A Uighur advocate in Australia who has been the target of cyberattacks by hacker groups in China has said the Australian government needs to do more to educate the Uighur community in Australia to protect themselves online.
Uighur advocates outside of China are frequently the target of hackers based in China.
Facebook’s head of cyberespionage investigations, Mike Dvilyanksi, and head of security policy, Nathaniel Gleicher, reported in March that a China-based hacking group known as Earth Empusa or Evil Eye had been targeting fewer than 500 advocates, journalists and dissidents, predominantly Uighurs from Xinjiang in China living in Turkey, Kazakhstan, the US, Syria, Australia and Canada.
Photo: AP
The group used fake accounts on Facebook to appear to be journalists, students, human rights advocates or members of the Uighur community to trick the targets into clicking onto malicious links that would install spyware on their devices.
Often the links would look like Uighur or Turkish news sites.
It followed a Google report in 2019 that users of its Android operating system were also targeted by hackers out of China.
Nurgul Sawut, a Uighur community leader based in Canberra, was last month one of more than 10,000 people named on a Chinese blacklist of “suspected terrorists” due to her advocacy, reported by Australian Broadcasting Corp.
She told Guardian Australia that she had been targeted since 2019 on Facebook, and the attacks took a number of forms.
There was the straight-out trolling, where they would set up accounts pretending to be people from the Uighur community, including her sister, and then post incendiary comments denouncing her, or sending her nasty messages, up to sending malware.
Those usually came through by someone in the community whose account had been taken over.
“Either they have received those messages and forwarded to me, or they just came directly to me through their account,” she said. “And as soon as you open that, your mobile is bugged. That has happened to me twice, and I had to reset my phone, and throw one phone away.”
Sawut said she was now careful, had multiple devices, used encrypted e-mail to communicate rather than Google Mail or Hotmail, did not have Facebook connected to any other services, and tried to avoid any apps she knows might have links to China.
Tom Uren, a senior analyst with the Australian Strategic Policy Institute’s International Cyber Policy Centre, told Guardian Australia that many people in the Uighur community tended to learn about the cybersecurity threat through word of mouth, but that was why the hackers turned to alternative methods like “watering-hole attacks” — where the attacker makes a fake Web site to look like a Web site the target might visit and it contains malware.
“If they’re doing that well, that’s why you might need the watering-hole attacks, because you’re not able to penetrate that operational security gap, so this is perhaps a different way to get onto those devices,” Uren said.
However, Sawut said getting others in her community to educate themselves on cybersecurity was a challenge.
“We’re constantly educating people not to put WeChat on your main mobile phone. Some people are smart enough to have WeChat on an old phone, but some people say they don’t have anything to hide. It’s very careless,” she said.
“I can’t be that careless. The amount of contacts I make, it’s very critical, and I do end up putting people at risk if I carelessly did what other people do. I’m tenfold more careful than anyone else,” she added.
Sawut said the Australian government should be educating the Uighur community in Australia about how to protect themselves and what apps they should and should not use.
“A lot of the information should be released to the public, yet they pretty much keep their cards really close to their chest,” she said.
The Australian Department of Home Affairs this month said in response to questions on notice from Australian Senate estimates hearings that it was not aware the advocates in Australia were being targeted until Facebook published the blog post in March.
The Australian federal police said it was not investigating the matter, but did make inquiries with Facebook after the post.
Australia’s top spy agency, the Australian Security Intelligence Organisation, said it would be inappropriate to comment, but said the agency takes the threat of foreign interference and espionage seriously.
When asked what the government was doing to support the Uighur community who might have been targeted, the department told parliament that A$122.6 million (US$95.33 million) had been invested in the past few years to counter foreign interference, as well as A$62.8 million invested in strengthening Australia’s social cohesion.
There were no specific measures listed on cybersecurity education.
Labor Party spokesman on cybersecurity Tim Watts told Guardian Australia that the government had not focused on the threat of foreign interference on those who are not in government agencies.
“Labor has long been calling for the [Australian Prime Minister Scott] Morrison government to take the threat of cyber-enabled foreign interference against diaspora communities and non-government democratic institutions like the media and research institutions seriously,” he said.
“It’s well past time the government stopped talking about it and delivered a real plan to protect these vulnerable groups from foreign interference,” he said.
Uren said there might be a reluctance for the government to recommend for or against using certain apps.
“It’s tricky space, because there are no guarantees, and governments don’t want to get into the situation where they say this is the best thing they advise that you use, and it turns out there’s some flaw,” he said.
CONFRONTATION: The water cannon attack was the second this month on the Philippine supply boat ‘Unaizah May 4,’ after an incident on March 5 The China Coast Guard yesterday morning blocked a Philippine supply vessel and damaged it with water cannons near a reef off the Southeast Asian country, the Philippines said. The Philippine military released video of what it said was a nearly hour-long attack off the Second Thomas Shoal (Renai Shoal, 仁愛暗沙) in the contested South China Sea, where Chinese ships have unleashed water cannons and collided with Philippine vessels in similar standoffs in the past few months. The China Coast Guard and other vessels “once again harassed, blocked, deployed water cannons, and executed dangerous maneuvers” against a routine rotation and resupply mission to
GLOBAL COMBAT AIR PROGRAM: The potential purchasers would be limited to the 15 nations with which Tokyo has signed defense partnership and equipment transfer deals Japan’s Cabinet yesterday approved a plan to sell future next-generation fighter jets that it is developing with the UK and Italy to other nations, in the latest move away from the country’s post-World War II pacifist principles. The contentious decision to allow international arms sales is expected to help secure Japan’s role in the joint fighter jet project, and is part of a move to build up the Japanese arms industry and bolster its role in global security. The Cabinet also endorsed a revision to Japan’s arms equipment and technology transfer guidelines to allow coproduced lethal weapons to be sold to nations
Thousands of devotees, some in a state of trance, gathered at a Buddhist temple on the outskirts of Bangkok renowned for sacred tattoos known as Sak Yant, paying their respects to a revered monk who mastered the practice and seeking purification. The gathering at Wat Bang Phra Buddhist temple is part of a Thai Wai Khru ritual in which devotees pay homage to Luang Phor Pern, the temple’s formal abbot, who died in 2002. He had a reputation for refining and popularizing the temple’s Sak Yant tattoo style. The idea that tattoos confer magical powers has existed in many parts of Asia
ON ALERT: A Russian cruise missile crossed into Polish airspace for about 40 seconds, the Polish military said, adding that it is constantly monitoring the war to protect its airspace Ukraine’s capital, Kyiv, and the western region of Lviv early yesterday came under a “massive” Russian air attack, officials said, while a Russian cruise missile breached Polish airspace, the Polish military said. Russia and Ukraine have been engaged in a series of deadly aerial attacks, with yesterday’s strikes coming a day after the Russian military said it had seized the Ukrainian village of Ivanivske, west of Bakhmut. A militant attack on a Moscow concert hall on Friday that killed at least 133 people also became a new flash point between the two archrivals. “Explosions in the capital. Air defense is working. Do not