China Change

Home » Internet Freedom (Page 2)

Category Archives: Internet Freedom

Google Recommends Product From a Chinese Company with Communist Party and Military Ties for its ‘Advanced Protection Program’

Matthew Robertson, August 23, 2018

 

“Our goal is to make sure that any user facing an increased risk of online attacks enrolls in the Advanced Protection Program.”  Dario Salice, Advanced Protection Product Manager at Google. 

 

 

Google recommends security keys

“The Feitian key wirelessly communicates with your smartphone to authenticate the login.”

 

Journalists and dissidents involved in Chinese affairs are accustomed to every so often receiving a pop-up banner on their Gmail from Google informing them that “state-sponsored attackers” may have been attempting to gain access to their accounts. To guard against such intrusions, Google suggests signing up for its Advanced Protection Program.

The Advanced Protection Program involves using a pair of security keys that can be purchased on Amazon. The problem? Google recommends a product — the Feitian MultiPass FIDO Security Key — manufactured in China, by a Chinese company that is part of an “IT-Military Alliance” with the People’s Liberation Army (PLA). Its chief of research and development of over 16 years is a former member of the PLA. And it does the vast majority of its business selling security hardware to Chinese state banks.

Google unveiled its Advanced Protection Program in October 2017 as reported by The New York Times. But the report did not explore the extensive relationships between the Chinese supplier, Beijing Feitian Chengxin Technology Co., Ltd., and the Chinese government.

FullSizeRender

Security keys like the Feitian MultiPass are an implementation of public key cryptography — the most well known version of which is PGP (Pretty Good Privacy) — in hardware form. They are a form of two-factor authentication that allow an individual with the key and the password to access an account; if either is missing, access is denied. The introduction of hardware to the security equation makes access safe from phishing, social engineering, and even attacks on cell phones that intercept temporary security keys sent via SMS.

It is unclear how feasible it may be for Chinese intelligence and military actors to install a backdoor in or otherwise compromise the hardware. But if the hardware manufacturer is mobbed up with one of the most sophisticated offensive cyber actors in the world, the “world’s worst abuser of internet freedom” according to Freedom House, and a country where a private company can never say no to government demand, the question arises: Can it be safe?

China Change examined security filings, advertisements, periodicals, and media reports to build a mosaic of the interlocking relationships between Chinese state organs and Feitian Chengxin (飞天诚信股份有限公司). The image that emerges does not appear encouraging for the computer security of Chinese dissidents and others who may be using the product.

Company founding

Feitian was set up by four friends, three of whom were 1992 computer science graduates of Northern Jiaotong University (now Beijing Jiaotong University 北京交通大学): among them Huang Yu (黄煜), the current chairman, Li Wei (李伟), the general manager, and Lu Zhou (陆舟) their chief engineer.[1] Han Xuefeng (韩雪峰), a middle-school friend of Huang Yu, was recruited from a computer job in the Ministry of Railways to form the company with them. The four continue to own the majority of the company’s shares.[2]

Feitian 1, four founders

The four founders of the company after it went public on the Shenzhen Stock Exchange on June 26, 2014. Huang Yu and Li Wei (in that order) are on the right, while Lu Zhou and Han Xuefeng stand on the left.

 

The company was founded in 1998 at the beginning of a technology and internet boom in China. It has since become “the No.1 supplier of user authentication and transaction security for China Online Banking,” according to its website, employing 850 staff and serving thousands of businesses in 100 countries.[3]

As Feitian grew, so too did its ties to official China. By 2015, the conference room in its main Beijing campus had a wall full of awards and certifications from Chinese government departments.[4]

Dominance in the state bank market

The foundation of Feitian’s business in China has been in providing security fobs to state banks.

Lucrative contracts with the Industrial and Commercial Bank of China (the country’s largest) and China Merchants Bank were its first major orders in 2003, though it sat lower down in the food chain at that point, only able to operate as the original equipment manufacturer (OEM) for another brand.

Later the company was certified by the People’s Bank of China, China’s central bank,[5] and by 2005 was doing business with banks directly — including China CITIC Bank — not merely as an OEM.[6]

By 2014, 85% of the company’s revenue was coming from state banks, and Feitian was among the top three such vendors by revenue in the country.[7]

State information security a ‘precious business opportunity’

In 2003 the company joined the “IT-Military Alliance” (计算机世界科技拥军联盟) upon its founding. The event was hosted by the Network Infrastructure Department of the PLA’s General Armaments Department, along with other official organizations.

Only 12 companies formed the IT-Military Alliance. The founding ceremony was marketed as an opportunity for industry to present tribute to the PLA in celebration of the 76th year since its founding. Feitian notes on its website that “the head of the General Armaments Department expressed a deep interest in Feitian’s products,” and that “Feitian will inevitably provide earnest service to the giant military market under the grand strategy of ‘civil-military integration,’ and thus do our bit to help the construction of the nation’s informatized defensive infrastructure!”[8]

Feitian 2, Alliance

“In Earnest Celebration of the 76th Anniversary of the Founding of the People’s Liberation Army — Ceremony for the Founding of the IT-Military Alliance.” The event was part of Jiang Zemin’s push for “informatization” (信息化) of the PLA.

 

Though it is unclear when in 2003 Feitian won its first contract with ICBC, it is difficult not to imagine that its involvement with the PLA — irresistible though it may have been — helped in forging such relationships. Its approval and verification by the State Cryptography Administration in 2004 was also flagged as a “key milestone.”[9]

Already successful with banks in 2003, Feitian’s chief of research and development told the media in 2003 that the next areas of growth would be military and departments and offices for classified information (机要部门).[10]

The logic was obvious to Feitian executives: “As government procurement strengthens and priority is given to domestic products, our country’s state information security will be pushed forward considerably, and this is a precious business opportunity for the vast field of security companies.”[11]

It is difficult to find public information on the extent of that line of business. The company’s technology has however been certified as “military-use information security products.”[12]

In 2006, the company was awarded over one million yuan from a fund for new technology set up by China’s Ministry of Science and Technology. “This is the country’s strong affirmation of Feitian Co., and a thorough recognition of its technological prowess, project management capacity, and reputation,” said an announcement in the scientific press at the time.[13] Later in the year the company’s tech was declared “A New Important National Product” (国家重点新产品) by a number of government departments.[14]

From 2007 onwards, Feitian was selected to provide a smart card identity recognition system (智能网络身份认证系统) as part of the Torch Program,[15] China’s national plan to develop its high-technology industrial base.[16]

The company is part of a Smartcard Intellectual Property Alliance, a kind of government-industry group associated with the Beijing Municipal Intellectual Property Rights Bureau. A member of the Bureau’s Party Group (党组) presided over the alliance’s founding ceremony, on the basis that “the smartcard security industry concerns national information security and is an area of high-technology strongly supported by Beijing.”[17]

Feitian 3, keys

An example of one of Feitian’s security key products sold to banks in China, the ePass2000Auto LE.

Since 2009 Feitian has been listed in numerous databases maintained by the Ministry of Public Security among the accepted providers of identity recognition systems.[18] The list contains only Chinese companies trusted by the state, among them Huawei.

The company has also be the recipient of praise from former vice minister of Public Security Chen Zhimin (陈智敏) and other public and information security cadres, who are said to have expressed “excellent regard” for the company’s security management, and identification security.[19]

Feitian 4, Yu Huazhang

Yu Huazhang, the former PLA engineer and R&D chief at Feitian. (Source: 胡滢. 锁住的商机. 中国电子商务杂志. 2003(8). 56-58)

Perhaps most notably, since 2002 its research and development chief has been Yu Huazhang (于华章), a graduate of the PLA’s Information Engineering University and for the first seven years of his career an assistant researcher in the PLA’s General Staff Department. In April 2010, he became a 1% shareholder in the company. He is also a vice general manager.

