LONDON—Hackers working for the Chinese regime have broken into telecoms networks to track Uyghur travelers in Central and Southeast Asia, two intelligence officials and two security consultants who investigated the attacks told Reuters.
The hacks are part of a wider cyber-espionage campaign targeting “high-value individuals” such as diplomats and foreign military personnel, the sources said. But China has also prioritized tracking the movements of ethnic Uyghurs, a minority mostly Muslim group considered a security threat by Beijing.
China is facing growing international criticism over its treatment of Uyghurs in Xinjiang. Members of the group have been subject to mass detentions in what China calls “vocational training” centers and widespread state surveillance.
Beijing’s alleged cyberspace attacks against Uyghurs show how it is able to pursue those policies beyond its physical borders.
As part of the campaign, different groups of Chinese hackers have compromised telecoms operators in countries including Turkey, Kazakhstan, India, Thailand and Malaysia, the four sources said.
Those countries are frequently used as transit routes by Uyghurs to travel between Xinjiang and Turkey in what human rights activists say is an attempt to escape state persecution.
Beijing has justified its surveillance of Uyghurs by saying that such travelers may be going to fight for militant groups in Iraq and Syria, and that the measures in Xinjiang are needed to stem the threat of Islamist extremism.
Reuters was not able to identify which specific telecoms operators were compromised. Government officials in India and Thailand declined to comment. Authorities in Malaysia, Kazakhstan and Turkey did not immediately respond to requests for comment.
U.S. cybersecurity company Volexity this week published a report detailing what it said were Chinese efforts to hack the phones and email accounts of Uyghurs around the world.
Researchers at Google also said they had discovered a campaign by unknown parties to infect thousands of Apple iPhones, which sources told Forbes and TechCrunch was targeted at the Uyghur community.
‘Window Into Someone’s Life’
Telecoms operators have long been targeted by intelligence agencies around the world for the wealth of sensitive user data they hold, such as information on location and contacts.
The ability to access telecoms user data has also become an increasingly valuable spying resource as the widespread use of encrypted messaging platforms has made it harder to intercept and monitor communications, said John Hultquist, director of intelligence analysis at U.S. cybersecurity company FireEye.
“A single (telecoms operator) intrusion gives attackers access to a lot more information than they would get going after individuals,” he said.
FireEye said that one of the Chinese hacking groups it monitors had deployed a piece of malware against telecoms operators in Southeast Asia to mine SMS data for messages containing keywords associated with terror attacks, military ranks and names of Chinese politicians.
The Chinese hackers also widely targeted call detail record (CDR) data held by their victims, said Amit Serper, an investigator at U.S.-Israeli cybersecurity company Cybereason, which published a report on the activity this year.
CDR data shows who is sending and receiving calls, as well as the user’s location, giving an attacker what Serper described as “a window into someone’s life.”
Stealing a user’s CDR data “gives you the ability to see who this person is contacting and, most importantly, which cell tower their phone is connecting to all day,” he said.
“So not only can you map someone’s circle of friends, you can map someone’s entire day.”
By Jack Stubbs