[Chapter-delegates] HK Protesters Targeted with Spyware

Chester Soong chester at soong.net
Sun Oct 5 19:27:56 PDT 2014 

*This message was transferred with a trial version of CommuniGate(r) Pro*
The latest update is that numerous violence have broken out since Friday 
in the less central areas of the protests such as Mongkok and Causeway 
Bay (for those who know HK well). That included physical assaults, 
sexual harassment and assaults, multiple confrontations, etc. Most of 
them done my groups who claim to support an Anti-Occupied Central 
Alliance but with different background. Some arrested were confirmed to 
have triad (gang) backgrounds! But all these are non-Beijing initiated 
actions yet. We believe these are simply actions done by pro-government 
and Beijing groups who try to show support in stirring up unrest and 
conflicts to show that the protest is officially out of control! This 
same tactic has happened in Taiwan many years ago in their journey to 
democracy.

Since the police has better sustain the matter, protestors resumed talks 
with the government. But the gap between what they want and what the 
government may give is huge in terms of civil nomination. Also, the 
movement is under no one's control ore leadership really as many of 
those protestors came out voluntarily and believe no one else can 
represent their views, especially the politicians! So still not looking 
optimistic. I feel like putting down 1 panadol to suppress my headaches, 
but it is no where close to a cure!

