News / Asia

    China Declares Cyber-war on Hong Kong Protesters

    Protesters turn on their mobile phone flashlights as they block an area outside the government headquarters building in Hong Kong Oct. 1, 2014.
    Protesters turn on their mobile phone flashlights as they block an area outside the government headquarters building in Hong Kong Oct. 1, 2014.

    Days after demonstrators in Hong Kong began filling streets protesting what they call a power grab by Beijing, the Occupy Central battles began moving online.

    Shortly thereafter, a mobile digital security firm discovered something no one had yet seen before: a Chinese-authored spyware bug specifically designed and targeted to infect protestor’s iPhones and iPads.

    Then a shadowy hacker activist group Anonymous announced what it called “full-scale war” - targeting the government of Hong Kong and others opposing the Occupy Central protests.

    “If you continue to abuse, harass or harm protesters, we will continue to deface and take every web-based asset of your government off line,” a message from the group said. “That is not a threat, it is a promise.”

    Yet despite such bluster, the cyber-battlefield here is far from equal.

    Should wider attacks between Beijing and the Occupy movement break out, it’s very likely that China – with its vast resources and experience – could overwhelm the protestors and win the online war, according to analysts.

    China's online aggression

    China is home to the world’s most prolific and talented cyber criminals, experts say.

    Akamai’s most recent “State of the Internet” report, released just last week, said that 43 percent of all Internet cyber-attacks originated from computers located in China, more than three times the volume of attacks from the next highest offender, Indonesia, at 15 percent.

    Earlier this year,  the US Justice Department indicted five Chinese army officials with 31 counts of hacking and cyber espionage – charges that Chinese officials have denied.

    “It’s no surprise, in a situation like this, to discover that there are those who wish to steal information,” said Costin Raiu, director of global research and analysis at the cyber-security firm Kaspersky Labs told VOA via email.

    “It is neither the first nor the last attack of this kind, we previously observed both targeted and cybercriminal attacks against mobile users,” he said. “This is unlikely to stop anytime soon. On the contrary, we are witnessing a steady growth of mobile malware.”

    Malware, bugs

    On the first day of the Occupy Central street protests, many in Hong Kong began to notice "Trojan Horse" messages targeting their Android mobile phones.

    Trojan Horses are malicious programs that pretend to be legitimate software, but actually carry out hidden, harmful functions.

    In and of itself, this wasn’t such an uncommon occurrence given Android’s relatively loose and open operating systems.

    But a few days later, researchers with the mobile security firm Lacoon discovered something they had never seen before: a sophisticated, cross-platform spyware bug that, if downloaded, infected nearly every part of a users’ iOS – the closed and fairly secure operating system used by Apple iPads and iPhones.

    “It was a surprise, definitely,” Michael Shaurov, CEO and co-founder of Lacoon, told VOA. “Everyone was excited and thrilled to finally find this, but basically what we believe is that this is something we’ve expected.”

    The bug, officially known as Xsser mRAT, was discovered almost by accident while Lacoon researchers were trying to dissect the more common Android trojan-horse bugs.

    After they traced the Android bugs’ command and control, or CnC, protocol, they stumbled on the iOS spyway.

    “It’s sitting in the background and basically capturing all the sensitive information – data – that one has on your iPhone,” Shaurov said. “It starts with capturing location, all the contacts, text messages, photos, call logs, and to an extent it also goes to a really sensitive place on the iPhone, the keychain. It completely compromises your device.”

    Shaurov calls Xsser “…the most polished malware for iOS that we’ve seen to date,” suggesting both that it was in the works for a while, and is not the product of a small group of criminals or hacktivists.

    Computer bugs don’t come with signatures or pedigrees, but they do provide a range of clues as to who’s behind them.

    Lacoon found that Xsser’s CnC servers were located inside China, that its program commands are in Chinese, and that it uses a Chinese anonymizing service.

    “All that leads to the conclusion which is essentially that the entity that is operating Xsser is probably Chinese state-sponsored,” Shaurov said.

    'Operation Hong Kong'

    As the number of malware bugs floating around Hong Kong increased, so, too, did threats of cyber retaliation targeting both the government of Hong Kong and the Communist Party of China in Beijing.

    So far, the threat that has garnered the most media attention was that from Anonymous.

    Calling this latest venture “Operation Hong Kong,” a branch of Anonymous released a video last week, directly threatening the government of Hong Kong with coordinated, international attacks.