The company and its key engineers won third prize (among many others) in the 2014 Beijing Municipal Technology Awards for “Application and operating system research and development for a chip in a visible-button smart security card” (可视按键型智能密码钥匙片内操作系统研发与应用) which sounds similar to the product being vended for Google’s enhanced security.[20]

Then there are the numerous exhibitions of official fealty on Feitian’s website, each not particularly significant taken on its own, but as a collection making clear that the company knows which way the wind blows. As a matter of routine, Feitian engages in activities like the following:

  • Hosting workshops for Chinese academicians to explicate the “spirit” of a series of Xi Jinping’s important speeches in order to “implement and carry out” the political directives resultant from the 18th Party Congress;[21]
  • Hosting tours of officials studying at the Party School;[22]
  • Advertising its award for “important contributions” to information security given by the Party-Government Password Science & Technology Progress Award Assessment Committee (yes).[23]

The company has been relatively profitable. Within its first year or so it had booked five million yuan in revenue, at gross profit of nearly 50%; by 2014 when it went public on the Shenzhen Stock Exchange its revenues were just over one billion yuan, 250 million yuan profit. (Its stock has been cut nearly in half since April 2018, however, due to “an inexplicable explosion in all manner of costs.”) In 2003 it occupied around 50% of the market for USB security keys, a dominance that it has likely grown since.[24]

Feitian 5, group photo with pla

Li Jinai (fifth from left), the former secretary of the PLA General Armaments Department and a member of the Central Military Commission, stands next to Feitian’s chairman Huang Yu (fifth from right), at a ceremony marking an alliance between the PLA and the IT industry in 2003.

 

The company has sought to expand overseas for at least a decade, in 2007 noting on its website that “Feitian’s ePass identification authentication products have been adopted by governments, banks, and others around the world. We have won a strong reputation as an independent Chinese company with our own intellectual property striding onto the world stage in information security.”

It is difficult to gather data on the extent of those expansion efforts — though the recommendation by Google speaks well to at least a partial success.

But does this compromise user security?

It goes without saying that almost everything we have documented above is simply part and parcel of Chinese companies doing business in China — in particular in a sensitive sector like information and network security, and especially when doing large business with state banks. When the PLA invites your company to join in the “earnest celebration” of its anniversary, present gifts, and join its industrial “alliance,” you don’t respectfully decline.

The same would obtain if the company were ever approached by military or civilian intelligence and instructed to install backdoors in its security fobs, according to Tom Uren, a visiting fellow in the International Cyber Policy Centre at the Australian Strategic Policy Institute.

“Companies in China aren’t able to refuse to engage in intelligence activities. This is laid out very clearly in Article 7 of China’s new 2017 National Intelligence Law,” Uren wrote in an email.

The law states: “All organizations and citizens shall, in accordance with the law, support, cooperate with, and collaborate in national intelligence work, and guard the secrecy of national intelligence work they are aware of. The state will protect individuals and organizations that support, cooperate with, and collaborate in national intelligence work.”

 

Feitian 6, RSA conference

Feitian’s chairman Huang Yu sits at his desk. The text says: “Feitian Chengxin: The Chinese Face That Appeared Eight Times at the RSA Conference.” (Source: 李玲玲. 飞天诚信:八次现身RSA大会的中国面孔. 软件世界杂志 2011(4). 60-61.

 

A Chinese information security business has no choice in the matter. The question then becomes how feasible it is for the security device to be weakened or tampered with. At the very least, there is an obvious opportunity at the level of firmware — the software layer coded into a device that controls its hardware — for an adversary to create mischief.

“The firmware matters a lot, and that looks like why Google is planning to replace the firmware on their whitelabeled Feitian keys,” says Dan Guido, CEO of Trail of Bits, a New York-based computer security firm.

This refers to Google’s ‘Titan’ security keys, which appear to be Feitian hardware with Google’s own firmware. On its Advanced Protection Program page, however, Google links users directly to Feitian’s own website, not to the Titan keys with Google’s own firmware.

 

“Attackers will tend to use the easiest method to achieve their goals,” says Tom Uren. “Is compromising the Feitian security key supply chain the easiest way? Maybe. Phishing is certainly the easiest/cheapest way to hack data currently and security keys significantly reduce its effectiveness. It will certainly be an avenue that Chinese intelligence would have to consider if security keys are widely used by people of interest to them.”

The means by which attackers could gain unauthorized access through the keys are potentially numerous, including complex methods of introducing flaws in the cryptography or its implementation. Markus Vervier, a computer security researcher, has documented vulnerabilities in some implementations of U2F (universal two factor authentication). His work was not in reference to Feitian.

Yubico, a Swedish-founded company and Google’s other suggested vendor of U2F products, seems to have previously made a veiled suggestion as to the potential vulnerability of its competitor. CEO Stina Ehrensvard wrote on the company’s blog: “Yubico strongly believes there are security and privacy benefits for our customers by manufacturing and programming our products in the USA and Sweden.” The company declined to comment for this article.

Google did not respond to a request for comment. The FIDO Alliance, an organization that certifies hardware (and which has certified Feitian) for implementing the security protocols used in U2F products, did not respond to a request for comment. Feitian did not respond to a request for comment.

One security researcher refused to comment because it’s “obvious” that backdoors could be put into hardware at the manufacturing stage, and his team didn’t want to single out any particular country.

Perhaps the simplest test of the security of the Feitian keys is a gut check: would security experts themselves use them?

“No,” wrote Tom Uren. “I use Yubico keys.”

 

 

—————————

[1] 亲历者说:“小乌鸡”如何变成“金凤凰” 中关村股权交易服务集团有限公司组织编写. 创客时代 亲历者讲创业. 2016

[2] http://www.csrc.gov.cn/pub/zjhpublic/cyb/cybypl/201207/P020120702612306569933.pdf

[3] “About.” n.d. Feitian Technologies Co. Accessed August 17, 2018. https://www.ftsafe.com/about.

[4] 祝惠春. 2015. “飞天诚信大‘起底’ 看它如何变成创业板金凤凰-一卡通世界.” 经济日报. June 3, 2015. https://web.archive.org/web/20180817204339/http://news.yktworld.com/201506/201506031013120738.html.

[5] https://www.ftsafe.com/about/History

[6] 祝惠春 (2015)

[7] 赵阳戈. 2014. “飞天诚信:市场占有率跻身行业前三.” 每经网. June 18, 2014. http://www.nbd.com.cn/articles/2014-06-18/842169.html; 韦伟. 2014. “飞天诚信业绩依赖银行 穿‘马甲’投标涉不正当竞争.” 财经频道, 中国经济网; May 15, 2014. http://finance.ce.cn/rolling/201405/15/t20140515_2816496.shtml.

[8] 小晨. 八一前夕 科技拥军——计算机世界科技拥军捐赠仪式暨科技拥军联盟成立大会隆重举行. 微电脑世界,2003,(15).

[9] 飞天诚信喜获国密办两项资质_商用密码生产定点和销售许可. 电脑编程技巧与维护 2004(6).

[10] 胡滢. 锁住的商机. 中国电子商务杂志. 2003(8). 58

[11] Ibid.

[12] http://download.ftsafe.com/files/reader/FT-QUALIFICATION.pdf

[13] 飞天诚信荣获科技部技术创新基金支持. 电脑编程技巧与维护 2006(6).

[14] 崔光耀. 行业 标杆 如何竖起 — 飞天营销总监徐东谈国内业务. 信息安全与通信保密 2007(7). 34-35

[15] 2007: http://www.chinatorch.gov.cn/2/c100933/201402/72b304fcfb264910977d831759d23d9e.shtml; 2009: http://www.chinatorch.gov.cn/2/dddtt/200908/63f169a86da8411d804c555cb53767d9.shtml; 2011: http://www.most.gov.cn/tztg/201110/W020111013381125627477.pdf; 2016: http://www.chinatorch.gov.cn/2/c100924/201611/f2e7a55aef2847b8a3d578d6ec19c6ec.shtml

[16] https://web.archive.org/web/20171226031054/http://www.chinatorch.gov.cn:80/english/index.shtml

[17] “北京市成立智能卡行业知识产权联盟.” 2015. HRWF.com. May 2, 2015. https://web.archive.org/web/20180819201245/http://www.hwrf.com.cn/news/87276.html.

