China has been targeting Uyghurs living in exile in attacks on their online communications, sources say, with Facebook announcing in a statement this week it is taking action to counter the threat.
One Chinese hacker group, called Evil Eye, is working hard to lure Facebook users, offering links to subjects or “news items” of special interest to its targets, IT expert Steven Adair told RFA’s Uyghur Service in an interview.
These links, which lead to what often appear to be real web sites, allow the hackers to install malware on the targets’ devices, and especially on mobile phones, Adair said.
Messages from unfamiliar contacts may suggest “go look at this news link, or take a look at this video,” Adair said. “And if you click on that link, there’s a chance that your phone will be compromised.”
“And once they get the malware on [the phone], that gives the attacker a way to start stealing stuff,” Adair said. “So they could start monitoring your Facebook or your Facebook Messenger, or your WhatsApp, or your WeChat or your Telegram—the different applications on your phone.”
Hackers can then identify who users are, “where they are, passwords, things that they wrote, things that they said.”
Journalists and their sources are especially at risk as targets, Adair said. But anyone trying to protect their communications should be careful and not follow links that on close examination may include elements that just don’t look right.
“It’s good to be suspicious,” Adair said.
Facebook in a statement this week announced it was now taking action to shut down the hacking groups “to disrupt their ability to use their infrastructure to abuse our platform, distribute malware and hack people’s accounts across the internet.”
“[These groups] targeted activists, journalists and dissidents predominantly among Uyghurs from Xinjiang in China primarily living abroad in Turkey, Kazakhstan, the United States, Syria, Australia, Canada and other countries,” Facebook said.
On Facebook, China’s online espionage campaign primarily sent links to “malicious websites rather than direct sharing of the malware itself,” said the statement by Mike Dvilyanski, head of Facebook’s Cyber Espionage Investigations, and Nathaniel Gleicher, Head of Security Policy.
“We saw this activity slow down at various times, likely in response to our and other companies’ actions to disrupt their activity.”
'More careful now'
Speaking to RFA, Mustafa Aksu—program coordinator for research and advocacy at the Washington D.C.-based Uyghur Human Rights Project—said he had learned about the Chinese hacking from a Facebook warning.
“Not only my colleagues, but also friends from the U.S., Canada, Europe, Turkey, and Australia told me that they had received the same warnings. This is not the first hacking attempt, nor will it be the last. Such attacks have happened many times in the past,” Aksu said.
Aksu said his own Facebook and email accounts had been targeted before, and that he had even received emails purporting to be from Uyghur activists or journalists.
“But now we’re more careful and experienced,” he said.
Tracked and arrested
Phishing and other hacking attacks are more than mere nuisances for Uyghurs living abroad, whose contacts in the Xinjiang Uyghur Autonomous Region (XUAR) can be tracked and arrested. Journalists and rights activists are at particular risk.
Early this month RFA’s Uyghur Service editor Eset Sulaiman confirmed that two brothers and at least five of his cousins were detained by authorities in the XUAR, in what is seen as an intimidation campaign aimed at preventing him from reporting on rights abuses.
RFA learned after interviewing several local officials that the brothers and the cousins went missing after authorities in the XUAR launched a campaign of mass extralegal incarceration that has seen up to 1.8 million Uyghurs and other Muslim minorities detained in a vast network of internment camps since early 2017.
Sulaiman’s detained relatives joined more than 50 relatives of RFA’s Uyghur Service staff who have been confirmed held in some form of Chinese state detention, alongside the millions either in the camps or sentenced to prison for “crimes” often for activities deemed “religious extremist” by authorities.
Reported by Nuriman Abdurashid and translated by Alim Seytoff for RFA’s Uyghur Service. Written in English by Richard Finney.