Chinese hacker groups are using Facebook and other sites and mobile applications to trap and spy on Uyghurs, the social network said on Wednesday, without attributing the practices to the Chinese government. “We see clear links with the companies and the geographical locations of this activity, but we cannot formally prove who is behind this operation”, specified the person in charge of the regulations on the security of the social network, during a conference of hurry.
Hackers target hundreds of Uyghur activists, journalists and dissidents living abroad. They trick them into clicking on tricky links and websites that infect their computers or smartphones with spyware, according to the California-based company. “This activity has all the hallmarks of a long-term operation, with substantial means, which hides the people in charge,” he added in a statement.
The “water point” technique
According to its cybersecurity team, the maneuvers of hackers mainly take place outside of Facebook, on legitimate but compromised news sites or via bogus applications likely to be of interest to this persecuted Muslim minority in China (such as dictionaries, prayer, etc). This is the so-called “water point” technique, which involves infecting a place where people go without being suspicious.
On the social network, hackers pose as journalists, human rights defenders or members of the community in order to create relationships of trust and lure them into the trap. These tactics allow spies to gain access to information, cameras and microphones on their victims’ phones.
« Earth Empusa », « Poison Carp »…
The targeted Uyghurs come from Xinjiang, China, and live in Australia, Canada, Kazakhstan, Syria, Turkey, the United States and other countries. “Even though a small number of users are affected, less than 500 globally in this case, the impact can be severe – you can imagine the surveillance being put in place,” the official commented.
Facebook says it has blocked the sharing of trapped domain names on its platform, removed group accounts and warned the people concerned. The company also shared information with other social networks. The hacker groups are known as “Earth Empusa”, “Poison Carp” or “Evil Eye”.
The United States and several European countries have recently toughened their tone against China, which they accuse of having interned hundreds of thousands of Uyghur Muslims and inflicting “sterilizations and forced labor” on them. Beijing categorically denies these facts.