacker activist group Anonymous announced what it called “full-scale war” - targeting the government of Hong Kong and others opposing the Occupy Central protests.

    “If you continue to abuse, harass or harm protesters, we will continue to deface and take every web-based asset of your government off line,” a message from the group said. “That is not a threat, it is a promise.”

    Yet despite such bluster, the cyber-battlefield here is far from equal.

    Should wider attacks between Beijing and the Occupy movement break out, it’s very likely that China – with its vast resources and experience – could overwhelm the protestors and win the online war, according to analysts.

    China's online aggression

    China is home to the world’s most prolific and talented cyber criminals, experts say.

    Akamai’s most recent “State of the Internet” report, released just last week, said that 43 percent of all Internet cyber-attacks originated from computers located in China, more than three times the volume of attacks from the next highest offender, Indonesia, at 15 percent.

    Earlier this year,  the US Justice Department indicted five Chinese army officials with 31 counts of hacking and cyber espionage – charges that Chinese officials have denied.

    “It’s no surprise, in a situation like this, to discover that there are those who wish to steal information,” said Costin Raiu, director of global research and analysis at the cyber-security firm Kaspersky Labs told VOA via email.

    “It is neither the first nor the last attack of this kind, we previously observed both targeted and cybercriminal attacks against mobile users,” he said. “This is unlikely to stop anytime soon. On the contrary, we are witnessing a steady growth of mobile malware.”

    Malware, bugs

    On the first day of the Occupy Central street protests, many in Hong Kong began to notice "Trojan Horse" messages targeting their Android mobile phones.

    Trojan Horses are malicious programs that pretend to be legitimate software, but actually carry out hidden, harmful functions.

    In and of itself, this wasn’t such an uncommon occurrence given Android’s relatively loose and open operating systems.

    But a few days later, researchers with the mobile security firm Lacoon discovered something they had never seen before: a sophisticated, cross-platform spyware bug that, if downloaded, infected nearly every part of a users’ iOS – the closed and fairly secure operating system used by Apple iPads and iPhones.

    “It was a surprise, definitely,” Michael Shaurov, CEO and co-founder of Lacoon, told VOA. “Everyone was excited and thrilled to finally find this, but basically what we believe is that this is something we’ve expected.”

    The bug, officially known as Xsser mRAT, was discovered almost by accident while Lacoon researchers were trying to dissect the more common Android trojan-horse bugs.

    After they traced the Android bugs’ command and control, or CnC, protocol, they stumbled on the iOS spyway.

    “It’s sitting in the background and basically capturing all the sensitive information – data – that one has on your iPhone,” Shaurov said. “It starts with capturing location, all the contacts, text messages, photos, call logs, and to an extent it also goes to a really sensitive place on the iPhone, the keychain. It completely compromises your device.”

    Shaurov calls Xsser “…the most polished malware for iOS that we’ve seen to date,” suggesting both that it was in the works for a while, and is not the product of a small group of criminals or hacktivists.

    Computer bugs don’t come with signatures or pedigrees, but they do provide a range of clues as to who’s behind them.

    Lacoon found that Xsser’s CnC servers were located inside China, that its program commands are in Chinese, and that it uses a Chinese anonymizing service.

    “All that leads to the conclusion which is essentially that the entity that is operating Xsser is probably Chinese state-sponsored,” Shaurov said.

    'Operation Hong Kong'

    As the number of malware bugs floating around Hong Kong increased, so, too, did threats of cyber retaliation targeting both the government of Hong Kong and the Communist Party of China in Beijing.

    So far, the threat that has garnered the most media attention was that from Anonymous.

    Calling this latest venture “Operation Hong Kong,” a branch of Anonymous released a video last week, directly threatening the government of Hong Kong with coordinated, international attacks.

    “Attacking protesters will result in releasing personal information of all of your government officials,” said a computerized voice-over on the video. “We will seize all your databases and e-mail pools and dump them on the Internet. This is your first and only warning.”

