Protesters Are Targets of Scrutiny Through Their Phones
HONG KONG - As tens of thousands of protesters in Hong Kong continued to shut down the city's main arteries on Wednesday in a call for democracy, a quieter struggle was playing out to monitor the demonstrations online.
The most recent salvo came to light Tuesday, when Lacoon Mobile Security said that it had tracked the spread of a fake mobile application designed to eavesdrop on protesters' communications. In what is known as a phishing attack, smartphone users in Hong Kong have been receiving a link on WhatsApp to download the software, along with a note: 'Check out this Android app designed by Code4HK for the coordination of OCCUPY CENTRAL!'
Code4HK, a community of programmers who have been working to support the democracy movement, had nothing to do with the application, according to Lacoon.
Though Michael Shaulov, Lacoon's chief executive, said it was impossible to be certain about the origin of the fake app, he said signs pointed to the Chinese government. Given the 'targets of the operation, where the servers are based and the sophistication of the attack, it doesn't leave much room to the imagination.'
After users download the application, it has the ability to gain access to personal data like passwords and bank information, spy on phone calls and messages and track the physical location of the infected smartphone. It is unclear how many smartphones in Hong Kong have been hit, but in similar attacks in the past, one in 10 phones that received such a message became infected, according to Mr. Shaulov.
'These really cheap social-engineering tricks, they have a high rate of success,' he said.
What makes the malicious app stand out is a version that can infect Apple's iOS mobile operating system, which is usually more secure than Google's Android, Mr. Shaulov said. Android is the dominant system on non-Apple phones.
'This is the first time that we have seen such operationally sophisticated iOS malware operational, which is actually developed by a Chinese-speaking entity,' he said.
Mr. Shaulov's company traced the fake app to a computer that closely resembled those scrutinized by Mandiant, an American security firm that published a 60-page study last year that linked hacking attacks on American companies to the Chinese military.
Map: Areas of Protest in Hong Kong
It's not the first time the democracy movement in Hong Kong has drawn sophisticated web attacks. In June, an unofficial referendum on Hong Kong's political future that allowed people in Hong Kong to vote online drew one of the largest denial-of-service attacks in history, according to Matthew Prince, the chief executive of CloudFlare, which helped defend the referendum site from the attack. Such attacks are designed to overwhelm a site with online traffic, causing it to shut down.
Protesters in the current demonstrations in Hong Kong are making use of a new app that allows them to send messages without a cellular or Internet connection. Introduced in March, FireChat makes use of a cellphone's radio and Bluetooth communications to create a network of phones close to one another - up to about 80 yards. Though downloaded widely by the Hong Kong protesters after rumors spread that the Internet would be cut, many have been making use of the app in areas where crowds have overwhelmed the cellphone system.
Other technological help has come from Code4HK, the programmers' group. Its website provides links to live video feeds of the demonstrations, offers updated Google maps showing where supply and medical stations are in protest areas, and maintains an open spreadsheet that shows what supplies are needed.
Within China, the cat-and-mouse game that often goes on between politically minded Internet users and the government's censors continued. Since Saturday, the Facebook-owned Instagram service has been widely inaccessible, according to users and several Internet monitors, leading commentators to speculate that the government had closed access to the app to stanch the flow of images of the protests. The rate of deletions of posts on China's version of Twitter, Weibo, has also soared in recent days, an indication of how concerned the government is that news of the protests might spread unrest to China, according to Fu King-wa, a professor of media studies at Hong Kong University.
Despite the spike in deletions, David Bandurski, a researcher at the University of Hong Kong, said that the huge flow of posts and the reliance on humans to individually censor content meant that some posts were getting through. Possibly more so than on newer products like Tencent's mobile messaging app WeChat, which he said showed more efficiency in blocking posts from its social network.
Beneath one post from a Chinese journalist on Weibo, Mr. Bandurski said he saw 'page after page of comments.'
'It had become a public online square for people talking about what's happening in Hong Kong,' he said.