Sep 5, 2019 – Swissinfo.ch
By Jack Stubbs
LONDON (Reuters) – Hackers working for the Chinese government have broken into telecoms networks to track Uighur travellers in Central and Southeast Asia, two intelligence officials and two security consultants who investigated the attacks told Reuters.
The hacks are part of a wider cyber-espionage campaign targeting “high-value individuals” such as diplomats and foreign military personnel, the sources said. But China has also prioritised tracking the movements of ethnic Uighurs, a minority mostly Muslim group considered a security threat by Beijing.
China is facing growing international criticism over its treatment of Uighurs in Xinjiang. Members of the group have been subject to mass detentions in what China calls “vocational training” centres and widespread state surveillance.
Beijing’s alleged cyberspace attacks against Uighurs show how it is able to pursue those policies beyond its physical borders.
As part of the campaign, different groups of Chinese hackers have compromised telecoms operators in countries including Turkey, Kazakhstan, India, Thailand and Malaysia, the four sources said.
Those countries are frequently used as transit routes by Uighurs to travel between Xinjiang and Turkey in what human rights activists say is an attempt to escape state persecution.
Beijing has said that such travellers may be going to fight for militant groups in Iraq and Syria, with Chinese officials saying that the measures in Xinjiang are needed to stem the threat of Islamist extremism.
China has repeatedly denied involvement in cyber attacks or any mistreatment of the Uighur people, whose religious and cultural rights Beijing says are fully protected, and the Chinese Foreign Ministry said any hacking allegations need to be supported by evidence.
“We would again like to stress that China is a resolute safeguarder of internet security. We consistently and resolutely oppose and crack down on any forms of internet attacks,” a ministry statement said.
Reuters was not able to identify which specific telecoms operators were compromised. Government officials in India and Thailand declined to comment. Authorities in Malaysia, Kazakhstan and Turkey did not immediately respond to requests for comment.
U.S. cybersecurity company Volexity this week published a report https://www.volexity.com/blog/2019/09/02/digital-crackdown-large-scale-surveillance-and-exploitation-of-uyghurs detailing what it said were Chinese efforts to hack the phones and email accounts of Uighurs around the world.
Researchers at Google also said they had discovered https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html a campaign by unknown parties to infect thousands of Apple iPhones, which sources told Forbes and TechCrunch was targeted at the Uighur community.
‘WINDOW INTO SOMEONE’S LIFE’
Telecoms operators have long been targeted by intelligence agencies around the world for the wealth of sensitive user data they hold, such as information on location and contacts.
Western officials say Chinese cyber attacks have in part been driven by concerns that some of the up to 5,000 Uighurs believed https://www.reuters.com/article/uk-mideast-crisis-syria-china/syria-says-up-to-5000-chinese-uighurs-fighting-in-militant-groups-idUSKBN1840UP to be fighting alongside militant groups in Iraq and Syria may return to carry out attacks in China.
The ability to access telecoms user data has also become an increasingly valuable spying resource as the widespread use of encrypted messaging platforms has made it harder to intercept and monitor communications, said John Hultquist, director of intelligence analysis at U.S. cybersecurity company FireEye.
“A single (telecoms operator) intrusion gives attackers access to a lot more information than they would get going after individuals,” he said.
FireEye said that one of the Chinese hacking groups it monitors had deployed a piece of malware against telecoms operators in Southeast Asia to mine SMS data for messages containing keywords associated with terror attacks, military ranks and names of Chinese politicians.
The Chinese hackers also widely targeted call detail record (CDR) data held by their victims, said Amit Serper, an investigator at U.S.-Israeli cybersecurity company Cybereason, which published a report on the activity this year.
CDR data shows who is sending and receiving calls, as well as the user’s location, giving an attacker what Serper described as “a window into someone’s life”.
Stealing a user’s CDR data “gives you the ability to see who this person is contacting and, most importantly, which cell tower their phone is connecting to all day,” he said.
“So not only can you map someone’s circle of friends, you can map someone’s entire day.”
(Additional reporting by Christopher Bing in WASHINGTON, Joseph Menn in SAN FRANCISCO, Ben Blanchard in BEIJING, Patpicha Tanakasempipat in BANGKOK, Liz Lee in KUALA LUMPUR, Olzhas Auyezov in ALMATY and Aditya Kalra in NEW DELHI; Editing by David Goodman)