Stories

A new window onto China's Uighur spying

A screen showing images of Chinese President Xi Jinping in Xinjiang
A screen showing images of Chinese President Xi Jinping in Xinjiang where a pervasive security apparatus has subdued the ethnic unrest, June 2019. Photo: Greg Baker/AFP/Getty Images

Those websites we reported on last week that target iPhone users with malware appear to have been part of China's long-running effort to monitor its Uighur population.

The big picture: The security vulnerabilities that mobile malware takes advantage of are scarce and expensive, and countries are loath to risk burning their tools by widely exposing them.

  • The only scenario where it makes any economic sense to use such techniques this broadly is one involving a wealthy government trying to mount a vast surveillance effort — as with China's campaign among the Uighurs in Xinjiang.

Why it matters: No one has attempted to spread mobile malware to such a wide group before because no one has tried to surveil an entire ethnic group this way before.

Driving the news: On Thursday, Google announced it had discovered several campaigns using popular websites to indiscriminately inject malware onto iPhones.

  • Subsequent reporting showed that the campaign looked to infect not only iPhones but Android devices and Windows computers as well.
  • The firm Volexity found evidence those sites included Uighur news outlets and other Uighur community sites.

Background: Surveillance of the Uighurs is nothing new. "The Chinese government has long harbored suspicion about the Uighur population’s loyalty to China, confusing ethnic identity with separatism," said Sophie Richardson, China lead for Human Rights Watch.

But in recent years, China has tightened its heavy-fisted rule of Xinjiang province with high-tech techniques.

Biometrics: China uses widespread facial recognition research to detect and track the Uighur minority, and it has roped in Western research institutions to help. Western research institutions and journals have aided in development of facial recognition to distinguish Uighur facial features using artificial intelligence.

  • China tracks Uighurs through other biometrics too, including DNA.

Digital tools: China tracks digital communications from Uighurs and stores information tapped from WiFi-enabled devices. Tourists must install a monitoring app on phones when entering the Xinjiang province that scans for Quran passages and other contraband information, and Reuters reported Thursday that China hacked telecoms to spy on Uighur travelers.

  • All of the information is filtered through a machine learning algorithm-fueled mobile app used to direct police activity.
  • Human Rights Watch reverse-engineered the app and found a wide variety of factors play a role in determining who is treated as a suspicious individual — including whether they use their home's front or back door.

The bottom line: This is not a small undertaking. China's willingness to spend on technology to surveil Uighurs has created a niche, high-growth industry among military contractors.

  • Secretary of State Mike Pompeo recently described the crackdown on Uighurs as the “stain of the century.” And the White House added a Uighur American to the National Security Council to contribute to China policy.