    “Attacking protesters will result in releasing personal information of all of your government officials,” said a computerized voice-over on the video. “We will seize all your databases and e-mail pools and dump them on the Internet. This is your first and only warning.”

    So far, Anonymous has been able to crash the website of the “Democratic Alliance for the Betterment and Progress of Hong Kong”, a large pro-Beijing political party; an act party chairman Tam Yiu-chung decried as “outrageous.”

    Other websites have also crashed or been defaced, but so far there have been no major security breaches or large-scale data thefts reported, either in Hong Kong or Beijing.

    Analysis is spotty, but the nature of such nuisance hacks suggests there are DDoS, or “distributed denial of service”, attacks. While embarrassing, DDoS hacks are usually short-lived and pose little security risks.

    Given China’s “Great Firewall” of filtering and censorship, it’s unlikely Beijing would experience wide-scale security breaches, analysts say.

    However, much of Hong Kong – among the most digitally connected societies on Earth – remains on the other side of the Great Firewall, putting servers and data at greater risk.

    Lopsided fight

    Jason Ng, an entrepreneur and blogger with the South China Morning Post, has been spending a lot of time recently in Hong Kong’s Admiralty district, home to much of the Occupy Central protests and sit-ins.

    It was where that police deployed tear gas against demonstrators who had little more than their umbrellas to protect themselves, thus giving rise to the phrase “the Umbrella Uprising.”

    “We live on social media – Facebook, Instagram – so everything that happens, the next second it’s going to be online,” Ng said.

    Speaking with VOA, Ng told of watching hundreds of protestors, concerned about the government possibly cutting Internet or phone service, immediately gravitate to the new FireChat app.

    Traditionally, cross-border cyber-attacks have occurred online, over hard-wired ISPs and targeting computers and laptops connected to the Internet.

    But this current battle appears to be happening largely on mobile devices, analysts say.

    Hong Kong isn’t just wired to the Internet; it has one of the greatest concentrations of mobile usage anywhere.

    At present, those mobile phones and other gadgets are helping protestors get their message out and stay connected with each other.

    However, with more spyware flooding the region, those devices could be turned against the movement.

    “As soon as there’s a rumor, everyone will be talking about it,” Ng said. “People are telling each other to start saving everything they put online. In terms of awareness it’s there. But if there’s a very systematic cyber-attack on Hong Kong, we’ve never seen anything like that before.”

    Others are certain who will win.

    “It’s a non-balanced fight,” said Lacoon’s Michael Shaulov of a possible cyber showdown between Beijing and Occupy Central. “The nation-sponsored entity clearly has tools and capabilities that would be very difficult for the other party to fight against.”


    Doug Bernard

    dbjohnson+voanews.com

    Doug Bernard covers cyber-issues for VOA, focusing on Internet privacy, security and censorship circumvention. Previously he edited VOA’s “Digital Frontiers” blog, produced the “Daily Download” webcast and hosted “Talk to America”, for which he won the International Presenter of the Year award from the Association for International Broadcasting. He began his career at Michigan Public Radio, and has contributed to "The New York Times," the "Christian Science Monitor," SPIN and NPR, among others. You can follow him @dfrontiers.

    You May Like

    Top US General: Turkish Media Report ‘Absurd'

    General Dunford rejects ‘irresponsible' claims of coup involvement by former four-star Army General Campbell, who led NATO forces in Afghanistan before retiring earlier this year

    Video Saving Ethiopian Children Thought to Be Cursed

    'Omo Child' looks at efforts of one African man to stop killings of ‘mingi’ children

    Protests Over Western Troops Threaten Libyan 'Unity' Government

    Fears mount that Islamist foes of ‘unity' government plan to declare a revolutionaries' council in Tripoli

    This forum has been closed.
    Comments
         
    There are no comments in this forum. Be first and add one

    Featured Videos

    Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
    London’s Financial Crown at Risk as Rivals Eye Brexit Opportunitiesi
    X
    VOA News
    July 25, 2016 5:09 PM
    By most measures, London rivals New York as the only true global financial center. But Britain’s vote to leave the European Union – so-called ‘Brexit’ – means the city could lose its right to sell services tariff-free across the bloc, risking its position as Europe’s financial headquarters. Already some banks have said they may shift operations to the mainland. Henry Ridgwell reports from London.
    Video

    Video London’s Financial Crown at Risk as Rivals Eye Brexit Opportunities

    By most measures, London rivals New York as the only true global financial center. But Britain’s vote to leave the European Union – so-called ‘Brexit’ – means the city could lose its right to sell services tariff-free across the bloc, risking its position as Europe’s financial headquarters. Already some banks have said they may shift operations to the mainland. Henry Ridgwell reports from London.
    Video

