Hackers working for the Chinese government broke into telecoms networks to track Uighur travellers in Central and Southeast Asia, intelligence officials and security consultants who investigated the attacks told Reuters.
The hacks are part of a wider cyber-espionage campaign targeting “high-value individuals” such as diplomats and foreign military personnel, the sources said. China has prioritised tracking movements of ethnic Uighurs, a minority mostly Muslim group considered a security threat by Beijing.
China is facing growing international criticism over treatment of Uighurs in Xinjiang. Members of the group are subject to mass detentions in what China calls “vocational training” centres and widespread state surveillance.
Beijing’s alleged cyberspace attacks against Uighurs show it is able to pursue those policies beyond its physical borders.
As part of the campaign, different groups of Chinese hackers compromise telecoms operators in countries including Turkey, Kazakhstan, India, Thailand and Malaysia, the sources said.
Those countries are used as transit routes by Uighurs travelling between Xinjiang and Turkey in what human rights activists call attempts to escape state persecution.
Beijing said the travellers may be going to fight for militant groups in Iraq and Syria, with Chinese officials saying measures in Xinjiang are needed to stem the threat of Islamist extremism.
China repeatedly denied involvement in cyber-attacks or mistreatment of the Uighur people, whose religious and cultural rights Beijing says are fully protected. The Chinese Foreign Ministry said hacking allegations need to be supported by evidence.
“We would like to stress China is a resolute safeguarder of internet security. We consistently and resolutely oppose and crack down on any internet attacks,” a ministry statement said.
Reuters was not able to identify which telecoms operators were compromised. Government officials in India and Thailand declined to comment. Authorities in Malaysia, Kazakhstan and Turkey did not respond to requests for comment.
US cybersecurity company Volexity this week published a report detailing Chinese efforts to hack phones and email accounts of Uighurs around the world.
Researchers at Google said they discovered a campaign by unknown parties to infect Apple iPhones, which sources told Forbes and TechCrunch was targeted at the Uighur community.
‘WINDOW INTO SOMEONE’S LIFE’
Telecoms operators have long been targeted by intelligence agencies for the wealth of sensitive user data they hold, such as location and contacts.
Western officials say Chinese cyber-attacks are in part been driven by concerns some of the up to 5 000 Uighurs believed fighting alongside militant groups in Iraq and Syria may return to carry out attacks in China.
The ability to access telecoms user data has become a valuable spying resource as widespread use of encrypted messaging platforms made it harder to intercept and monitor communications, said John Hultquist, director of intelligence analysis at US cybersecurity company FireEye.
“A single intrusion gives attackers access to more information than they would get going after individuals,” he said.
FireEye said one Chinese hacking group it monitors deployed malware against telecoms operators in Southeast Asia to mine SMS data for messages containing keywords associated with terror attacks, military ranks and names of Chinese politicians.
Chinese hackers widely targeted call detail record (CDR) data held by victims, said Amit Serper, an investigator at US-Israeli cybersecurity company Cybereason, which published a report on the activity this year.
CDR data shows who is sending and receiving calls, as well as user location, giving an attacker what Serper described as “a window into someone’s life”.
Stealing a user’s CDR data “gives you the ability to see who this person is contacting and, most importantly, which cell tower their phone is connecting to all day,” he said.
“So not only can you map someone’s circle of friends, you can map someone’s entire day.”