|
 Hackers have expanded their attacks to parking malware on popular
file-sharing services including Dropbox and Google Drive <GOOGL.O>
to trap victims into downloading infected files and compromising
sensitive information. They also use more sophisticated tactics,
honing in on specific targets through so-called 'white lists' that
only infect certain visitors to compromised websites.
Security experts say such techniques are only used by sophisticated
hackers from China and Russia, usually for surveillance and
information extraction.
The level of hacking is a sign, they say, of how important China
views Hong Kong, where 79 days of protests late last year brought
parts of the territory, a major regional financial hub, to a
standstill. The scale of the protests raised concerns in Beijing
about political unrest on China's periphery.
"We're the most co-ordinated opposition group on Chinese soil, (and)
have a reasonable assumption that Beijing is behind the hacking,"
said Lam Cheuk-ting, chief executive of Hong Kong's Democratic
Party, which says it has been a victim of cyber attacks on its
website and some members' email accounts.
U.S.-based Internet security company FireEye said the attacks via
Dropbox were aimed at "precisely those whose networks Beijing would
seek to monitor", and could provide China with advance warning of
protests and information on pro-democracy leaders. The company said
half its customers in Hong Kong and Taiwan were attacked by
government and professional hackers in the first half of this year -
two and a half times the global average.
China's Ministry of Foreign Affairs, Public Security Bureau and the
Liaison Office of the Central People's Government in the Hong Kong
Special Administrative Region did not respond to requests for
comment. The Defence Ministry said the issue was not part of its
remit. China has previously denied accusations of hacking, calling
them groundless, and saying it is a victim.
The Hong Kong police said its Cyber Security and Technology Crime
Bureau works with other law enforcement agencies to combat
cross-border crime, but did not respond to questions on how much
information it shares with mainland Chinese authorities, the origin
of the Hong Kong cyber attacks, or whether these might be a source
of instability or concern.
Police data show a drop in reported "unauthorized access", which
includes Internet or email account abuse and hacking, over the past
two years. Many of the victims Reuters spoke to said they hadn't
bothered to report being hacked.
SWITCHING TACTICS
Like other groups taking on the might of Beijing - from Uighurs and
exiled Tibetans to some Taiwanese - Hong Kong activists, academics
and journalists have become more savvy and adopted tactics that, in
turn, force hackers to get savvier still.
When Tibetan exile groups stopped clicking on files attached to
emails, to avoid falling victim to a common form of 'spear phishing'
attack, hackers switched their malware to Google Drive, hoping
victims would think these files were safer, said Citizen Lab, a
Canada-based research organization which works with Tibetans and
other NGOs.
Hackers also recently used Dropbox to lure Chinese language
journalists in Hong Kong into downloading infected files. FireEye,
which discovered the attack, said it was the first time it had seen
this approach.
"We don't have any arrogance to think we can beat them," said Mark
Simon, senior executive at the parent company of Hong Kong's Apple
Daily, a media group on the front line of the attacks.
[to top of second column] |
STRANGE WORDS
Trying to stay ahead of the hackers, activists and others use
multiple mobile phones with different SIM chips, encrypted messaging
apps, apps that automatically delete tweets, and code words to set
up meetings. If someone thinks they may be arrested, they remove
themselves from group chats.
Some things are kept offline.
"If we want to talk, we have some signal," said Derek Lam, a member
of student group Scholarism that helped organize the protests. "It's
a few words ... if I say some words that are really strange it means
we have to talk somewhere privately."
Law professor and protest organizer Benny Tai stores personal data,
such as names, email addresses and mobile numbers, on an external
hard drive that he says he only accesses on a computer without an
Internet connection.
The pro-democracy Apple Daily, which says it is hacked on an almost
weekly basis, has tightened its email security software, and has its
lawyers use couriers rather than email. FireEye last year connected
denial of service (DDoS) attacks against Apple Daily with more
professional cyber spying attacks, saying there may be a "common
quartermaster". It said China's government would be the entity most
interested in these "political objectives".
SOPHISTICATED HACKS
Steven Adair, co-founder of U.S.-based security firm Volexity, said
that code hidden on pro-democracy websites last year, including
those of the Democratic Party and the Alliance for True Democracy,
suggested a group he said "we strongly suspect to be Chinese... who
is very well resourced."
He said such tactics were more usually seen employed by Russian
hackers, aimed at very specific targets and designed to be as
unobtrusive as possible. "It's a real evolution in targeting," he
said.
In the run-up to Hong Kong district council elections earlier this
month, hackers used more basic techniques, breaking into at least 20
Gmail accounts at the Democratic Party, according to party officials
and Google logs seen by Reuters.
Between April and June, many hacked accounts were forwarding emails
to lovechina8964@gmail.com. An examination of the hackers' IP
addresses by the party's IT experts found some appeared to originate
in China, party officials said.
(Reporting by Clare Baldwin and James Pomfret in HONG KONG and
Jeremy Wagstaff in SINGAPORE, with additional reporting by Teenie Ho
in HONG KONG and Michael Martina and Ben Blanchard in BEIJING;
Editing by Ian Geoghegan)
[© 2015 Thomson Reuters. All rights
reserved.] Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |
