[Chapter-delegates] HK Protesters Targeted with Spyware

Thu Oct 2 17:41:47 PDT 2014

Anyone know how to test for it, and then how to clean it off?

There is this article from Time:

Hong Kong Democracy Protesters Are Being Targeted by Malicious Spyware
Charlie Campbell @charliecamp6ell
Oct. 1, 2014

The culprit is "a very large organization or nation state," experts say

A computer virus that spies on Apple’s iPhone and iPad operating
system is targeting pro-democracy protesters in Hong Kong, according
to tech experts.

Known as Xsser, the malicious software is capable of harvesting data
including text messages, photos, data logs and passwords from mobile
devices, Lacoon Mobile Security said Tuesday.

The spyware is hosted on the same Command and Control domain as an
existing fake program for the Android operating system that was
disguised as a protest-organizing app and distributed around Hong Kong
last week.

Etc at:

http://time.com/3451393/hong-kong-spyware-hacking-occupy-central-apple/

Or the Sydney Morning Herald:

Sophisticated trojan virus targets HK protesters' iPhones

Date October 1, 2014

Cybersecurity researchers have uncovered a computer virus that spies
on Apple's iOS operating system for the iPhone and iPad, and they
believe it is targeting pro-democracy protesters in Hong Kong.

The malicious software, known as Xsser, is capable of stealing text
messages, photos, call logs, passwords and other data from Apple
mobile devices, researchers with Lacoon Mobile Security has said.

They uncovered the spyware while investigating similar malware for
Google's Android operating system last week that also targeted Hong
Kong protesters. Anonymous attackers spread the Android spyware via
WhatsApp, sending malicious links to download the program, according
to Lacoon.

It is unclear how iOS devices get infected with Xsser, which is not
disguised as an app, but researchers have pointed out that the malware
only works on jailbroken devices.

Lacoon Chief Executive Michael Shaulov told Reuters that Xsser is the
most sophisticated malware used to date in any known cyberattack on
iOS users.

"This is one the most interesting developments we have seen," he said.
"It's the first real indication that really sophisticated guys are
shifting from infecting PCs or laptops to going after iOS devices."

The code used to control a server discovered by the researchers is
written in Chinese. The high quality of the campaign and the fact it
is being used to target protesters suggests that it is coming from a
sophisticated attacker in China, Shaulov said.

"It is the first time in history that you actually see an
operationalised iOS Trojan that is attributed to some kind of Chinese
entity," he said.

A Trojan is a term used by cyber researchers to describe malware that
enters a device disguised as something harmless.

Still, he said that his company's research team has yet to identify
any specific victims of the iOS Trojan.

Lacoon said on its blog that it is possible the attackers might have
deployed the Trojan in other places, in addition to spying on
pro-democracy protesters in Hong Kong.

"It can cross borders easily, and is possibly being operated by a
Chinese-speaking entity to spy on individuals, foreign companies, or
even entire governments," they said in a blog post describing their
analysis.

http://www.smh.com.au/it-pro/security-it/sophisticated-trojan-virus-targets-hk-protesters-iphones-20140930-10ofb5.html

All the best, and especially to Chester, Ping and the others.

Narelle

On Fri, Oct 3, 2014 at 1:24 AM, info at isoc.org.ec <info at isoc.org.ec> wrote:
> Is there a URL to look for this info?
>
> Carlos Vera
> Internet Society Ecuador
> www.isoc.org.ec
> Síguenos @isocec
>
>> El 2/10/2014, a las 5:52, Kathy Brown <brown at isoc.org> escribió:
>>
>> Chester, thank you for this communication. You, all of our Chapter members and, especially the young people of Hong Kong have been close to our thoughts and worries. Please let us know how we can be of help. Your ISOC family is nearby. Kathy
>>
>>> On Oct 2, 2014, at 2:58 AM, "chester at soong.net" <chester at soong.net> wrote:
>>>
>>> Dear All,
>>>
>>> I joined the protest for 3 days and some of my friends in the IT profession were there on the most violent day and being pepper-sprayed, hit, and tear-gased!
>>>
>>> We did worry about that but the Chief Executive of HK can, under his authority, to shut down and intercept all telecommunications on an executive order. So most of us have turned to Firechat now, and we almost held a talk with Micha Benoliel as he happened to be in HK. Now, it is not about getting your phone hacked or communications sniffed anymore. It has gone back to traditional government suppressing of protests with people infiltrating into the largely peaceful protests and stir up unrests! Honestly, I worry about how this will end. This has gone beyond the Internet, but it has helped us so far in spreading the truth and unveiling the issues.
>>>
>>> Regards,
>>>
>>>
>>> Chester
>>>
>>> On Wed, 1 Oct 2014 20:17:16 -0400
>>> Glenn McKnight <mcknight.glenn at gmail.com> wrote:
>>>> Protesters in Hong Kong calling for democracy reforms are being targeted by
>>>> spyware that can affect both iPhones and smartphones running Google’s

-- 

Narelle Clark
Immediate Past President and Board Member
Internet Society of Australia

narelle at isoc-au.org.au
www.isoc-au.org.au
The Internet is for Everyone!