[18] See for instance: https://goo.gl/sJwD7B; https://goo.gl/sJwD7B; https://goo.gl/JuzmR4https://goo.gl/Ld4XEC

[19] 飞天诚信守护首都网络安全. 电脑编程技巧与维护. 2015(10),97.

[20] 2014年北京市科学技术奖获奖公告三等奖. May 6, 2015. http://jxw.beijing.gov.cn/creditbj/sxgs/14819.jhtml

[21] https://www.ftsafe.com.cn/article/483.html

[22] https://www.ftsafe.com.cn/article/500.html

[23] https://www.ftsafe.com.cn/article/509.html

[24] 胡滢. 锁住的商机. 中国电子商务杂志. 2003(8). 58

 

 


Related:

Google Advanced Protection Program: How to lock down your account (Google takes aim at “targeted” online attacks. Here’s everything you need to know about the new security option — including whether you should use it), CNet, October 17, 2017.

Google expands its Advanced Protection Program to cover Apple’s native iOS apps, VB, MAY 3, 2018.

GOOGLE STAFF TELL BOSSES CHINA CENSORSHIP IS “MORAL AND ETHICAL” CRISIS, The Intercept, August 16, 2018.

GOOGLE EXECUTIVES MISLED STAFF IN MEETING ON CHINA CENSORSHIP. HERE ARE 13 QUESTIONS THEY MUST ANSWER. The Intercept, August 17, 2018.

New Gmail feature could open more users to phishing risks: Government officials, ABC News, July 17, 2018.

 

 


Support Our Work

At China Change, a few dedicated staff on a shoe string budget bring you information and produce videos about human rights, rule of law, and civil society in China. We want to help you understand aspects of China’s political landscape that are the most censored and least understood. We are a 501(c)(3) organization, and your contribution is tax-deductible. For offline donation, check our “Become a Benefactor” page. Thank you.

$10.00

 

 

 

 

‘Beep. Beep Beep’: A Group Emerges in China and a Code is Born

Yaxue Cao, April 17, 2018

 

neihan duanzi composite 3

 

On April 10, China’s State Administration of Radio and Television ordered the permanent closure of the Neihan Duanzi (translated roughly as ‘quirky skits’) app and website. In its announcement, the authorities denounced the app and its public WeChat account as having an “improper orientation and vulgar style” that supposedly “evoked the great disgust of netizens.” Though the Chinese government has closed numerous popular entertainment websites over the last couple of years, the targeting of Neihan Duanzi triggered a storm of discontent, and observers said that the authorities had “stirred up a hornet’s nest.” The episode has brought to wider attention a large, little-known group in society, and observers are trying to grapple with its social and political significance.

Neihan Duanzi is primarily a mobile app on which users share inside jokes and absurdist videos. The platform first appeared on the website ‘Today’s Headlines’ (今日头条), also known in its pinyin form ‘Jinri Toutiao’ or Toutiao, in May 2012. The parent company that created both the app and the website, Bytedance, writes on its homepage that “We are building the future of content discovery and creation.” Neihan Duanzi was in fact the first product of Toutiao, predates the latter by three months, and quickly recruited the app’s first group of users. By 2017, Bytedance, established just five years prior, had leapt to number 41 on the official list of China’s Top 100 Internet Companies.

Neihan Duanzi encompasses a variety of short video sketches (funny, moving, musical, playful, and cute videos), genius retorts or responses (脑洞神评论, highlighted comments on Neihan Duanzi), hilarious images, and humorous sketches of all taste and manner.

The joke culture in China is a huge market. According to Bigdata Research’s 2nd quarter 2017 China joke app market research report, as of the end of June there were over 28 million users of these apps, a year on year growth rate of 5.7%. Bigdata Research notes that in July 2017 Neihan Duanzi was the most popular in this universe of apps, with 21.7 million users. Searching for ‘Neihan Duanzi’ in QQ groups, another popular Chinese social media platform, shows hundreds of chat groups dedicated to it.

Toutiao boasts a market value of over $20 billion. With its combination of data mining and AI algorithms that draw on user profiles and interests, its apps make targeted recommendations for news, music, movies, and games, and attract a massive inflow of users. Toutiao currently reports having 600 million active users, with 120 million daily actives.

Protests by ‘Skit Friends’

Neihan Duanzi’s enormous user base skews young. They call themselves ‘skit friends’ (段友), and organize ‘skit gatherings’ (段友会) in many cities, big and small, in China. They have formed their own online and offline communities, and have their own coded language. Many of them have Neihan Duanzi-inspired bumper stickers, sold by numerous merchants on Taobao, the Chinese equivalent of Ebay.

Videos shot by Neihan Duanzi users show the amusement they derive from greeting one another with coded messages in public: beeping, opening car trunks, and citing their codes back and forth. Some of the best known phrases include the likes of: “When skit friends go to battle, the grass ceases to grow” (段友出征,寸草不生); “Beer and crayfish, skit friends are one family” (啤酒小龙虾,段友是一家); or “Heaven king conquers earth tiger, chicken stews with mushrooms” (天王盖地虎,小鸡炖蘑菇).

Clearly, these interactions are a source of tremendous enjoyment and entertainment for the participants.

After Neihan Duanzi was closed, videos of previous gatherings of skit friends began to be shared widely online. Several of them show the remarkable scene of dozens of cars arrayed in formation late at night, together sounding out the calling card of the community: ‘Beep. Beep beep.’

According to Radio Free Asia, protests against the closure of the platform have taken place in Nantong (南通), Changsha (长沙), Yingkou (营口), Wuxi (无锡), Beijing (北京), and elsewhere. Protesters use the ‘beep, beep beep’ signal to initiate communication, which is met with response beeps and double blinking of car lights. Footage of the public events is often shot with drones and uploaded (here, here, and here.)

During a skit friend assembly of unclear date in Changzhou, Jiangsu Province, about 200 people formed a circle and, like the students of the Hong Kong umbrella movement, held their cellphones aloft as torches and sang. The chosen piece of the night was popular singer Wang Jianfang’s ‘On Earth’ (王建房《在人间》):

Maybe I can’t win over Heaven and Earth.
Maybe I’ll hang my head and weep.
Maybe a June snowfall will enter my heart.
There’ll be a Berlin Wall I can’t get over.
Suffering will neighbor me all my days.

What has the grand era already snatched from you?
Who lives on earth as though it’s not a prison?
I won’t cry. I’ve no more dignity to abandon.
When the day comes that those dreams drown in the crowds
Don’t be sad, let them go, and sing this song at the funeral.

‘On Earth’ has come to be known as the theme song of Neihan Duanzi, and renditions of it have been widely spread on the platform (here, for example).

 

neihan duanzi composite 2

 

The CEO’s Apology

On April 11, the founder and CEO of Jinri Toutiao Zhang Yiming (张一鸣) issued “Apologies and Reflections.” “Jinri Toutiao will shut down once and for all its ‘Neihan Duanzi’ app and its public accounts. Our product took the wrong path, and content appeared that was incommensurate with socialist core values, that did not properly implement public opinion guidance — and I am personally responsible for the punishments we have received [as a result].”

His confession confirms that the real reason for shutting down the app is political — what young people are consuming and how they are entertain themselves are not to the liking of the Party. “We prioritised only the expansion of [platform] scale, and we were not timely in strengthening quality and responsibility, overlooking our responsibility to channel users in the uptake of information with positive energy. We were insufficiently attentive, and in our thinking placed insufficient emphasis on our corporate social responsibility, to promote positive energy and to grasp correct guidance of public opinion.”

The young CEO with an engineering background promised to “[strengthen] the work of Party construction, carrying out education among our entire staff on the ‘four consciousnesses,’ socialist core values, [correct] guidance of public opinion, and laws and regulations, truly acting on the company’s social responsibility.”

He also promise to strengthen content review by humans, raising the current number of review staff from 6,000 to 10,000 persons. That is, for each person hired for content production, almost two are hired for review and sales, according to one report.

