NZ Herald
  • Home
  • Latest news
  • Herald NOW
  • Video
  • New Zealand
  • Sport
  • World
  • Business
  • Entertainment
  • Podcasts
  • Quizzes
  • Opinion
  • Lifestyle
  • Travel
  • Viva
  • Weather

Subscriptions

  • Herald Premium
  • Viva Premium
  • The Listener
  • BusinessDesk

Sections

  • Latest news
  • New Zealand
    • All New Zealand
    • Crime
    • Politics
    • Education
    • Open Justice
    • Scam Update
  • Herald NOW
  • On The Up
  • World
    • All World
    • Australia
    • Asia
    • UK
    • United States
    • Middle East
    • Europe
    • Pacific
  • Business
    • All Business
    • MarketsSharesCurrencyCommoditiesStock TakesCrypto
    • Markets with Madison
    • Media Insider
    • Business analysis
    • Personal financeKiwiSaverInterest ratesTaxInvestment
    • EconomyInflationGDPOfficial cash rateEmployment
    • Small business
    • Business reportsMood of the BoardroomProject AucklandSustainable business and financeCapital markets reportAgribusiness reportInfrastructure reportDynamic business
    • Deloitte Top 200 Awards
    • CompaniesAged CareAgribusinessAirlinesBanking and financeConstructionEnergyFreight and logisticsHealthcareManufacturingMedia and MarketingRetailTelecommunicationsTourism
  • Opinion
    • All Opinion
    • Analysis
    • Editorials
    • Business analysis
    • Premium opinion
    • Letters to the editor
  • Politics
  • Sport
    • All Sport
    • OlympicsParalympics
    • RugbySuper RugbyNPCAll BlacksBlack FernsRugby sevensSchool rugby
    • CricketBlack CapsWhite Ferns
    • Racing
    • NetballSilver Ferns
    • LeagueWarriorsNRL
    • FootballWellington PhoenixAuckland FCAll WhitesFootball FernsEnglish Premier League
    • GolfNZ Open
    • MotorsportFormula 1
    • Boxing
    • UFC
    • BasketballNBABreakersTall BlacksTall Ferns
    • Tennis
    • Cycling
    • Athletics
    • SailingAmerica's CupSailGP
    • Rowing
  • Lifestyle
    • All Lifestyle
    • Viva - Food, fashion & beauty
    • Society Insider
    • Royals
    • Sex & relationships
    • Food & drinkRecipesRecipe collectionsRestaurant reviewsRestaurant bookings
    • Health & wellbeing
    • Fashion & beauty
    • Pets & animals
    • The Selection - Shop the trendsShop fashionShop beautyShop entertainmentShop giftsShop home & living
    • Milford's Investing Place
  • Entertainment
    • All Entertainment
    • TV
    • MoviesMovie reviews
    • MusicMusic reviews
    • BooksBook reviews
    • Culture
    • ReviewsBook reviewsMovie reviewsMusic reviewsRestaurant reviews
  • Travel
    • All Travel
    • News
    • New ZealandNorthlandAucklandWellingtonCanterburyOtago / QueenstownNelson-TasmanBest NZ beaches
    • International travelAustraliaPacific IslandsEuropeUKUSAAfricaAsia
    • Rail holidays
    • Cruise holidays
    • Ski holidays
    • Luxury travel
    • Adventure travel
  • Kāhu Māori news
  • Environment
    • All Environment
    • Our Green Future
  • Talanoa Pacific news
  • Property
    • All Property
    • Property Insider
    • Interest rates tracker
    • Residential property listings
    • Commercial property listings
  • Health
  • Technology
    • All Technology
    • AI
    • Social media
  • Rural
    • All Rural
    • Dairy farming
    • Sheep & beef farming
    • Horticulture
    • Animal health
    • Rural business
    • Rural life
    • Rural technology
    • Opinion
    • Audio & podcasts
  • Weather forecasts
    • All Weather forecasts
    • Kaitaia
    • Whangārei
    • Dargaville
    • Auckland
    • Thames
    • Tauranga
    • Hamilton
    • Whakatāne
    • Rotorua
    • Tokoroa
    • Te Kuiti
    • Taumaranui
    • Taupō
    • Gisborne
    • New Plymouth
    • Napier
    • Hastings
    • Dannevirke
    • Whanganui
    • Palmerston North
    • Levin
    • Paraparaumu
    • Masterton
    • Wellington
    • Motueka
    • Nelson
    • Blenheim
    • Westport
    • Reefton
    • Kaikōura
    • Greymouth
    • Hokitika
    • Christchurch
    • Ashburton
    • Timaru
    • Wānaka
    • Oamaru
    • Queenstown
    • Dunedin
    • Gore
    • Invercargill
  • Meet the journalists
  • Promotions & competitions
  • OneRoof property listings
  • Driven car news

