As tens of thousands of protesters in Hong Kong continued to shut down the city's main arteries on Wednesday in a call for democracy, a quieter struggle was playing out to monitor the demonstrations online.
The most recent salvo came to light on Tuesday, when Lacoon Mobile Security said that it had tracked the spread of a fake mobile application aimed at eavesdropping on protesters' communications. In what is known as a phishing attack, smartphone users in Hong Kong have been receiving a link on WhatsApp to download the software, along with a note: "Check out this Android app designed by Code4HK for the coordination of OCCUPY CENTRAL!"
Code4HK, a community of programmers who have been working to support the democracy movement, had nothing to do with the application, according to Lacoon.
Though Michael Shaulov, Lacoon's chief executive, said it was impossible to be certain about the origin of the fake app, he said signs pointed to the Chinese government. Given the "targets of the operation, where the servers are based and the sophistication of the attack, it doesn't leave much room to the imagination".
After users download the application, it has the ability to gain access to personal data like passwords and bank information, spy on phone calls and messages and track the physical location of the infected smartphone. It is unclear how many smartphones in Hong Kong have been hit, but in similar attacks in the past, one in 10 phones that received such a message became infected, according to Shaulov.
"These really cheap social engineering tricks; they have a high rate of success," he said.
What makes the malicious app stand out is a version that can infect Apple's iOS mobile operating system, which is usually more secure than Google's Android, Shaulov said. Android is the dominant system on non-Apple phones.
"This is the first time that we have seen such operationally sophisticated iOS malware operational, which is actually developed by a Chinese-speaking entity," he said.
Shaulov's company traced the fake app to a computer that closely resembled those scrutinised by Mandiant, an American security firm that published a 60-page study last year that linked hacking attacks on American companies to the Chinese military.
It's not the first time the democracy movement in Hong Kong has drawn sophisticated web attacks. In June, an unofficial referendum on Hong Kong's political future that allowed people in Hong Kong to vote online drew one of the largest denial-of-service attacks in history, according to Matthew Prince, the chief executive of CloudFlare, which helped defend the referendum site from the attack. Such attacks are aimed at overwhelming a site with online traffic, causing it to shut down.
The recent targeting of the protests in Hong Kong has been part of a sustained campaign - most likely carried out by Chinese intelligence - dating back to about a year ago, according to Dmitri Alperovitch, co-founder and chief technology officer of the security firm CrowdStrike. He said he expected cyberattacks to monitor and potentially discredit protest leaders to increase in the coming weeks.
"We expect to see a more aggressive tempo by the Chinese, he said, "to try to spread disinformation, to try to compromise individuals that are involved from a public relations perspective."
Though it is hard to prove, Alperovitch said he believed the targeting of the protesters is the work of China's Ministry of State Security, which is usually charged with tracking dissidents and others deemed a threat to stability in China. Tactics employed against Occupy Central, one of the groups protesting in Hong Kong, are similar to those used by the Ministry of State Security within China on minority groups from Tibet and Xinjiang provinces, he said.
One possibility is in that coming weeks the government could leak phone calls or even disinformation in an effort to discredit protest leaders or link them to foreign governments, according to Alperovitch. China often attributes unrest to agitation by foreign powers.
© 2014 The new York Times News Service
| WHAT PROMPTED THE PROTESTS? |
|
