As Hong Kong’s pro-democracy movement enters its fifth week, mounting evidence suggests that cyber attacks designed to undermine the campaign originate from China.
According to a new report from cybersecurity forensics firm FireEye, digital footprints from previous cyber threats believed to have emanated from China have been linked to recent attacks on pro-democracy websites in Hong Kong.
Findings suggest that there may be a “common quartermaster” behind the two attacks, further supporting a running theory that Chinese officials are breaching Hong Kong’s networks to suppress or spy on the ongoing political uprising there, Time magazine reported.
The Chinese government has long denied any involvement in cyber espionage, cyber attacks and smartphone eavesdropping, going so far as to assert it is “resolutely opposed” to hacking.
While that assertion may raise an eyebrow, or even make some laugh out loud, proof of China’s involvement has been hard to come by.
FireEye analysts said they made the discovery when they matched digital certificates from data thefts originating in China earlier this year to those of an attack on Next Media several weeks ago that caused the company’s network to experience “total failure”.
Next Media’s Apple Daily is a pro-democracy Hong Kong newspaper and news website.
According to an Apple Daily report at the time, the system failure interrupted its real-time news publishing and newspaper production, as well as affecting the company’s email system, website and mobile apps.
Hong Kong protesters and supporters have been the target of recent attacks that cybersecurity watchdogs believe are also the work of the Chinese government, Time said.
About two weeks ago, Apple’s online data storage service, known as iCloud, was the target of an attack that sought to steal users’ passwords. With that information, a hacker can view users contacts, photos, messages and personal information stored in the cloud, GreatFire.org reports.
According to a New York Times report, activists and security experts said they believe the attacks were backed by the Chinese government because they were hosted from servers to which only the government and state-run telecommunications companies have access.
“The attack point is the Chinese internet backbone, and that it is nationwide, which would lead us to be 100 percent sure that this is again the work of the Chinese authorities,” one of the GreatFire founders told the South China Morning Post.
In early October, it was discovered that smartphone users in Hong Kong were being targeted by an Android and iOS remote-access Trojan. Infected phones revealed location data, usernames and passwords, call logs and contact information, as well as exposing SMS, email, and instant messages.
Cybersecurity experts note that cross-platform attacks that target both iOS and Android devices are rare and indicate that this could only be conducted by a very large organization or nation state.
In June, the website of a poll gauging Hong Kong residents’ opinions on elections was repeatedly hit by severe cyber attacks which experts called one of the largest and most sophisticated denial-of-service attacks in the internet’s history.
While no evidence then or since has linked China to that attack, the referendum’s organizers believe that the sophistication and enormity of the attack could only be the result of a state-run effort.
Is the Chinese government sponsoring attacks on Hong Kong protesters? The evidence is predominantly circumstantial.
But China certainly has the skill set.
In May, the United States accused five Chinese military officers of hacking American companies to steal trade secrets. At the time, Chinese foreign ministry spokesman Qin Gang called the accusations “purely fictitious” and “extremely absurd”.
That said, the US was able to level specific charges against specific people for doing specific things on specific computers at specific times.
China’s response was to call the US a “mincing rascal”.
You make the call.
– Contact us at [email protected]