Last week, Xinhua published an editorial criticizing the online viral video as an entertainment form, saying: “In a society where it’s easier and easier to get clicks, at the same time that internet videos give the public novel experiences, because some of the content has no bottom line, some of these clicks spread poison and harm the public, especially young people.”

The same editorial cited an unnamed ‘expert’ who said: “These internet video websites get hundreds of millions of viewers, allowing ‘demons and goblins’ to warp the value system of adolescents, turning it into a trend to imitate and copy.”

An April 13 (unverified) work instruction from the Changsha Municipal Public Security Bureau Intelligence Command Center was circulated online, saying that four gatherings of ‘skit friends’ took place on April 11 in the city, and that the provincial public security bureau demands “public security organs in every locale engage in a thorough search for an evidentiary trail and online detection work, prevent assemblies that would lead to hype and unstable factors.”

As for skit friends gathering on the streets or in public spaces, the Zhejiang Haimen Public Security Bureau said in an April 8 announcement: “Any citizens convening crowd-style assembly activities must act strictly according to legal provisions,” or else “public security organs will pursue legal responsibility against the responsible parties.” The notice invoked “Law on Assemblies, Processions and Demonstrations” (《中华人民共和国集会游行示威法》) the “Road Traffic Safety Law” (《中华人民共和国道路交通安全法》), and the “Public Security Administration Punishments Law” (《中华人民共和国治安管理处罚法》).

 

neihan duanzi composite 1.png

 

Deeper Reasons

Chinese young people generally pay scant attention to politics and they have been criticized for ‘amusing themselves to death.’ But entertainment has, it appears, come to give the Communist Party a severe headache. Using the phraseology of Xinhua, the jokers are seen as ‘demons and goblins’; their whimsical, irreverent attitude is seen as a strong rejection of autocratic authority and control. Perhaps, inside the ruling party, this movement has given rise to a strong sense of unease — not to mention that the style of humor itself is at times imbued with the implicit wish for freedom and dignity. We could even say that these young people are a ‘new form’ of Chinese person, the first generation to have been born and come of age entirely in the era of reform and opening up. They are the digital generation. They seem to take a great deal of pride in their own idiosyncratic way of life.

The news outlet Duowei, whose political allegiances have always been ambiguous, cited unidentified ‘voices’ who explained that the fundamental reason the Communist Party shut down Neihan Duanzi is because the app’s user base had begun to look like an embryonic political movement. Users are spread across China’s provinces, in small-, large-, and medium-sized cities; they come from all walks of life; they have formed their own community, with attendant slogans, signals, and an initial form of behavioral standards (such as the ‘three don’t laughs’: no laughing at natural disasters, no laughing at man-made disasters, and no laughing at illness). Between them, skit friends have a strong sense of cohesion, identity, belonging, and group honor. One of their slogans is ‘skit friends are one big family,’ and ‘if you’re in trouble, find a skit friend.’ The Party is afraid of all of this.

Searching on Baidu for + (城市+段友会) brings up related organizations almost anywhere. On rear windshields and car bumpers in cities around the country, Neihan Duanzi slogans can be seen. Photographs and videos from their meetings indicate that skit friends often have their own vehicles, and sometimes camera-equipped drones. In some cities they even have clubhouses.

It’s being pointed out that these skit friends grew up on shoot-em-up video games. Now that they have a chance for real conflict, they think it’s exciting. Shutting down Neihan Duanzi shows these young people the pain of having their freedom stripped away — it’s that simple.

The Beijing-based historian Zhang Lifan (章立凡) gave an example of shooting oneself in the foot on Twitter: “Before the former president of Egypt Hosni Mubarak lost power, the Egyptian government at one point cut off the internet, leading to countless people who were happy to be at home playing video games to take to the streets… everyone knows what happened next.”

Dissident writer Hu Ping (胡平) noted that “Xi Jinping doesn’t like ‘vulgarity’ among the masses, and wants to force men, young and old, to all be ideologically acceptable to the Party. This is a peculiarity of totalitarianism. Vulgarity is an important part of life, and if the regular people in society still have the space to enjoy humor, it means that the power of the state has not yet infiltrated everything and everywhere.”

Another dissident and author Li Xuewen (黎学文) believes that, “simply in the context of China’s new totalitarianism, the slogans and activities of Neihan Duanzi users set a worthy example for all who oppose the regime. Relying on internet culture to create a set of mobilization slogans is highly novel; and with a few horn beeps crowds can be gathered, as the symbols of an online community are shared and used as codes for mobilization — these qualities have not been seen in any mainland resistance movement to date.”

An Twitter user in Changsha said that on Tuesday when he was out walking in the evening, he spotted two cars near his home with ‘Neihan Duanzi’ and ‘Douyin’ (抖音, another app by Toutiao) stickers.

Another Chinese Twitter user, location unknown, posted on Friday: “Today I personally heard skit friends beeping at each other. One can feel the undercurrent. Maybe a big era has begun just like that.”

Beep. Beep beep.

 

 

Yaxue Cao edits this website. Follow her on Twitter @YaxueCao

 


Recent posts on China Change:

Eight Detained for Organizing Humanitarian Assistance for Political Prisoners and Their Families, China Change, April 15, 2018

A Six-day Strike in Shanghai Caused by a $110 Pay Cut – Collective Action by Sanitation Workers in China’s ‘New Era’ of Stability Maintenance, Wang Jiangsong, April 13, 2018

Crushing a Rose Under Foot: Chinese Authorities Target Internet Chat Groups, China Change, April 4, 2018

Who Are the Young Women Behind the ‘#MeToo in China’ Campaign? An Organizer Explains, Xiao Meili, March 27, 2018.

With Its Latest Human Rights Council Resolution, China Continues Its Assault on the UN Human Rights Framework, Andrea Worden, April 9, 2018.

The Might of an Ant: the Story of Lawyer Li Baiguang (1 of 2), Yaxue Cao, March 20, 2018

The Might of an Ant: the Story of Lawyer Li Baiguang (2 of 2), Yaxue Cao, March 21, 2018

 

 

 

 

Crushing a Rose Under Foot: Chinese Authorities Target Internet Chat Groups

China Change, April 4, 2018

 

Rose 公民权利讲座

A web lecture hosted by the Rose Team in mid-2017.

 

Between February and March this year, rights activists from provinces around China were summoned, questioned, and threatened by secret police who demanded that they withdraw from the ‘Rose chatgroups,’ also known as the ‘Rose team.’ These chatgroups have attracted relatively large numbers of internet users on different portals such as QQ, Skype, WeChat, Telegram, and WhatsApp. The intervention by Chinese police took place following the criminal detention of Xu Qin (徐秦), a leading activist and a spokesperson among these online groups, on February 9. She was accused of ‘picking quarrels and provoking trouble.’ Prior to this, the initiator of the Rose chatgroups and Wuhan dissident Qin Yongmin (秦永敏) was detained on January 9, 2015.

Between March 2013 and December 2014, Qin published a series of 12 open letters demanding that the government open a dialogue with the citizenry, that it safeguard human rights, and that it initiate a peaceful transition towards democracy in China. By the end of 2014, nearly 2,000 people had signed this appeal, the vast majority of them petitioners who had for years been suppressed and denied access to justice. Naming his movement after the rose, Qin set up chat groups on QQ, Skype, and WeChat, eventually resulting in a series of Rose groups online. Each group elected its own chat administrator through competitive elections and voting; altogether the initiative became a virtual gathering ground for like-minded petitioner-activists.

 

Rose XuQin

Xu Qin (in bright blue coat) and her activist friends call for the release of Qin Yongmin and his wife in Wuhan.

 

On June 4, 2014, Qin and his group set up the ‘Rose China’ website. It had 13 sections, including ‘Rights Observer,’ ‘Focus News,’ ‘Major Issues of Public Welfare,’ ‘Learning Center’ and more. The site also began holding online lecture series and meetings. Qin Yongmin tried to set up an organization called ‘China Human Rights Observer,’ though the authorities refused to register it as an official civil group.

Rose China’s website, hosted on servers outside the country, went offline for a short period recently, but is back up and running now.

