Chinese Uighur hackers also went after Tibetans


Chinese hackers who used a previously unknown iPhone security flaw to target ethnic minority Uighurs also went after Tibetans in exile, according to a report.

It was the first detected use of malicious software against exiled Tibetans that required only a single click on a mobile device to work, said Citizen Lab, a Canada-based academic research group.

Citing technical similarities in the attacks and ones uncovered by US tech firms against Uighurs, the report suggested forces likely working with the Chinese government may be upgrading surveillance efforts against key minorities more broadly. The Tibetans are protesting Chinese rule of the mountainous region inside China.

Asked about the report, Chinese Foreign Ministry spokesman Geng Shuang said China resolutely opposed and cracked down on internet attacks and any accusations needed to be backed up by cast-iron proof.

Citizen Lab at the University of Toronto worked with the recently established Tibetan Computer Emergency Readiness Team (TibCERT), a coalition of Tibetan organisations working on digital security, to probe cyberattacks between November 2018 and May 2019.

In the attacks, people posing as human rights workers or journalists contacted unnamed senior figures in Tibetan groups over Facebook’s WhatsApp messaging service, according to screenshots featuring their phone numbers posted in the Citizen Lab report. Reuters was not able to independently confirm the authenticity of the screenshots or details of the report.

Among groups targeted were the private office of Tibetan spiritual leader the Dalai Lama, the Tibetan Parliament and human rights organisations, the report said.

Using well-crafted cover stories, attackers enticed the targets to click on links to websites that would install spyware on Apple or Android devices, the report said.

Eight of 15 Tibetans known to receive tainted links recalled clicking to open them, researchers said. All their devices were protected by patches issued for security flaws, but researchers followed the links themselves to determine what would have happened.

Citizen Lab said spyware aimed at the Tibetans was also used to target Uighurs, a mostly Muslim minority group considered a possible security threat by Beijing, in two campaigns revealed in the past month. One was discovered by Google, and another by security company Volexity.

An Apple spokesman said the company consulted with Citizen Lab and confirmed the attack tools would not have worked against the Tibetan targets with updated iPhones.

“We encourage customers to download the latest version of iOS for the best and most current security enhancements,” said spokesman Todd Wilder.

China is facing growing international criticism over its treatment of Uighurs in Xinjiang. It repeatedly denied involvement in cyberattacks or any mistreatment of Uighur people.

Although lead Citizen Lab researcher Bill Marczak said Citizen Lab found “a clear nexus with China,” he acknowledged “it doesn’t automatically mean it’s the government, it’s hard to say from a technical point of view.”

Lobsang Gyatso, secretary of TibCERT, said the group would use the report to spread awareness of hacking tactics and promote better defence.