Puzzles & Quizzes

  • Puzzles
    • All Puzzles
    • Sudoku
    • Code Cracker
    • Crosswords
    • Cryptic crossword
    • Wordsearch
  • Quizzes
    • All Quizzes
    • Morning quiz
    • Afternoon quiz
    • Sports quiz

Regions

  • Northland
    • All Northland
    • Far North
    • Kaitaia
    • Kerikeri
    • Kaikohe
    • Bay of Islands
    • Whangarei
    • Dargaville
    • Kaipara
    • Mangawhai
  • Auckland
  • Waikato
    • All Waikato
    • Hamilton
    • Coromandel & Hauraki
    • Matamata & Piako
    • Cambridge
    • Te Awamutu
    • Tokoroa & South Waikato
    • Taupō & Tūrangi
  • Bay of Plenty
    • All Bay of Plenty
    • Katikati
    • Tauranga
    • Mount Maunganui
    • Pāpāmoa
    • Te Puke
    • Whakatāne
  • Rotorua
  • Hawke's Bay
    • All Hawke's Bay
    • Napier
    • Hastings
    • Havelock North
    • Central Hawke's Bay
    • Wairoa
  • Taranaki
    • All Taranaki
    • Stratford
    • New Plymouth
    • Hāwera
  • Manawatū - Whanganui
    • All Manawatū - Whanganui
    • Whanganui
    • Palmerston North
    • Manawatū
    • Tararua
    • Horowhenua
  • Wellington
    • All Wellington
    • Kapiti
    • Wairarapa
    • Upper Hutt
    • Lower Hutt
  • Nelson & Tasman
    • All Nelson & Tasman
    • Motueka
    • Nelson
    • Tasman
  • Marlborough
  • West Coast
  • Canterbury
    • All Canterbury
    • Kaikōura
    • Christchurch
    • Ashburton
    • Timaru
  • Otago
    • All Otago
    • Oamaru
    • Dunedin
    • Balclutha
    • Alexandra
    • Queenstown
    • Wanaka
  • Southland
    • All Southland
    • Invercargill
    • Gore
    • Stewart Island
  • Gisborne

Media

  • Video
    • All Video
    • NZ news video
    • Herald NOW
    • Business news video
    • Politics news video
    • Sport video
    • World news video
    • Lifestyle video
    • Entertainment video
    • Travel video
    • Markets with Madison
    • Kea Kids news
  • Podcasts
    • All Podcasts
    • The Front Page
    • On the Tiles
    • Ask me Anything
    • The Little Things
  • Cartoons
  • Photo galleries
  • Today's Paper - E-editions
  • Photo sales
  • Classifieds

NZME Network

  • Advertise with NZME
  • OneRoof
  • Driven Car Guide
  • BusinessDesk
  • Newstalk ZB
  • Sunlive
  • ZM
  • The Hits
  • Coast
  • Radio Hauraki
  • The Alternative Commentary Collective
  • Gold
  • Flava
  • iHeart Radio
  • Hokonui
  • Radio Wanaka
  • iHeartCountry New Zealand
  • Restaurant Hub
  • NZME Events