In June 2016, the Wuhan Municipal Procuratorate indicted Qin Yongmin with “organization, scheming, and carrying out [a plot to] subvert the state regime.” It wasn’t until August 2017 that Qin saw his lawyer for the first time. His trial has been postponed again and again, and is now set for May this year. The indictment cited his organizing the Rose Group, among other things, as evidence of crime.

Qin, 64, is one of China’s most veteran political prisoners. The earliest years of his activism go back to the 1970s. In 1981 he was sentenced to eight years imprisonment for participating in the ‘China Democracy Party,’ and was freed in 1989. He spent 1993 to 1995 in a forced labor camp after initiating the ‘Peace Charter’ (《和平宪章》). In 1998 Qin established the website China Rights Observer in Wuhan, as well as the Hubei branch of the China Democracy Party, for which he was charged with subversion of state power and sentenced to 12 years imprisonment. He completed the sentence in November 2010.

Xu Qin, 55, got into activism by the need to defend her own rights — but she soon began defending the rights of others, and became an active participant in the Rose chatgroups. After Qin Yongmin was arrested in 2015, Xu took up the mantle of leadership of the Rose groups, and began to speak publicly about China’s human rights situation, in particular to foreign journalists, making her one of the few active voices in the now largely dormant China human rights scene. On February 9, 2018, before the Chinese New Year, Xu Qin disappeared while visiting her hometown of Yangzhou in Jiangsu Province. It was soon confirmed that she had been arrested. In March she was placed under ‘residential surveillance at a designated location’ and the initial charge of ‘provoking quarrels and stirring up trouble’ was upgraded to ‘inciting subversion of state power.’ She has not been allowed access to a lawyer.

Since February, a number of activists have been summoned and questioned by state security officers, including Ding Yu’e (丁玉娥) in Shandong, Guo Chunping (郭春平) in Henan, Wang Jiao (汪蛟) in Anhui, Huang Genbao (黄根宝) in Xuzhou, Jiangsu, and Fan Yiping (范一平) in Guangzhou. State security agents demanded that they leave the Rose chatgroups and threatened “If you don’t listen, you’ll bear the consequences yourself.” Guo Chunping was beaten by police while in custody.

Even human rights lawyers have been questioned about their possible connections with the Rose chatgroups. On March 30, Friday, the recently disbarred lawyer Sui Muqing (隋牧青) was visited by two police who wanted to ask questions “about WeChat Rose chatgroups.” Lawyer Sui wondered why the Rose groups have become the target of such widespread action and concluded that the interrogations and arrests had to have been ordered and coordinated by a central organ in Beijing. He declined police’s request for questioning.

 

Rose, Qin Yongmin

Qin Yongmin.

 

Separately, the whereabouts of at least two activists (Yang Tingjian [杨霆剑] in Jiangxi and Xu Kun [徐昆] in Yunnan) are currently unknown. But their disappearance is believed to be connected to crackdown on Rose chatgroups.

The Rose activists that were interrogated by police were told that these chatgroups have been designated an ‘illegal organization.’ Police said that 51 people have been arrested so far in connection with the groups, though there is currently no way of independently corroborating the figure.

Civil Rights and Livelihood Watch (民生观察网), a Chinese human rights website, on March 29 published a statement that said: “From the limited information revealed by the media, it is clear that the Chinese communist authorities have launched a national, large-scale suppression of the Rose chatgroups, in order to, 1) crush the chatgroups by conducting mass summonses, threats, and arrests of participants, and 2) gather ammunition for bringing false charges against Rose chatgroup leaders Qin Yongmin, Xu Qin, and

China Change understands from activists in China that many people have already quit the Rose chat groups, and that some chat rooms were long ago suspended, shut down, or had no administrators. Some activists say, however, that a few groups are still active. The chief editor of the Rose China website quit the Whatsapp Rose chat group for activists in Hubei.

The targeting and attempted obliteration of the Rose chatgroups indicates that the government in Beijing is methodically dismantling activist groups, including even loose or casual connections between activists. In the past five years, it has first taken out the leading activists across the country and imprisoned them, including with the now infamous 709 incident against human rights lawyers. Having done that, it is now engaged in a second and third round, to purge any continuing human rights activities.

 

 


Related:

Members of Petitioners Group ‘Rose China’ Detained, Yaqiu Wang, January 18, 2016.

 

 

 

Political Prisoner’s Wife Beaten by Relatives Who Asked Her to Leave Husband

Yaxue Cao, November 1, 2017

 

Li Aijie and son, online

 

Li Aijie (李爱杰) is from Henan province, China’s central plains. She married a man named Zhang Haitao (张海涛) in Urumqi, Xinjiang, who moved from Henan to the far northwestern region in the 1990s seeking job opportunities after being laid off from a state-owned enterprise. He made a living trading in electronics. The couple were very much in love.

Embittered by personal injustices in the hands of authorities, he was attracted from 2009 onward to the thriving rights defense activism around the country. He partook in online forums that discussed democratic ideas; he volunteered for the human rights website Human Rights Campaign (“权利运动”); he signed a petition urging the Chinese government to abolish the extra-legal Reeducation Through Labor detention system; he gave interviews to Voice of America and Radio Free Asia on what he had observed on the streets of Urumqi. And so on.

张海涛He was arrested in 2014, and on January 15, 2016, he was convicted of “inciting subversion of state power” and “prying into and illegally supplying intelligence abroad” (为境外刺探、非法提供情报罪) and sentenced to 19 years in prison by the Urumqi Intermediate Court. The judgment cited 69 WeChat posts and 205 Twitter posts, including retweets of others’ tweet, as evidence of inciting subversion, and named Voice of America and Radio Free Asia as “hostile foreign websites.”

Li Aijie was pregnant when her husband was arrested. She gave birth to a little boy whom the father named “Little Mandela” (小曼德拉). She has since moved back to Henan to seek refuge in her hometown among relatives.

On April 19, 2017, with the help of activists, Li Aijie embarked on a journey of over 2,000 miles to visit her husband, who had been serving his sentence in Shaya Prison in the heart of Xinjiang on the edge of the Taklimakan Desert. She visited him again in late July after many calls asking permission from the prison, even though by Chinese law, prisoners are allowed only one family visit each month.

Her requests for visits since September have not come to fruition.

Zhang Haitao was jailed in solitary confinement to receive “education.” He described to his wife that the cell has a window that can let in air and a bit of sunlight. He stays in there all day and all night, and is not allowed yard time.

The first time she visited, the prison didn’t allow her to show and give him photos of his son. The second time they let her.

For the thousands of miles she traveled, they were allowed 30 minutes only at each of the two meetings.

Over the summer, she traveled to Beijing. She wanted to ask the Central Leadership to transfer Zhang Haitao to a prison in Urumqi for humanitarian reasons: to make her journeys to the prison one third shorter and easier to travel. At the Ministry of Justice, she said she never got past the gate. A person came out telling her to go to the Bureau of Calls and Letters (国家信访局). She went there and didn’t succeed in getting past the gate either.

Li Aijie, 被家人殴打On October 8 when Li Aijie visited her parents’ home, she was assaulted by her eldest brother and an older sister. They punched her on the face and the head. “Do you know how many times the police have talked to me?” the brother shouted at her according to her account. “What good is it to wait for Zhang Haitao? What does the future hold for you? Cut your relations with him! Stop going to Xinjiang!” “Look at the man you married!” The sister let out her anger. “You ruined yourself, now the whole family suffers from it, and you refuse to listen!”

They pushed her on the floor and kicked her. The elder brother was about to throw a chair at her when another brother stopped him.

Local authorities threatened the jobs of Li’s siblings if they don’t “rein her in.”

She wrote: “Am I wrong to love someone and wait for him? Visiting Haitao is my legal right. My son and I are the hope that Haitao lives for togets out of prison alive. I can’t leave him at a moment like this. I really can’t.” She said she’s never going to leave her husband, and asked those who interfered with her relationship to cease.

China Change has made considerable effort to bring Zhang Haitao’s case to the attention of our readers and the State Department. Among other things, we translated the entirety of the court decision to facilitate the evaluation of Zhang’s case. We argued that the U. S. government is obliged to defend its institutions when VOA and RFA—both funded by Congress— interviews are used as criminal evidence to imprison Chinese citizens.

