The Hong Kong protests made it through October 1, China’s National Day, without the violence some had feared would accompany the sensitive date. Now it seems that Beijing and the Hong Kong government have adopted a gentler strategy — waiting out the protests, hoping that the movement will lose support over time. But that doesn’t mean Beijing is taking an entirely hands-off approach. In the cyber realm, the Hong Kong protests face both extensive censorship and cyber attacks.
Hong Kong’s protestors are being targeted by computer viruses that exploit vulnerabilities in mobile devices, a mobile security firm reported this week. Lacoon Mobile Security announced that malware, dubbed Xsser, targets Apple devices, including iPhones and iPads. The Xsser software is related to spyware targeting Android devices.
In a post on the company website, Lacoon’s research team noted that the Android spyware was “disguised as an app to help coordinate Occupy Central protests in Hong Kong.” Infected links were sent out via popular Chinese messaging service WhatsApp. While investigating that spyware, the Lacoon team discovered the Xsser software targeting Apple devices. “Cross-Platform attacks that target both iOS and Android devices are rare, and indicate that this may be conducted by a very large organization or nation state,” Lacoon noted.
Lacoon Chief Executive Michael Shaulov told Reuters that Xsser is the most sophisticated spyware he has seen being used against Apple devices.
Given that the spyware seems to be targeting Hong Kong protestors, that is it unusually sophisticated, and that the code being used is written in Chinese, suspicions are running high that Beijing is behind the spyware. Lacoon warns of the danger posed by this spyware: “When infected, Xsser mRAT exposes virtually any information on iOS devices including SMS, email, and instant messages, and can also reveal location data, usernames and passwords, call logs and contact information,” it added.
In addition to targeting the protestors themselves, China may be instituting cyber attacks against media outlets in order to prevent information on the protests from reaching mainland Chinese audiences. On Tuesday, GreatFire.org, a site dedicated to monitoring China’s online censorship, tweeted that Yahoo appeared to be the target of a “man-in-the-middle attack” or MITM in China. Such an attack, as the name implies, places the attacking computer in between a user and a third party site — in this case, Yahoo. The go-between can then block access to specific areas of Yahoo, all without the user being aware that the connection is compromised. MITM attacks are relatively rare; GreatFire notes the apparent attack on Yahoo is only the third such case in China.
In addition to the MITM attack against Yahoo, China is also making broad use of its more traditional censorship tools, including tightly controlling Chinese media reporting and blocking sensitive words (from “Occupy Central” to “Hong Kong students”) on Chinese microblogs. The photo-sharing site Instagram was banned in China on September 28, the day the protests began in earnest, apparently to keep people from spreading pictures of the protests in Hong Kong. The New York Times reports that at least one mainland activist, Wang Long, has been detained after spreading news about the Hong Kong protests on social media.