    Video Recycling Lifeline for Lebanon’s Last Glassblowers

    In a small Lebanese coastal town, one family is preserving a craft that stretches back millennia. The art of glass blowing was developed by Phoenicians in the region, and the Khalifehs say they are the only ones keeping the skill alive in Lebanon. But despite teaming up with an eco-entrepreneur and receiving an unexpected boost from the country’s recent trash crisis the future remains uncertain. John Owens reports from Sarafand.
    Video

    Video Migrants Continue to Risk Lives Crossing US Border from Mexico

    In his speech Thursday before the Republican National Convention, the party’s presidential candidate, Donald Trump, reiterated his proposal to build a wall along the U.S.-Mexico border if elected. Polls show a large percentage of Americans support better control of the nation's southwestern border, but as VOA’s Greg Flakus reports from the border town of Nogales in the Mexican state of Sonora, the situation faced by people trying to cross the border is already daunting.
    Video

    Video In State of Emergency, Turkey’s Erdogan Focuses on Spiritual Movement

    The state of emergency that Turkish President Recep Tayyip Erdogan has declared is giving him even more power to expand a purge that has seen an estimated 60,000 people either arrested or suspended from their jobs. VOA Europe correspondent Luis Ramirez reports from Istanbul.
    Video

    Video Calm the Waters: US Doubles Down Diplomatic Efforts in ASEAN Meetings

    The United States is redoubling diplomatic efforts and looking to upcoming regional meetings to calm the waters after an international tribunal invalidated the legal basis of Beijing's extensive claims in the South China Sea. VOA State Department correspondent Nike Ching has the story.
    Video

    Video Four Brother Goats Arrive in Brooklyn on a Mission

    While it's unusual to see farm animals in cities, it's become familiar for residents of Brooklyn, New York, to see a little herd of goats. Unlike gas-powered mowing equipment, goats remove invasive weeds quietly and without adding more pollution to the air. As Faiza Elmasry tells us, this is a pilot program and if it proves to be successful, the goat gardener program will be extended to other areas of New York. Faith Lapidus narrates.
    Video

    Video Scientists in Poland Race to Save Honeybees

    Honeybees are in danger worldwide. Causes of what's known as colony collapse disorder range from pesticides and loss of habitat to infections. But scientists in Poland say they are on track to finding a cure for one of the diseases. VOA’s George Putic reports.
    Video

    Video Wall Already Runs Along Parts of US-Mexico Border

    The Republican Party’s presidential nominee, Donald Trump, gained the support of many voters by saying he would build a wall to keep undocumented immigrants and drugs from coming across the border from Mexico. Critics have called his idea impractical and offensive to Mexico, while supporters say such a bold approach is needed to control the border. VOA’s Greg Flakus has more from the border town of Nogales, Arizona.
    Video

    Video New HIV Tests Emphasize Rapid Results

    As the global fight against AIDS intensifies, activists have placed increasing importance on getting people to know their HIV status. Some companies are developing new HIV testing methods designed to be quick, easy and accurate. Thuso Khumalo looks at the latest methods, presented at the International AIDS conference in Durban, South Africa.
    Video

    Video African Youth with HIV Urge More Support

    HIV, the virus that causes AIDS, is the top killer of teens in sub-Saharan Africa. But many youths say their experience with the virus is unique and needs to be addressed differently than the adult epidemic. VOA South African Correspondent Anita Powell reports.
    Video

    Video Pop-Up Art Comes to Your Living Room, Backyard and Elsewhere

    Around the world, independent artists and musicians wrestle with a common problem: where to exhibit or perform? Traditional spaces such as museums and galleries are reserved for bigger names, and renting a space is not feasible for many. Enter ArtsUp, which connects artists with venue owners. Whether it’s a living room, restaurant, office or even a boat, pop-up events are bringing music and art to unexpected places. Tina Trinh has more.
    Video

    Video Scotland’s Booming Whisky Industry Fears Brexit Hangover

    After Britain’s vote to leave the European Union, Scotland’s government wants to break away from the United Kingdom – fearing the nation’s exports are at risk. Among the biggest of these is whisky. Henry Ridgwell reports on a time of turmoil for those involved in the ancient art of distilling Scotland’s most famous product.

    Special Report

    Adrift The Invisible African Diaspora