    So far, Anonymous has been able to crash the website of the “Democratic Alliance for the Betterment and Progress of Hong Kong”, a large pro-Beijing political party; an act party chairman Tam Yiu-chung decried as “outrageous.”

    Other websites have also crashed or been defaced, but so far there have been no major security breaches or large-scale data thefts reported, either in Hong Kong or Beijing.

    Analysis is spotty, but the nature of such nuisance hacks suggests there are DDoS, or “distributed denial of service”, attacks. While embarrassing, DDoS hacks are usually short-lived and pose little security risks.

    Given China’s “Great Firewall” of filtering and censorship, it’s unlikely Beijing would experience wide-scale security breaches, analysts say.

    However, much of Hong Kong – among the most digitally connected societies on Earth – remains on the other side of the Great Firewall, putting servers and data at greater risk.

    Lopsided fight

    Jason Ng, an entrepreneur and blogger with the South China Morning Post, has been spending a lot of time recently in Hong Kong’s Admiralty district, home to much of the Occupy Central protests and sit-ins.

    It was where that police deployed tear gas against demonstrators who had little more than their umbrellas to protect themselves, thus giving rise to the phrase “the Umbrella Uprising.”

    “We live on social media – Facebook, Instagram – so everything that happens, the next second it’s going to be online,” Ng said.

    Speaking with VOA, Ng told of watching hundreds of protestors, concerned about the government possibly cutting Internet or phone service, immediately gravitate to the new FireChat app.

    Traditionally, cross-border cyber-attacks have occurred online, over hard-wired ISPs and targeting computers and laptops connected to the Internet.

    But this current battle appears to be happening largely on mobile devices, analysts say.

    Hong Kong isn’t just wired to the Internet; it has one of the greatest concentrations of mobile usage anywhere.

    At present, those mobile phones and other gadgets are helping protestors get their message out and stay connected with each other.

    However, with more spyware flooding the region, those devices could be turned against the movement.

    “As soon as there’s a rumor, everyone will be talking about it,” Ng said. “People are telling each other to start saving everything they put online. In terms of awareness it’s there. But if there’s a very systematic cyber-attack on Hong Kong, we’ve never seen anything like that before.”

    Others are certain who will win.

    “It’s a non-balanced fight,” said Lacoon’s Michael Shaulov of a possible cyber showdown between Beijing and Occupy Central. “The nation-sponsored entity clearly has tools and capabilities that would be very difficult for the other party to fight against.”

    Doug Bernard

    Doug Bernard covers cyber-issues for VOA, focusing on Internet privacy, security and censorship circumvention. Previously he edited VOA’s “Digital Frontiers” blog, produced the “Daily Download” webcast and hosted “Talk to America”, for which he won the International Presenter of the Year award from the Association for International Broadcasting. He began his career at Michigan Public Radio, and has contributed to "The New York Times," the "Christian Science Monitor," SPIN and NPR, among others. You can follow him @dfrontiers.

    You May Like

    Russia Sees Brexit Impact Widespread but Temporary

    Officials, citizens react to Britain’s vote to exit European Union with mix of pleasure, understanding and concern

    Obama Encourages Entrepreneurs to Seek Global Interconnection

    President tells entrepreneurs at global summit at Stanford University to find mentors, push ahead with new ideas on day after Britain voters decide to exit EU

    Video Some US Gun Owners Support Gun Control

    Defying the stereotype, Dave Makings says he'd give up his assault rifle for a comprehensive program to reduce gun violence

    This forum has been closed.
    There are no comments in this forum. Be first and add one

    Featured Videos

    Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
    Brexit Vote Plunges Global Markets Into Unchartered Territoryi
    June 24, 2016 9:38 PM
    British voters plunged global markets into unknown territory after they voted Thursday to leave the European Union. The results of the Brexit vote, the term coined to describe the referendum, caught many off guard. Analysts say the resulting volatility could last for weeks, perhaps longer. Mil Arcega reports.