SubscribeSign In
Advertisement
Advertise with NZME.
Home / World

China's software stalked Uighurs earlier and more widely, researchers learn

New York Times
2 Jul, 2020 02:40 AM7 mins to read

Subscribe to listen

Access to Herald Premium articles require a Premium subscription. Subscribe now to listen.
Already a subscriber?  Sign in here

Listening to articles is free for open-access content—explore other articles or learn more about text-to-speech.
‌
Save

    Share this article

    Reminder, this is a Premium article and requires a subscription to read.

Ethnic Uighurs, who are largely Muslim, walk past a mosque in Kashgar, in western China. Photo / Gillies Sabrie, The New York Times

Ethnic Uighurs, who are largely Muslim, walk past a mosque in Kashgar, in western China. Photo / Gillies Sabrie, The New York Times

Before Chinese police hung high-powered surveillance cameras and locked up ethnic minorities by the hundreds of thousands in China's western region of Xinjiang, China's hackers went to work building malware, researchers say.

The Chinese hacking campaign, which researchers at Lookout — the San Francisco mobile security firm — said Wednesday had begun in earnest as far back as 2013 and continues to this day, was part of a broad but often invisible effort to pull in data from the devices that know people best: their smartphones.

Read More

  • 'This is mass rape': China slammed over programme that 'appoints' men to sleep with Uighur women - NZ Herald
  • What really happened to China's missing Uighur people? - NZ Herald
  • Stern words as New Zealand joins rebuke of China over Uighurs Muslims - NZ Herald
  • The man behind China's detention of one million Uighur Muslims - NZ Herald

Lookout found links between eight types of malicious software — some previously known, others not — that show how groups connected to China's government hacked into Android phones used by Xinjiang's largely Muslim Uighur population on a scale far larger than had been realised.

The timeline suggests the hacking campaign was an early cornerstone in China's Uighur surveillance efforts that would later extend to collecting blood samples, voice prints, facial scans and other personal data to transform Xinjiang into a virtual police state. It also shows the lengths to which China's minders were determined to follow Uighurs as they fled China for as many as 15 other countries.

Advertisement
Advertise with NZME.

The tools the hackers assembled hid in special keyboards used by Uighurs and disguised themselves as commonly used apps in third-party websites. Some could remotely turn on a phone's microphone, record calls or export photos, phone locations and conversations on chat apps. Others were embedded in apps that hosted Uighur-language news, Uighur-targeted beauty tips, religious texts like the Quran and details of the latest Muslim cleric arrests.

Keep up to date with the day's biggest stories

Sign up to our daily curated newsletter for the day's top stories straight to your inbox.
Please email me competitions, offers and other updates. You can stop these at any time.
By signing up for this newsletter, you agree to NZME’s Terms of Use and Privacy Policy.

"Wherever China's Uighurs are going, however far they go, whether it was Turkey, Indonesia or Syria, the malware followed them there," said Apurva Kumar, a threat intelligence engineer at Lookout who helped unravel the campaign. "It was like watching a predator stalk its prey throughout the world."

A decade ago, the People's Liberation Army's hackers were notable not so much for their sophistication as for the volume of their attacks. But under threat of U.S. sanctions, President Xi Jinping of China struck an agreement with President Barack Obama in 2015 to cease hacking U.S. targets for commercial gain. The agreement stuck for a time, with a significant drop in Chinese hacks in the United States.

Last fall, private researchers determined that — over that same period — China had turned its most advanced hacking tools on its own people. In overlapping discoveries, researchers at Google, security firm Volexity and the Citizen Lab at the University of Toronto's Munk School of Public Affairs separately uncovered what amounted to an advanced Chinese hack against iPhones and Android phones belonging to Chinese Uighurs and Tibetans throughout the world.