A Call for Help

I spoke to a human rights lawyer in Henan, and Zhou Fengsuo (周锋锁)—the founder and board director of Humanitarian China—spoke to Li Aijie herself for permission, which she gave, to raise money for her and her child to help cover her travels to Xinjiang.

If you want to help, you may make a donation to Humanitarian China stating the purpose of your contribution. Humanitarian China is a 501(c)(3) based in the San Francisco Bay Area of California. Humanitarian China has been providing financial support to political prisoners, their family members, and civil society activists in China since 2007. In the last few years it raised money for Uighur scholar Ilham Tohti, independent journalist Gao Yu, the wife and children of Zhao Changqing, and the 709 human rights lawyers.

If you are a human rights organization with relief fund, please extend a helping hand to Li Aijie and her baby son. 

 

Disclaimer: Yaxue Cao, editor of this website, is a board member of Humanitarian China.

 


Related:

Activist in Xinjiang Sentenced to 19 Years for Online Writings and Rights Activities, Yaqiu Wang, January 21, 2016

Appeal Begins of Harsh 19-Year Prison Term Given Xinjiang-based Activist Zhang Haitao, Yaxue Cao, February 21, 2016

U.S. Government Must Intervene in Zhang Haitao’s Case, China Change, November 21, 2016

A Long Journey to Visit My Husband Zhang Haitao in Shaya Prison, Li Aijie, April 23, 2017

A Long Journey to Visit My Husband Zhang Haitao in Shaya Prison, Part Two, Li Aijie, April 29, 2017

Zhang Haitao Court Decision, a Full Translation by China Change

Zhang Haitao’s Appeal, a Translation by China Change

 

 

 

 

In Search of Better Digital Protection for Human Rights Defenders In China

Safeguard defenders, September 19, 2017

 

saveguard defenders _ a project by

info@safeguarddefenders.com

 

Among the many revelations into the systematic repression of the human rights community to have come to light since the beginning of the 709 Crackdown have been accounts from those released about the access of police and state security to chat logs and emails, even communications and documents those people thought they had deleted.

This heightened awareness has certainly pushed the idea of taking digital security precautions in how to prevent sensitive information from falling into the hands of police in the event of detention. However, the focus of trainings and guidebooks is often directed in the wrong direction, namely on more advanced hacking and sophisticated intrusion. This continued focus on advanced threats actually has and will continue to harm human rights defenders’ safety. This is because it is not only nearly impossible to defend against such high level threats but that also in almost every case this is not the real threat. In the end, time is consumed trying to defend against a largely non-existent threat.

It is true that the capability of the Chinese Government concerning data forensics and hacking has developed like other aspects of the country, but those often limited resources are used against other bigger, and usually international, targets. On top of that, police and state security know well that the impunity with which they can act means that they have more direct, easier, access to whatever a human rights defenders’ computer or phone might hold; namely the use of direct threats, torture and intimidation against family, friends and loved ones. There are exceptions, but against these tools of repression, few people can stand up for long.

Real security must thus be based on the fact that a defenders’ computer and phone will be taken, and chances are that they will be forced to give up the information the police is after. The threat of torture or disappearance is sadly quite effective against even the best password or encrypted file. Any training and training material must be based on this reality. Digital security requires physical and behavioral changes in addition to passwords and applications.

The reality is also that digital security solutions that decrease the efficiency of our phones and computers are likely to be abandoned after time, regardless of the quality or number of trainings the rights defender or journalist has attended. Security solutions are only solutions if they are actually applied and maintained, something a lot of training material seems to gloss over when they offer solutions that are realistically not feasible for the majority of rights defenders.

Real security, that is sufficient and sustainable, can only come from finding the middle path, by focusing on real threats, while offering solutions that come from basic behavior rather than advanced technological solutions.

The newly released Practical Digital Protection self-study guide has been developed with these considerations in mind. It was developed over 12 months, together with journalists, lawyers, NGO workers and rights defenders across China, looking at their own experiences with security issues, detentions, interrogations and data forensic techniques applied by police and state security. The manual doesn’t only provide behavior-based solutions, but also real-life stories from defenders illustrating how their own best or worst case solutions have had a direct impact on how their technology has either been used against them, their partners, and coworkers, or prevented from being exploited by the State.

The following abridged story is one of several from the Practical Digital Protection manual.

A seasoned rights defense lawyer received a message on Telegram from a trusted colleague that the police had been asking questions about her and that she should expect to be detained or at least questioned. She had at this point already taken on many rights defense cases and worked with many other similar lawyers for several years. She was quite skilled in cybersecurity, having always been afraid police might detain her or take her computer and try to use her information against her. She rarely used WeChat, and never for work. She even knew how to use hidden encryption, not only to protect the data itself, but also to hide its very existence. Police can’t ask about what they don’t know exist she figured, correctly.

The information she had wasn’t just about her, but also about others. If this information fell into the wrong hands it didn’t just mean possible imprisonment for her, but for others. She had already been smart enough to realize that normal encryption would be of little help. If police knew what to ask for, she doubted that she would be able to resist for long, as she as a lawyer was well aware that the legal protections against torture and mistreatment in China are barely worth the paper they are written on.

When the police eventually detained her and placed her alone in a cell, to undergo more than a month of interrogations, they also seized her computer, several phones, and USBs.

After a few days in detention, she was very surprised when the police began to start each new day by showing her documents from her computer. She knew these documents had been stored in a hidden encrypted space that the police did not have access too, or even knew about. She was frantic each time the police produced one of these documents. These documents threatened to expose some of her sensitive rights defense work and provide evidence that would make it easy for the police to go after her clients or other lawyers she had worked with.

Before being detained she had agreed to a cover story with her colleagues who might also be detained. Some of the documents the police produced challenged their cover story, and severely increased hers and their risks.

The documents the police had were very random. Many of them were also just partial, a few pages of a larger document. How did they get these documents, she continued to wonder.

In the end, the police did not find the ‘smoking gun’ they were looking for, and even though she remains to this day under threat, having been released on ‘bail’, with police able to pick her up again any day they wish, the fact that most documents remained protected saved her.

Only after her release, with time and access to information online did she figure out what had gone wrong. File Recovery program it read. With this, she would learn of something that even many of those skilled in Cybersecurity fails to understand, or if they do understand it, fails to realize how big of a threat it is.

Data, she realized, are like memories. They linger for a long time, and even when they begin to fade, it happens slowly, and only parts of it disappear. Data, once ‘deleted,’ she realized, is not actually deleted, but continues to lie on the hard drive, only not visible to the normal user. It’s all still there, until the space holding the data is filled up with something new. The fact that most of data was in an encrypted space didn’t always matter, as many of the documents she had produced over the years had been created on the desktop (outside the encrypted area), before being moved to the encrypted space (which leaves traces of the original). An act of laziness. Many documents had also been deleted over time, she like most thus assumed they were safe. It had been deleted after all.

So what had happened? All those documents that had been on her normal hard drive, once moved to the encrypted storage, were readily available to the police using File Recovery, easy to use programs available for free online. All they had to do was scan her hard drive in detail, and step by step pieces of old data long ago deleted could be put together. This is because the documents weren’t properly erased from her computer. But there are solutions. Programs such as CCleaner for example, securely delete files to make sure nobody can ever recover them. Understanding how data deletion really works, and making secure deletion part of a normal routine will drastically increase security.

Safeguard Defenders new practical digital protection manual (English and Chinese editions) can be found at practicaldigitalprotection.com.

In addition to the current Chinese- and English language editions, other editions are being produced in collaboration with Reporters Without Borders, with a Vietnamese and a Turkish edition coming this fall.

