[Chapter-delegates] HK Protesters Targeted with Spyware

Ariel Manoff amanoff at vmf.com.ar
Sun Oct 5 14:49:43 PDT 2014 

+1

Héctor Ariel Manoff
Vitale, Manoff & Feilbogen
Viamonte 1145 10º Piso
C1053ABW Buenos Aires
República Argentina
Te: (54-11) 4371-6100
Fax: (54-11) 4371-6365
E-mail: amanoff at vmf.com.ar
Web: http://www.vmf.com.ar

-----Mensaje original-----
De: Chapter-delegates [mailto:chapter-delegates-bounces at elists.isoc.org] En nombre de Winthrop Yu
Enviado el: jueves, 02 de octubre de 2014 21:44
Para: ISOC Chapter Delegates
Asunto: Re: [Chapter-delegates] HK Protesters Targeted with Spyware

   +1 Chester!

On 10/2/2014 2:58 PM, chester at soong.net wrote:
> Dear All,
>
> I joined the protest for 3 days and some of my friends in the IT 
> profession were there on the most violent day and being pepper-sprayed, hit, and tear-gased!
>
> We did worry about that but the Chief Executive of HK can, under his 
> authority, to shut down and intercept all telecommunications on an 
> executive order. So most of us have turned to Firechat now, and we 
> almost held a talk with Micha Benoliel as he happened to be in HK. 
> Now, it is not about getting your phone hacked or communications 
> sniffed anymore. It has gone back to traditional government 
> suppressing of protests with people infiltrating into the largely 
> peaceful protests and stir up unrests! Honestly, I worry about how 
> this will end. This has gone beyond the Internet, but it has helped us so far in spreading the truth and unveiling the issues.
>
> Regards,
>
>
> Chester
>
> On Wed, 1 Oct 2014 20:17:16 -0400
>   Glenn McKnight <mcknight.glenn at gmail.com> wrote:
>> Protesters in Hong Kong calling for democracy reforms are being 
>> targeted by spyware that can affect both iPhones and smartphones 
>> running Google’s Android software, a security company claims.
>>
>> However the iPhone users among the thousands of protesters should be 
>> safe if they have not bypassed Apple’s security system to “jailbreak” 
>> their phones to install unapproved apps.
>>
>> The discovery marks the second time that the demonstrators’ phones 
>> appear to have been targeted since the protests began last week.
>>
>> Dubbed Xsser mRAT by Israeli firm Lacoon Mobile Security, the malware 
>> is being run from the same server as a malicious program targeting 
>> Android phones spotted last week 
>> <http://www.scmp.com/news/hong-kong/article/1594667/fake-occupy-central-app-targets-activists-smartphones>.
>>
>> That masqueraded as an app for the Occupy Central pro-democracy 
>> movement and was spread via messages on the cross-platform Whatsapp 
>> messaging system which urged readers to “Check out this Android app 
>> designed by Code4HK for the coordination of Occupy Central!”. Protest 
>> organisers said none of its members had developed or distributed the application.
>>
>> Lacoon said the Chinese government, which has been accused of various 
>> digital attacks on activists in recent years, was likely coordinating 
>> the attacks – though there is no proof the iPhone malware has 
>> infected any of the protesters’ phones. Only those which have been 
>> “jailbroken” by the owner to circumvent Apple’s normal security 
>> against unauthorised apps are vulnerable. However some users in Asia 
>> have jailbroken their iPhones in order to install local apps that are 
>> not approved for Apple’s App Store, or run special software. The 
>> malware does not itself appear to be able to jailbreak the iPhones.
>>
>> The version targeting Android smartphones can spy on the user because 
>> it masquerades as an app for organising the protest - and requests 
>> access to the owner’s phone address book, web browsing history, 
>> location, text messages, and phone call log. It can also record 
>> audio. Those details can then be sent to a web server in South Korea 
>> which appears to be controlled by a source in mainland China. If 
>> successfully installed, the iPhone malware collects the same data.
>>
>> “Cross-platform attacks that target both iOS [iPhone] and Android 
>> devices are rare, and indicate that this may be conducted by a very 
>> large organisation or nation state,” Lacoon co-founder Ohad Bobrov 
>> said in ablog post 
>> <https://www.lacoon.com/lacoon-discovers-xsser-mrat-first-advanced-ios-trojan/>.
>> “The fact that this attack is being used against protesters and is 
>> being executed by Chinese-speaking attackers suggests it’s first iOS 
>> trojan linked to Chinese government cyber activity.”
>>
>> The US-based Electronic Frontier Foundation noted the likelihood of 
>> anyone involved in the Hong Kong protests getting infected was not 
>> high, given iOS devices had to be jailbroken and Android users still 
>> had to be tricked into downloading the malicious software, which was 
>> not on the official Google Play market and was not spreading on its own.
>>
>> The EFF also said that just because the iOS and Android malware are 
>> run from the same servers does not mean they are both are aimed at 
>> Hong Kong protesters.
>>
>> Claudio Guarnieri, a security expert now working to help activists 
>> across the globe, said over Twitter the iOS malware didn’t seem 
>> unique and was certainly not advanced as Lacoon had suggested, nor 
>> was there any evidence it was hitting Hong Kong protesters.
>>
>> But onlookers are still concerned about the range of malware 
>> targeting activists over different platforms. Security firm Kaspersky 
>> Lab confirmed it had also seen various examples of malicious apps for 
>> iOS and Android, as well as spyware samples for other platforms, 
>> related to the Hong Kong protests.
>>
>> “Since nearly every part of our lives now has a digital aspect to it, 
>> it’s no surprise, in a situation like this, to discover that there 
>> are those who wish to steal information from those involved. It is 
>> not the first nor the last attack of this kind. We previously 
>> observed both targeted and cybercriminal attacks against mobile 
>> users. This is unlikely to stop anytime soon, on the contrary, we are 
>> witnessing a steady growth of mobile malware,” said David Emm, principal security researcher at Kaspersky Lab.
>>
>> Guarnieri told the Guardian attacks over mobile on activists “have 
>> been happening for a while already and certainly won’t stop”.
>>
>> “By experience I see many activists putting an inherent trust in 
>> their phones while growing a distrust in their computers, and that 
>> leads sometimes to irresponsible use of both those technologies.”
>>
>> In June, so-called “lawful interception” technology was seen posing 
>> as a genuine Android news app, which appeared to be targeting people 
>> linked to political protest in eastern Saudi Arabia 
>> <http://citizenlab.org/2014/06/backdoor-hacking-teams-tradecraft-android-implant/>.
>>
>> Analyses of government-grade iOS malware date back to at least 2012.
>> Glenn McKnight
>> mcknight.glenn at gmail.com
>> skype  gmcknight
>> twitter gmcknight
>> .
>
> _______________________________________________
> As an Internet Society Chapter Officer you are automatically 
> subscribed to this list, which is regularly synchronized with the 
> Internet Society Chapter Portal (AMS): https://portal.isoc.org

_______________________________________________
As an Internet Society Chapter Officer you are automatically subscribed to this list, which is regularly synchronized with the Internet Society Chapter Portal (AMS): https://portal.isoc.org


---
Este mensaje no contiene virus ni malware porque la protección de avast! Antivirus está activa.
http://www.avast.com

More information about the Chapter-delegates mailing list