Chester

On 10/6/2014 5:49 AM, Ariel Manoff wrote:
> +1
>
> Héctor Ariel Manoff
> Vitale, Manoff & Feilbogen
> Viamonte 1145 10º Piso
> C1053ABW Buenos Aires
> República Argentina
> Te: (54-11) 4371-6100
> Fax: (54-11) 4371-6365
> E-mail: amanoff at vmf.com.ar
> Web: http://www.vmf.com.ar
>
> -----Mensaje original-----
> De: Chapter-delegates [mailto:chapter-delegates-bounces at elists.isoc.org] En nombre de Winthrop Yu
> Enviado el: jueves, 02 de octubre de 2014 21:44
> Para: ISOC Chapter Delegates
> Asunto: Re: [Chapter-delegates] HK Protesters Targeted with Spyware
>
>     +1 Chester!
>
> On 10/2/2014 2:58 PM, chester at soong.net wrote:
>> Dear All,
>>
>> I joined the protest for 3 days and some of my friends in the IT
>> profession were there on the most violent day and being pepper-sprayed, hit, and tear-gased!
>>
>> We did worry about that but the Chief Executive of HK can, under his
>> authority, to shut down and intercept all telecommunications on an
>> executive order. So most of us have turned to Firechat now, and we
>> almost held a talk with Micha Benoliel as he happened to be in HK.
>> Now, it is not about getting your phone hacked or communications
>> sniffed anymore. It has gone back to traditional government
>> suppressing of protests with people infiltrating into the largely
>> peaceful protests and stir up unrests! Honestly, I worry about how
>> this will end. This has gone beyond the Internet, but it has helped us so far in spreading the truth and unveiling the issues.
>>
>> Regards,
>>
>>
>> Chester
>>
>> On Wed, 1 Oct 2014 20:17:16 -0400
>>    Glenn McKnight <mcknight.glenn at gmail.com> wrote:
>>> Protesters in Hong Kong calling for democracy reforms are being
>>> targeted by spyware that can affect both iPhones and smartphones
>>> running Google’s Android software, a security company claims.
>>>
>>> However the iPhone users among the thousands of protesters should be
>>> safe if they have not bypassed Apple’s security system to “jailbreak”
>>> their phones to install unapproved apps.
>>>
>>> The discovery marks the second time that the demonstrators’ phones
>>> appear to have been targeted since the protests began last week.
>>>
>>> Dubbed Xsser mRAT by Israeli firm Lacoon Mobile Security, the malware
>>> is being run from the same server as a malicious program targeting
>>> Android phones spotted last week
>>> <http://www.scmp.com/news/hong-kong/article/1594667/fake-occupy-central-app-targets-activists-smartphones>.
>>>
>>> That masqueraded as an app for the Occupy Central pro-democracy
>>> movement and was spread via messages on the cross-platform Whatsapp
>>> messaging system which urged readers to “Check out this Android app
>>> designed by Code4HK for the coordination of Occupy Central!”. Protest
>>> organisers said none of its members had developed or distributed the application.
>>>
>>> Lacoon said the Chinese government, which has been accused of various
>>> digital attacks on activists in recent years, was likely coordinating
>>> the attacks – though there is no proof the iPhone malware has
>>> infected any of the protesters’ phones. Only those which have been
>>> “jailbroken” by the owner to circumvent Apple’s normal security
>>> against unauthorised apps are vulnerable. However some users in Asia
>>> have jailbroken their iPhones in order to install local apps that are
>>> not approved for Apple’s App Store, or run special software. The
>>> malware does not itself appear to be able to jailbreak the iPhones.
>>>
>>> The version targeting Android smartphones can spy on the user because
>>> it masquerades as an app for organising the protest - and requests
>>> access to the owner’s phone address book, web browsing history,
>>> location, text messages, and phone call log. It can also record
>>> audio. Those details can then be sent to a web server in South Korea
>>> which appears to be controlled by a source in mainland China. If
>>> successfully installed, the iPhone malware collects the same data.
>>>
>>> “Cross-platform attacks that target both iOS [iPhone] and Android
>>> devices are rare, and indicate that this may be conducted by a very
>>> large organisation or nation state,” Lacoon co-founder Ohad Bobrov
>>> said in ablog post
>>> <https://www.lacoon.com/lacoon-discovers-xsser-mrat-first-advanced-ios-trojan/>.
>>> “The fact that this attack is being used against protesters and is
>>> being executed by Chinese-speaking attackers suggests it’s first iOS
>>> trojan linked to Chinese government cyber activity.”
>>>
>>> The US-based Electronic Frontier Foundation noted the likelihood of
>>> anyone involved in the Hong Kong protests getting infected was not
>>> high, given iOS devices had to be jailbroken and Android users still
>>> had to be tricked into downloading the malicious software, which was
>>> not on the official Google Play market and was not spreading on its own.
>>>
>>> The EFF also said that just because the iOS and Android malware are
>>> run from the same servers does not mean they are both are aimed at
>>> Hong Kong protesters.
>>>
>>> Claudio Guarnieri, a security expert now working to help activists
>>> across the globe, said over Twitter the iOS malware didn’t seem
>>> unique and was certainly not advanced as Lacoon had suggested, nor
>>> was there any evidence it was hitting Hong Kong protesters.
>>>
>>> But onlookers are still concerned about the range of malware
>>> targeting activists over different platforms. Security firm Kaspersky
>>> Lab confirmed it had also seen various examples of malicious apps for
>>> iOS and Android, as well as spyware samples for other platforms,
>>> related to the Hong Kong protests.
>>>
>>> “Since nearly every part of our lives now has a digital aspect to it,
>>> it’s no surprise, in a situation like this, to discover that there
>>> are those who wish to steal information from those involved. It is
>>> not the first nor the last attack of this kind. We previously
>>> observed both targeted and cybercriminal attacks against mobile
>>> users. This is unlikely to stop anytime soon, on the contrary, we are
>>> witnessing a steady growth of mobile malware,” said David Emm, principal security researcher at Kaspersky Lab.
>>>
>>> Guarnieri told the Guardian attacks over mobile on activists “have
>>> been happening for a while already and certainly won’t stop”.
>>>
>>> “By experience I see many activists putting an inherent trust in
>>> their phones while growing a distrust in their computers, and that
>>> leads sometimes to irresponsible use of both those technologies.”
>>>
>>> In June, so-called “lawful interception” technology was seen posing
>>> as a genuine Android news app, which appeared to be targeting people
>>> linked to political protest in eastern Saudi Arabia
>>> <http://citizenlab.org/2014/06/backdoor-hacking-teams-tradecraft-android-implant/>.
>>>
>>> Analyses of government-grade iOS malware date back to at least 2012.
>>> Glenn McKnight
>>> mcknight.glenn at gmail.com
>>> skype  gmcknight
>>> twitter gmcknight
>>> .
>>
>> _______________________________________________
>> As an Internet Society Chapter Officer you are automatically
>> subscribed to this list, which is regularly synchronized with the
>> Internet Society Chapter Portal (AMS): https://portal.isoc.org
>
> _______________________________________________
> As an Internet Society Chapter Officer you are automatically subscribed to this list, which is regularly synchronized with the Internet Society Chapter Portal (AMS): https://portal.isoc.org
>
>
> ---
> Este mensaje no contiene virus ni malware porque la protección de avast! Antivirus está activa.
> http://www.avast.com
>
> _______________________________________________
> As an Internet Society Chapter Officer you are automatically subscribed
> to this list, which is regularly synchronized with the Internet Society
> Chapter Portal (AMS): https://portal.isoc.org
>

More information about the Chapter-delegates mailing list