Tear gas and government warnings haven’t stopped the protesters demanding democratic elections in Hong Kong. But a bit of spyware injected into the activist movement may have been sent to do the trick.
A mobile app marketed as a tool to help activists organize is actually a spying program, protesters have discovered.
READ MORE ISIS Is Winning the Online Jihad
Two weeks ago, spam text messages started pinging the mobile phones of Hong Kong residents associated with the protests. “Check out this Android app designed by Code4HK for the coordination of Occupy Central!” was the message protesters received according to the the South China Morning Post, which first reported on the app.
Early on there were signs that the app wasn’t what it seemed. For one thing, its supposed designers denied having anything to do with it. Code4HK, a Hong Kong group “where geeks gather” and “drive social changes with technology” according to their website, released a statement saying: “None of the Code4HK community has done any application on [Occupy Central] at the moment nor sent the message.”
READ MORE Nigerian Women Fight for Democracy
Suspicious of how much information it required from users—including phone logs and GPS data—activists started to take the app apart. What they found was a piece of spyware siphoning data and creating audio files of voice calls. A crowd sourced effort to analyze the app’s code drawing on outside hacktivists and protesters in Hong Kong has shown it can do everything from track a users geo-location data and text history to recording all outgoing phone calls.
No one knows yet where the app originated, though many suspect it came from the Chinese government. It wouldn’t be the first case of a state using spyware to lure its own citizens into a surveillance net. A German based company, FinFisher, sells commercial software used for remote monitoring that’s been purchased by police departments and governments including Mongolia and Belgium. Evidence shows that the government of Bahrain used the spyware to monitor political activists, including a naturalized American citizen.
READ MORE Australia Sends Unarmed Planes to Iraq
As activists have turned to social media to organize anonymously, it’s made them vulnerable to new forms of intelligence gathering. And repressive states haven’t missed the chance to use the Internet as a weapon for shutting down opposition. Russia routinely blocks the websites of dissidents and recently replaced the head of the country’s largest social media site with a government loyalist. Syria’s Assad regime has flipped the Internet killswitch a number of times during the country’s civil war before restoring service to continue surveillance on its enemies.
Along with a barricades and bludgeons approach to dealing with protests and political dissent, the Chinese government has taken an active role in policing the Internet. Beijing’s aggressive regime of Internet censorship has earned the nickname “the Great Firewall” and the distinction of having “the largest recorded number of imprisoned journalists and cyber-dissidents in the world,” according to Amnesty International. But that by itself is hardly proof that the Chinese government created the app, only that it has the ability and political motive.
READ MORE Kim Jong-un So Fat He Injured His Ankles
There was a time not that long ago when governments more or less monopolized spying on political protests. But these days, the online espionage field is crowded with commercial bots whose profits depend on tricking users out of the personal information they don’t freely divulge. Today, a phony app trying to spy on political dissidents isn’t the smoking gun of state power it used to be.
So activists started doing some detective work, to see who was behind the malware. It didn’t take long for them to discover where the app was sending its ill-gotten data. They found that all the information captured by the spyware was sent to a remote server in Korea. Code4HK, the activist group the spyware impersonated, claims the server’s IP address was “used as malware service before in Nov. 2013.” A more telling point: the server’s remote login screen is written in simplified Chinese, a dialect that’s associated not with Hong Kong but mainland China and the national government.
READ MORE World Lost Half Its Wildlife in 40 Years
What the analysis can’t reveal with any certainty is who gave the order to spy on the protests. The obvious suspect is the Chinese government. In addition to running some of the world’s most powerful cyber espionage programs, China also has the motivation — a desire to keep tabs on political dissidents and disrupt protest movements before they have time to expand. Right now the evidence tying the app to Beijing is circumstantial but many protesters have no doubt that it’s their government behind the spying.
“I think the central government is very likely to be behind the Trojan Android app attempt,” said one protester, a Hong Kong resident and computer software professional, who asked that his name not be used.
READ MORE Turkey’s Sympathy for the Devil
Whoever designed the app, it wasn’t particularly well engineered. Malware analayst Claudio Guarnieri called it “far from being one of the most sophisticated ones I’ve seen.”
Raymond Bakker, a software developer and whitehat hacker has taken the investigation a step further.
READ MORE Joran van der Sloot Is Now a Father
Using the same approach as forensic linguists who try to identify the author of a text by its writing style, Bakker studied the patterns in the spyware’s code and went looking for its programmer. What he found was “a post on a Chinese Android developer forum discussing roughly the same code that is used in the malware.” Bakker says that he is “pretty sure that the author of this post has ties with the malware” because “The way this code is written is unique and does not exist elsewhere on the Internet.”
Studying the app, Bakker found clues, but isn’t be sure of its provenance or exactly what it leads to other than an avatar on an Internet forum. What Bakker and others have provided is one more path to look down for a growing group of online sleuths trying to see behind the code.
READ MORE Hanged for Doubting ‘Jonah & the Whale’
Beyond that, it has made the activists themselves more vigilant. “We are not aware of any new spyware/malware being spread at this point” one protester told The Daily Beast. “We also regularly remind participants to use a number of secure and proven communications,” he said.
Related from The Daily Beast
- Vatican Investigates Pedophile Shielder
- How Did Isis Move So Quickly Through Western Iraq?
- 10K U.S. Troops to Stay in Afghanistan
Like us on Facebook -
Follow us on Twitter –
Sign up for The Cheat Sheet Newsletter
A Double Agent App Targets Hong Kong
No comments:
Post a Comment