Sep 5, 2019

A new window onto China's Uighur spying

A screen showing images of Chinese President Xi Jinping in Xinjiang where a pervasive security apparatus has subdued the ethnic unrest, June 2019. Photo: Greg Baker/AFP/Getty Images

Those websites we reported on last week that target iPhone users with malware appear to have been part of China's long-running effort to monitor its Uighur population.

The big picture: The security vulnerabilities that mobile malware takes advantage of are scarce and expensive, and countries are loath to risk burning their tools by widely exposing them.

  • The only scenario where it makes any economic sense to use such techniques this broadly is one involving a wealthy government trying to mount a vast surveillance effort — as with China's campaign among the Uighurs in Xinjiang.

Why it matters: No one has attempted to spread mobile malware to such a wide group before because no one has tried to surveil an entire ethnic group this way before.

Driving the news: On Thursday, Google announced it had discovered several campaigns using popular websites to indiscriminately inject malware onto iPhones.

  • Subsequent reporting showed that the campaign looked to infect not only iPhones but Android devices and Windows computers as well.
  • The firm Volexity found evidence those sites included Uighur news outlets and other Uighur community sites.

Background: Surveillance of the Uighurs is nothing new. "The Chinese government has long harbored suspicion about the Uighur population’s loyalty to China, confusing ethnic identity with separatism," said Sophie Richardson, China lead for Human Rights Watch.

But in recent years, China has tightened its heavy-fisted rule of Xinjiang province with high-tech techniques.

Biometrics: China uses widespread facial recognition research to detect and track the Uighur minority, and it has roped in Western research institutions to help. Western research institutions and journals have aided in development of facial recognition to distinguish Uighur facial features using artificial intelligence.

  • China tracks Uighurs through other biometrics too, including DNA.

Digital tools: China tracks digital communications from Uighurs and stores information tapped from WiFi-enabled devices. Tourists must install a monitoring app on phones when entering the Xinjiang province that scans for Quran passages and other contraband information, and Reuters reported Thursday that China hacked telecoms to spy on Uighur travelers.

  • All of the information is filtered through a machine learning algorithm-fueled mobile app used to direct police activity.
  • Human Rights Watch reverse-engineered the app and found a wide variety of factors play a role in determining who is treated as a suspicious individual — including whether they use their home's front or back door.

The bottom line: This is not a small undertaking. China's willingness to spend on technology to surveil Uighurs has created a niche, high-growth industry among military contractors.

  • Secretary of State Mike Pompeo recently described the crackdown on Uighurs as the “stain of the century.” And the White House added a Uighur American to the National Security Council to contribute to China policy.

Go deeper

40 mins ago - Technology

Civil rights leaders blast Facebook after meeting with Zuckerberg

Screenshot of an image some Facebook employees used as part of their virtual walkout on Monday.

A trio of civil rights leaders issued a blistering statement Monday following a meeting with Facebook CEO Mark Zuckerberg and other top executives to discuss the social network's decision to leave up comments from President Trump they say amount to calls for violence and voter suppression.

Why it matters: While Twitter has flagged two of the president's Tweets, one for being potentially misleading about mail-in ballot procedures and another for glorifying violence, Facebook has left those and other posts up, with CEO Mark Zuckerberg saying he doesn't want to be the "arbiter of truth."

Updated 59 mins ago - Politics & Policy

Updates: George Floyd protests nationwide

Police officers wearing riot gear push back demonstrators outside of the White House on Monday. Photo: Jose Luis Magana/AFP via Getty Images

Protests over the death of George Floyd and other police-related killings of black people continued for a seventh day across the U.S., with President Trump threatening on Monday to deploy the military if the unrest continues.

The latest: Baltimore Police Department tweeted late Monday, "BPD has activated the Maryland State Police to assist with moderate crowds in the downtown area. Officers have observed members in the crowd setting off illegal fireworks and throwing objects near peaceful protestors and officers."

2 hours ago - Technology

Cisco, Sony postpone events amid continued protests

Screenshot: Axios (via YouTube)

Cisco said Monday night that it is postponing the online version of Cisco Live, its major customer event, amid the ongoing protests that have followed the killing of George Floyd.

Why it matters: Cisco joins Sony, Electronic Arts and Google in delaying tech events planned for this week.