Advertisement
Advertise with NZME.
A security checkpoint equipped with facial recognition at the entrance to a park, in Hotan, in western China. Photo / Gillies Sabrie, The New York Times
A security checkpoint equipped with facial recognition at the entrance to a park, in Hotan, in western China. Photo / Gillies Sabrie, The New York Times

Google's researchers discovered that hackers had infected websites frequented by Uighurs — inside China and in other countries — with tools that could hack their iPhones and siphon off their data.

Lookout's latest analysis suggests that China's mobile hacking campaign was broader and more aggressive than security experts, human rights activists and spyware victims had realised. But experts on Chinese surveillance say it should come as no surprise, given the lengths to which Beijing has gone to monitor Xinjiang.

Discover more

World

Bolton book claims Trump asked China's president to help him win re-election

17 Jun 07:28 PM
World

Key meeting as book claims rock Washington

17 Jun 09:42 PM
World

Disturbing find: 'Human hair' from Chinese prison camps shipped to US

01 Jul 11:43 PM

"We should think about smartphone surveillance being used as a way to track people's inner life, their everyday behavior, their trustworthiness," said Darren Byler, who studies surveillance of minority populations at the University of Colorado, Boulder.

In 2015, as Beijing pushed to crack down on sporadic ethnic violence in Xinjiang, authorities grew "desperate" to track fast-growing Uighur communications online, Byler said. Uighurs began to fear that their online chats discussing Islam or politics were risky. Savvier Uighurs took to owning a second "clean phone," said Byler, who lived in Xinjiang in 2015.

On the streets of Xinjiang, police began confiscating Uighurs' phones. Sometimes, they returned them months later with new spyware installed. Other times, people were handed back entirely different phones. Officials visiting Uighur villages regularly recorded the serial numbers used to identify smartphones. They lined the streets with new hardware that tracked people's phones as they walked past.

Authorities dragged Uighurs off to detention camps for having two phones or an antiquated phone, arbitrarily dumping a phone, or not having a phone at all, according to testimonials and government documents.

Over that same period, Lookout said China's mobile hacking efforts accelerated. One type of Chinese malware, known as GoldenEagle after the words hackers littered throughout their code — an apparent reference to the eagles used for hunting in Xinjiang — was used as early as 2011. But its use picked up in 2015 and 2016. Lookout uncovered more than 650 versions of GoldenEagle malware and a large number of fake Uighur apps that function as a sort of Trojan horse to spy on users' mobile communications.

The malicious apps mimicked so-called virtual private networks, which are used to set up secure web connections and view prohibited content inside China. They also targeted apps frequently used by Uighurs for shopping, video games, music streaming, adult media and travel booking, as well as specialised Uighur keyboard apps. Some offered Uighurs beauty and traditional-medicine tips. Others impersonated apps from Twitter, Facebook, QQ — the Chinese instant messaging service — and search giant Baidu.

Advertisement
Advertise with NZME.

Once downloaded, the apps gave China's hackers a real-time window into their targets' phone activity. They also gave China's minders the ability to kill their spyware on command, including when it appeared to suck up too much battery life. In some cases, Lookout discovered that all China's hackers needed to do to get data off a target's phone was send the user an invisible text message. The malware captured a victim's data and sent it back to the attackers' phone via a text reply, then deleted any trace of the exchange.

In June 2019, Lookout uncovered Chinese malware buried in an app called Syrian News. The content was Uighur-focused, suggesting China was trying to bait Uighurs inside Syria into downloading their malware. That Beijing's hackers would track Uighurs to Syria gave Lookout's researchers a window into Chinese anxiety over Uighur involvement in the Syrian civil war. Lookout's researchers found similarly malicious apps tailored to Uighurs in Kuwait, Turkey, Indonesia, Malaysia, Afghanistan and Pakistan.

