As tens of thousands of protesters in Hong Kong continued to shut down the city’s main arteries on Wednesday in a call for democracy, a quieter struggle was playing out to monitor the demonstrations online.
The most recent salvo came to light Tuesday, when Lacoon Mobile Security said that it had tracked the spread of a fake mobile application designed to eavesdrop on protesters’ communications. In what is known as a phishing attack, smartphone users in Hong Kong have been receiving a link on WhatsApp to download the software, along with a note: “Check out this Android app designed by Code4HK for the coordination of OCCUPY CENTRAL!”
Code4HK, a community of programmers who have been working to support the democracy movement, had nothing to do with the application, according to Lacoon.
What Prompted the Hong Kong Protests?
Hong Kong belongs to China and operates under a policy of “one country, two systems.”
Hong Kong, a British colony until 1997, when China resumed sovereignty, is governed by a mini-constitution, the Basic Law.
The city maintains an independent judiciary, and residents enjoy greater civil liberties than residents of mainland China. Hong Kong has a robust tradition of free speech.
Democratic groups say Beijing has chipped away at those freedoms, citing an election law proposed last month that would limit voting reforms.
China had promised free elections for Hong Kong's chief executive in 2017. But the government rejected a call for open nominations, instead proposing that candidates would continue to be chosen by a committee dominated by Beijing.
The current city leader, Leung Chun-ying, has clashed with the pro-democracy opposition. After the crackdown on protesters Sunday, some called for his resignation.
After users download the application, it has the ability to gain access to personal data like passwords and bank information, spy on phone calls and messages and track the physical location of the infected smartphone. It is unclear how many smartphones in Hong Kong have been hit, but in similar attacks in the past, one in 10 phones that received such a message became infected, according to Mr. Shaulov.
“These really cheap social-engineering tricks, they have a high rate of success,” he said.
What makes the malicious app stand out is a version that can infect Apple’s iOS mobile operating system, which is usually more secure than Google’s Android, Mr. Shaulov said. Android is the dominant system on non-Apple phones.
“This is the first time that we have seen such operationally sophisticated iOS malware operational, which is actually developed by a Chinese-speaking entity,” he said.
Mr. Shaulov’s company traced the fake app to a computer that closely resembled those scrutinized by Mandiant, an American security firm that published a 60-page study last year that linked hacking attacks on American companies to the Chinese military.
It’s not the first time the democracy movement in Hong Kong has drawn sophisticated web attacks. In June, an unofficial referendum on Hong Kong’s political future that allowed people in Hong Kong to vote online drew one of the largest denial-of-service attacks in history, according to Matthew Prince, the chief executive of CloudFlare, which helped defend the referendum site from the attack. Such attacks are designed to overwhelm a site with online traffic, causing it to shut down.
Protesters in the current demonstrations in Hong Kong are making use of a new app that allows them to send messages without a cellular or Internet connection. Introduced in March, FireChat makes use of a cellphone’s radio and Bluetooth communications to create a network of phones close to one another — up to about 80 yards. Though downloaded widely by the Hong Kong protesters after rumors spread that the Internet would be cut, many have been making use of the app in areas where crowds have overwhelmed the cellphone system.
Other technological help has come from Code4HK, the programmers’ group. Its website provides links to live video feeds of the demonstrations, offers updated Google maps showing where supply and medical stations are in protest areas, and maintains an open spreadsheet that shows what supplies are needed.
Within China, the cat-and-mouse game that often goes on between politically minded Internet users and the government’s censors continued. Since Saturday, the Facebook-owned Instagram service has been widely inaccessible, according to users and several Internet monitors, leading commentators to speculate that the government had closed access to the app to stanch the flow of images of the protests. The rate of deletions of posts on China’s version of Twitter, Weibo, has also soared in recent days, an indication of how concerned the government is that news of the protests might spread unrest to China, according to Fu King-wa, a professor of media studies at Hong Kong University.
Despite the spike in deletions, David Bandurski, a researcher at the University of Hong Kong, said that the huge flow of posts and the reliance on humans to individually censor content meant that some posts were getting through. Possibly more so than on newer products like Tencent’s mobile messaging app WeChat, which he said showed more efficiency in blocking posts from its social network.
Beneath one post from a Chinese journalist on Weibo, Mr. Bandurski said he saw “page after page of comments.”
“It had become a public online square for people talking about what’s happening in Hong Kong,” he said.
Alan Wong contributed reporting from Hong Kong, and Andrew Jacobs from Beijing.