 

 

—————————————————

为中国的人权捍卫者寻找更有力的安全保障

 

随着709大抓捕的开始,中国政府对人权群体的系统性打压正式浮出水面,许多被释放的人权人士透露出警察和国安得以查看那些他们本来以为已经删除的聊天记录、邮件、和文件等。

此安全意识的提高必然衍生出当面临拘留时如何防止敏感的信息落入警方手中的数字安全预防措施。但是往往很多的培训和手册都将焦点放在错误的方向,换句话说就是更多的在介绍一些更高阶的破解或尖端的技术方案,这种持续将焦点放在高阶威胁的方式实际上对人权捍卫者的安全有害。不仅仅因为他们不太会面临到如此高级别的威胁,也在于大部分所列举的高阶威胁其实并不是真正的威胁。到最后,时间都耗在了和大量不存在的威胁上较劲。

确实,中国政府在数据取证和破解上就如这个国家其他方面的能力般得到了很大的进步,但是这些有限的资源通常都用在其他更大、更国际化的目标上。更重要的是,警察和国安有更好的办法对付,也就是更直接和容易的办法—-进入一个他们已经拿到手上的人权捍卫者的电脑或手机,用直接的威胁、酷刑或对朋友和爱人进行恐吓。有人能够撑住,但面临这些压迫的手段,很少人能够支撑很长时间。

真正的数字安全应该是基于人权捍卫者的电脑或手机被没收后,当面临被警察强迫交出密码或信息的情况。很不幸就算是设置了最强的密码并且加密了文件,用酷刑和强迫失踪的威胁手段通常都能轻易破解掉。任何培训或培训手册也必须基于这个现实。数字安全除了必要的强力密码和程序外,还要有操作习惯和行为的改变。

另一个现实是降低我们使用电脑和手机效率的数字安全解决方案往往可能随着时间的推移而被放弃,不管这些人权捍卫者或律师们参加过的培训次数和质量。安全解决方案只有在被真正用到和持续的情况下才能被叫做解决方案,但很多的解决方案对于多数的维权人士来说都并不实用也不具备可持续性。

内容充分且具有可持续性的真正的数字安全,只可能来自于找到中间点,通过将焦点放在真正的安全威胁上,然后基于基础的操作行为来提供解决方案,而不是高阶的技术性解决方案。

最新发布的数字安全自学式实用手册就是基于这些考量而制作的。这本手册的制作花费了12个月,结集了来自中国各地的记者、律师、NGO工作者和人权捍卫者,通过深入他们自身面临的安全问题、被拘留、审讯和被警察和国安用到数据取证的技术而来的经验。这本手册不仅仅提供基于操作行为的解决方案,同时也加入了来自捍卫者们的真实故事,描述他们在数字安全的技术操作中做出的最正确或糟糕的解决方案是如何对他们自己或同事造成直接的正面或负面影响的。

下面的节选故事就来自数字安全实用手册中的多个故事之一。

一位经验丰富的维权律师收到她信任的同事的Telegram消息,提到警方盘问了很多与她有关的问题,同时提醒她可能会被拘留或至少被讯问。她接手过许多维权案件,也和很多其他类似的律师合作过多年。她对于数字安全非常在行,因为总是在担心警方可能将她拘留,或是没收她的电脑而试图从中找到一些对她不利的信息,所以她几乎不用微信,至少是从不会在工作中用到。她还知道如何使用隐藏加密,不仅仅用来保护数据,更是隐藏这个加密盘本身的存在。她认为这样警察就无从问起他们根本都不知道是否存在的程序。

她所掌握的不仅仅只有她自己的信息,也有他人的。如果这些信息落入错误的人手里,就意味着不仅仅她自己可能入狱,也包括其他人。她非常清楚的知道普通的加密根本起不到多大作用,一旦警方找到讯问的入口,她无法确定自己能够坚持抵抗多长时间,她自己就是一名律师,太清楚在中国对禁止酷刑和虐待的法律保护远远不及条款上所写的那样有价值。

当这一天终于来了,警察来带走了她,将她单独关押在某个地方,进行长达一个多月的审讯,他们同时也没收了她的电脑、手机和USB。

在几天的关押后,她非常讶异于警察开始每天向她出示一点从她的电脑里面找到的文件,她记得这些文件都被存在硬盘的加密空间内,而且警方也完全没有进入硬盘的密码,每一次当警察拿出一份新的文件时她都感到焦虑,这些文件危及到她做过的一些敏感案件的曝光,也相当于给警方提供更便利的打击她的客户和其他一起工作的律师的证据。

在被带走之前,她已经和其他可能会被带走的同事协商了好了掩饰说辞,其中一些被警方找到的文件和她的说辞背道而驰,大大的增大了他们的风险。

警方找到的文件都很随机,多数的文件都只有一部分,比如来自大word文档中的几页,她始终想不通,他们到底是怎么得到这些文件的。

后来,因为警方并没有找到他们想要找到的“确凿证据”,尽管这样,她也没有获得真正的自由,她被取保候审,也就是警方可以在任何他们想要的时候再次带走她。不过总的来说还是因为大部分被保护的文件没被找到的情况救了她。

在她被释放之后的日子,通过在网上搜索信息,最后才终于弄清到底是哪里出了问题。是文件恢复程序让警方能够时不时的找到一些零碎的文件。因为自己的亲身经历,使得她又如狼似虎的去学习这个连很多在数字安全方面很厉害的人都不明白的东西,或者说就算他们明白,但也忽略了这能带来多大的威胁。

她后来了解到,数据就如记忆,它们停留的时间很长,甚至在它们开始消失时,也消失的很慢,只有其中的一部分消失掉。数据一旦被“删除”,并不意味着被真正的删除了,它会继续躺在硬盘里,只是不会出现在一般的用户眼前。但它一直都在那儿,一直到这个数据所在的位置被新的东西填满。事实上光是将大部分的数据都存在加密空间内其实还不够,因为过去的多年里她的很多文件都是先创建在了桌面(也就是在加密空间之外),后续才将它们转移到加密空间的(这样原来的文件则会留下痕迹)。这其实是一种偷懒行为,一直以来删除的很多文件,她如其他的很多人一样以为会安全,以为它们都已经被删掉了。

所以会怎么样呢?所有那些在普通硬盘内存在过的文档,一旦被转移到加密空间,就意味着准备好被警方用网上随便都能免费下载的文件恢复程序,他们只需要用程序仔细扫描硬盘,一步步的找出删除的旧数据,然后将他们拼凑起来。这是因为那些文件并没有完全的从她的电脑中被清除。不过对此是有解决方案的。如程序CCleaner,可以安全的删除文件,并确保他人无法恢复已删除的文件。了解数据删除的运行原理,确保删除成为工作的常规动作将大大的提升安全性。

Safeguard Defenders 的最新数字安全实用手册目前有英文版和中文版,可以在网站 practicaldigitalprotection.com 下载。

除了目前的中文和英文版手册之外,其他的版本由无国界记者与Safeguard Defenders联合制作,越南版和土耳其版将在今年秋天面世。

 

 

———————————————–

Also from Safeguard Defenders:

What to Make of the Explosive New WeChat and QQ Spying Revelations? September 10, 2017

 

 

 

 

 

What to Make of the Explosive New WeChat and QQ Spying Revelations?

Safeguard Defenders, September 10, 2017

 

saveguard defenders _ a project by

 

A new report by a Lookout, a Cybersecurity company, has generated renewed interest in the security, or lack thereof, of WeChat and QQ (https://blog.lookout.com/xrat-mobile-threat). Despite this, there has been limited attention paid to this explosive new revelation.

It has long been known that due to WeChat keeping its servers inside China, the lack of legal protection of privacy data, and the control over companies by police, that WeChat data is not safe, and can, without protection, be accessed by police or other state actors more or less at will. This has naturally made people shy away from using WeChat for any more serious or political discussions. More and more court cases of people being prosecuted simply based on private chat messages to friends have further illustration this. At the same time, at the time of the Occupy Central movement in Hong Kong, it was shown that a ‘Trojan’ virus was being employed to surveil users remotely.

xRAT. That’s the name of the new discovery. Like the earlier virus found, it’s a ‘Trojan’ virus, meaning it masks itself as something else, for example a PDF file, and you will be unaware of if you have it on your phone by now. It specifically targets you through your WeChat or QQ account.

So what’s the big deal?