    Video Brexit Vote Plunges Global Markets Into Unchartered Territory

    British voters plunged global markets into unknown territory after they voted Thursday to leave the European Union. The results of the Brexit vote, the term coined to describe the referendum, caught many off guard. Analysts say the resulting volatility could last for weeks, perhaps longer. Mil Arcega reports.

    Video Orlando Shooting Changes Debate on Gun Control

    It’s been nearly two weeks since the largest mass shooting ever in the United States. Despite public calls for tighter gun control laws, Congress is at an impasse. Democratic lawmakers resorted to a 1960s civil rights tactic to portray their frustration. VOA’s Carolyn Presutti explains how the Orlando, Florida shooting is changing the debate.

    Video Tunisian Fishing Town Searches for Jobs, Local Development Solutions

    As the European Union tries to come to grips with its migrant crisis, some newcomers are leaving voluntarily. But those returning to their home countries face an uncertain future.  Five years after Tunisia's revolution, the tiny North African country is struggling with unrest, soaring unemployment and plummeting growth. From the southern Tunisian fishing town of Zarzis, Lisa Bryant takes a look for VOA at a search for local solutions.

    Video 'American Troops' in Russia Despite Tensions

    Historic battle re-enactment is a niche hobby with a fair number of adherents in Russia where past military victories are played-up by the Kremlin as a show of national strength. But, one group of World War II re-enactors in Moscow has the rare distinction of choosing to play western ally troops. VOA's Daniel Schearf explains.

    Video Experts: Very Few Killed in US Gun Violence Are Victims of Mass Shootings

    The deadly shooting at a Florida nightclub has reignited the debate in the U.S. over gun control. Although Congress doesn't provide government health agencies funds to study gun violence, public health experts say private research has helped them learn some things about the issue. VOA's Carol Pearson reports.

    Video Trump Unleashes Broadside Against Clinton to Try to Ease GOP Doubts

    Recent public opinion polls show Republican Donald Trump slipping behind Democrat Hillary Clinton in the presidential election matchup for November. Trump trails her both in fundraising and campaign organization, but he's intensifying his attacks on the former secretary of state. VOA National Correspondent Jim Malone reports.

    Video Muslim American Mayor Calls for Tolerance

    Syrian-born Mohamed Khairullah describes himself as "an American mayor who happens to be Muslim." As the three-term mayor of Prospect Park, New Jersey, he believes his town of 6,000 is an example of how ethnicity and religious beliefs should not determine a community's leadership. Ramon Taylor has this report from Prospect Park.

    Video Internal Rifts Over Syria Policy Could Be Headache for Next US President

    With the Obama administration showing little outward enthusiasm for adopting a more robust Syria policy, there is a strong likelihood that the internal discontent expressed by State Department employees will roll over to the next administration. VOA State Department correspondent Pam Dockins reports.

    Video Senegal to Park Colorful ‘Cars Rapide’ Permanently

    Brightly painted cars rapide are a hallmark of Dakar, offering residents a cheap way to get around the capital city since 1976. But the privately owned minibuses are scheduled to be parked for good in late 2018, as Ricci Shryock reports for VOA.

    Video Florida Gets $1 Million in Emergency Government Funding for Orlando

    The U.S. government has granted $1 million in emergency funding to the state of Florida to cover the costs linked to the June 12 massacre in Orlando. U.S. Attorney General Loretta Lynch announced the grant Tuesday in Orlando, where she met with survivors of the shooting attack that killed 49 people. Zlatica Hoke reports.

    Video How to Print Impossible Shapes with Metal

    3-D printing with metals is rapidly becoming more advanced. As printers become more affordable, the industry is partnering with universities to refine processes for manufacturing previously impossible things. A new 3-D printing lab aims to bring the new technology closer to everyday use. VOA's George Putic reports.

    Video Big Somali Community in Minnesota Observes Muslim Religious Feast

    Ramadan is widely observed in the north central US state of Minnesota, which a large Muslim community calls home. VOA Somali service reporter Mohmud Masadde files this report from Minneapolis, the state's biggest city.

    Special Report

    Adrift The Invisible African Diaspora