Researchers at other security research groups, like Citizen Lab, had previously uncovered various pieces of China's mobile hacking campaign and linked them back to Chinese state hackers. However, Lookout's new report appears to be the first time researchers were able to piece these older campaigns with new mobile malware and tie them to the same groups.

"Just how far removed the state is from these operations is always the open question," said Christoph Hebeisen, Lookout's director of security intelligence. "It could be that these are patriotic hackers, like the kind we have seen in Russia. But the targeting of Uighurs, Tibetans, the diaspora and even Daesh, in one case, suggests otherwise," he added, using another term for the Islamic State.

One clue to the attackers' identities came when Lookout's researchers found what appeared to be test versions of China's malware on several smartphones that were clustered in and around the headquarters of Chinese defense contractor Xi'an Tianhe Defense Technology.

A large supplier of defense technology, Tianhe sent employees to a major defense conference in Xinjiang in 2015 to market products that could monitor crowds. As a surveillance gold rush took over the region, Tianhe doubled down, establishing a subsidiary in Xinjiang in 2018. The company did not respond to emails requesting comment.

"That could be an interesting coincidence," Hebeisen said, "or it could be the smoking gun."


Written by: Paul Mozur and Nicole Perlroth
Photographs by: Gillies Sabrie
© 2020 THE NEW YORK TIMES

Save

    Share this article

    Reminder, this is a Premium article and requires a subscription to read.

Latest from World

World

Trump ‘very unhappy’ with Putin on Ukraine, hints at sanctions

05 Jul 06:38 AM
Entertainment

Cause of death revealed as Julian McMahon, 56, dies after private battle

05 Jul 04:42 AM
Sport

Emma Raducanu criticises Wimbledon electronic line calls after loss

05 Jul 03:26 AM

There’s more to Hawai‘i than beaches and buffets – here’s how to see it differently

sponsored
Advertisement
Advertise with NZME.

Latest from World

Trump ‘very unhappy’ with Putin on Ukraine, hints at sanctions

Trump ‘very unhappy’ with Putin on Ukraine, hints at sanctions

05 Jul 06:38 AM

US President frustrated after a chat with the Russian leader about the Ukraine war.

Cause of death revealed as Julian McMahon, 56, dies after private battle

Cause of death revealed as Julian McMahon, 56, dies after private battle

05 Jul 04:42 AM
Emma Raducanu criticises Wimbledon electronic line calls after loss

Emma Raducanu criticises Wimbledon electronic line calls after loss

05 Jul 03:26 AM
Texas flash flood death toll rises to 24

Texas flash flood death toll rises to 24

05 Jul 03:26 AM
From early mornings to easy living
sponsored

From early mornings to easy living

NZ Herald
  • About NZ Herald
  • Meet the journalists
  • Newsletters
  • Classifieds
  • Help & support
  • Contact us
  • House rules
  • Privacy Policy
  • Terms of use
  • Competition terms & conditions
  • Our use of AI
Subscriber Services
  • NZ Herald e-editions
  • Daily puzzles & quizzes
  • Manage your digital subscription
  • Manage your print subscription
  • Subscribe to the NZ Herald newspaper
  • Subscribe to Herald Premium
  • Gift a subscription
  • Subscriber FAQs
  • Subscription terms & conditions
  • Promotions and subscriber benefits
NZME Network
  • The New Zealand Herald
  • The Northland Age
  • The Northern Advocate
  • Waikato Herald
  • Bay of Plenty Times
  • Rotorua Daily Post
  • Hawke's Bay Today
  • Whanganui Chronicle
  • Viva
  • NZ Listener
  • Newstalk ZB
  • BusinessDesk
  • OneRoof
  • Driven Car Guide
  • iHeart Radio
  • Restaurant Hub
NZME
  • About NZME
  • NZME careers
  • Advertise with NZME
  • Digital self-service advertising
  • Book your classified ad
  • Photo sales
  • NZME Events
  • © Copyright 2025 NZME Publishing Limited
TOP
search by queryly Advanced Search