The ‘Trojan’ operates with administrator privileges. It means it can access and control any and all aspects of your phone. It also means it can do so without you noticing. In fact, it can remotely get ‘full control’. If you want to understand what this means it is this: it has as much access to your phone as if you were to give it to someone, and then tell them your PIN code. Full control.

This means that not only your WeChat or QQ use is exposed. All of your phone is exposed. Photos stored, downloads, documents, any Apps to other services installed, chat logs, phone records, contact lists, and of course, your browser and its entire browsing history, which may include credit card and password and login information to other service, for example encrypted emailing you use.

In short, any phone that has WeChat on it, and is also used to access work emails, or secure chat programs like Telegram or Signal, can now be in the hands of Chinese police or state security. For the community of supporters of human rights in China it moves from bad to terrible. You can now, if you communicate with human rights defenders in China through secure Apps or emailing on a phone that has WeChat or QQ installed, inadvertently be giving the Chinese police material that will incriminate those human rights defenders and land them in prison.

To make matters worse, administrator privilege means you microphone can be turned on, and stream whatever is heard to the Chinese police. Same with video camera and camera. It is a most sophisticated spying tool with far-reaching consequences. It can, it goes without saying, read you location, as well as the specific meta-data of your phone.

If that wasn’t enough, there is one last thing, which makes it such a sophisticated virus. It can auto destruct itself. And when doing so, it can not only delete itself from your phone, but wipe much of your phone log data, making it hard even for technically skilled people to know that the virus was ever there. In short, you might never know if your phone, your use, is the reason someone has landed in prison.

A number of control centers in China has been identified to where such data and traffic goes. The code is such that there is little doubt that this ‘Trojan’ comes from the same people behind the earlier ‘Trojan’ targeting Hong Kong Occupy Central people, just much more sophisticated.

Should I worry? What to do?

First off, there is still some lack of understanding how the infection spreads to your phone. At the same time, there is little reason to think resources would be spent to develop such a tool, and then not try to use it. An earlier, much less sophisticated version, was used extensively during the Occupy Central movement. Why would the police and state security organs not use a tool if it’s already been developed, and if it’s this powerful? It should go without saying that you need to operate as if it’s being used widely, and as if you were a target.

Most people with risk awareness will already have made sure to not use WeChat or QQ, or if they felt a strong need to have it, have it installed on a second phone which is not used for anything else. If you need WeChat, like many unfortunately feel they do, at the very least, install it on a blank, factory-reset second phone, like a super cheap android phone. Due to microphone remote control, make sure to never have it in your office or at any discussions.

Secondly, your current phone, if infected, will not be secure just by uninstalling WeChat and QQ. You will have no choice but to do a factory reset. This may be an inconvenience, but it is the only way. It goes without saying that any existing PIN codes, passwords to work emails, etc., will need be changed after you have done this factory reset.

 

info@safeguarddefenders.com

 

From the editors:

Since this post was launched, we have heard several complaints such as this one: “the article misrepresents the malware report, which does not mention WeChat or QQ as delivery method, but instead as targeted data.” It is true that the threat is posed by a ‘Trojan’ virus, an external program designed to utilize weaknesses through WeChat and QQ. The vulnerability begins when the xRAT “Trojan” has infected your phone, and the “Trojan” aims at infecting those using WeChat or QQ. The WeChat and QQ programs themselves do not contain the “Trojan.” The silent mode in which it can operate nonetheless makes it hard to know if your phone has been infected. The mode of infection, for example through having downloaded and opened a PDF or other type of file, continues to be studied and the mode of infection is not yet clear.

 

 


如何应对微信和QQ的爆炸性新型间谍软件?

 

网络安全公司Lookout在对微信和QQ的安全性(或者缺乏安全性)进行了研究后,最近发布了一份新的报告(https://blog.lookout.com/xrat-mobile-threat)。尽管研究结论十分惊人,但却没有能够引起足够的注意。

微信的服务器在中国大陆,那里缺少对私人数据的法律保障,公司处于公安的控制下,所以微信的数据没有安全保障,随时可以被警方或其他政府部门监控以及浏览。这是早已为人所知的事实。因此很多人在进行政治或比较严肃的讨论时都不再使用微信。在越来越多的法庭案件中,一个人被起诉仅仅是基于和朋友的私密聊天记录,这也证实了微信是不安全的。与此同时,在香港占中运动期间,一种 “特洛伊”木马病毒被用来远程监视用户。

这次研究发现的新病毒名叫xRAT。和早期发现的病毒一样,这也是一个特洛伊病毒,这意味着它会伪装成别的软件,比如一个PDF文档,就算你的手机内现在已经有了这个病毒,你也无从得知。这个病毒通过你的微信和QQ账户而将你作为目标。

它的威胁是什么?

特洛伊病毒具有管理员的运行权限,也就是说它可以进入和控制手机内的方方面面,而且能在你不知情的情况下操作。实际上它还可以远程对你的手机实行“完全监控”。简单来说,它所具有的权限就好比你直接将手机交给某人,然后告诉他你的手机密码。那人想干什么干什么。

也就是说不仅仅是你的微信和QQ的信息被曝光,手机所有的操作都会被曝光。存储的照片、下载的东西、文档、已安装的应用和服务、聊天记录、手机历史记录、通讯录,当然,还包括你的浏览器和整个浏览器历史记录,这可能包括你的信用卡号和密码以及任何其他服务的登录信息,比如你使用的加密邮箱。

换句话说就是任何手机只要是有安装了微信,同时也在用这个手机登录工作邮箱,或是安全的聊天软件比如Telegram或Signal,就很有可能已经被中国警方或国安掌控了。对于中国的人权支持者群体来说,这比糟糕还要糟糕。如果你用已安装了微信和QQ的手机与其他的中国维权人士用安全软件沟通或发邮件,相当于无意间给警方提供了将那些人权捍卫者送进监狱的支持材料。

更糟糕的是,病毒拥有管理员权限意味着你的麦克风可以被启用,你发出的任何声音都可能流向监视中的中国警方,被他们听到。这同样地适用于照相机和摄像机。这是一个能造成巨大后果的最先进间谍工具,它根本不需要读取你的地理位置,也不需要你手机的具体元数据就能照常工作。

如果这些还不够,再列出一件事,也是为什么它是如此先进的病毒的原因。那就是它可以自动销毁。当它自动销毁的时候,不仅仅是将自己从你的手机中删除,并且会尽可能的删除你手机内的脚本信息,这令很多的技术高超的人都无从得知这个病毒曾经在手机内存在过。也就是说,你也许永远不会知道你的手机和你操作手机的方式是将其他人权捍卫者送去监狱的原因。

在中国大陆,这些数据最终所流向的控制中心已经被识别出好几个,而且毫无疑问这个“特洛伊”与早前攻击香港占中人群的背后是同一批人,只不过这一次的要更先进得多。

我应该担心吗? 我该怎么做?

首先,我们还不太明白这种病毒是如何传染到你的手机的。同时,他们既然开发了这么高端的软件,就不可能不派上用场。早前,一个更简单的版本广泛地用到了占中运动的人群身上。警方和国安机关有什么理由不使用这个他们已经开发好的、如此强大的软件呢?所以几乎毫无疑问的是,你需要假设他们已经广泛的使用上了,并且你自己已经成为目标之一。

很多有风险意识的人都已经放弃了微信和QQ的使用,就算如果他们实在有使用的必要,也会用另一个什么都不用的手机专门安装微信使用,如果你很不幸的与其他很多人一样在使用微信,请至少安装到了一个有进行了出厂设置的备用手机,比如一个超级便宜的安卓手机。关于避免麦克风远程控制的问题,要确保不要将备用(安装了微信的手机)手机带到办公室或在进行任何谈话的时候。

其次,如果你目前的手机被感染了,仅仅卸载掉微信或QQ并不能解决问题,你别无选择,只能进行出厂设置。也许这样并不是很方便,但这是仅有的办法。另外,毫无疑问的是之前工作邮箱所用到的密码等等,在完成出厂设置后都需要被更换。

 

info@safeguarddefenders.com