A Double Agent App Targets Hong Kong

Jacob Siegel

October 1, 2014 at 5:45 AM

Tear gas and government warnings haven’t stopped the protesters demanding democratic elections in Hong Kong. But a bit of spyware injected into the activist movement may have been sent to do the trick.

A mobile app marketed as a tool to help activists organize is actually a spying program, protesters have discovered.

Two weeks ago, spam text messages started pinging the mobile phones of Hong Kong residents associated with the protests. “Check out this Android app designed by Code4HK for the coordination of Occupy Central!” was the message protesters received according to the the South China Morning Post, which first reported on the app.

Early on there were signs that the app wasn’t what it seemed. For one thing, its supposed designers denied having anything to do with it. Code4HK, a Hong Kong group “where geeks gather” and “drive social changes with technology” according to their website, released a statement saying: “None of the Code4HK community has done any application on [Occupy Central] at the moment nor sent the message.”

Suspicious of how much information it required from users—including phone logs and GPS data—activists started to take the app apart. What they found was a piece of spyware siphoning data and creating audio files of voice calls. A crowd sourced effort to analyze the app’s code drawing on outside hacktivists and protesters in Hong Kong has shown it can do everything from track a users geo-location data and text history to recording all outgoing phone calls.

No one knows yet where the app originated, though many suspect it came from the Chinese government. It wouldn’t be the first case of a state using spyware to lure its own citizens into a surveillance net. A German based company, FinFisher, sells commercial software used for remote monitoring that’s been purchased by police departments and governments including Mongolia and Belgium. Evidence shows that the government of Bahrain used the spyware to monitor political activists, including a naturalized American citizen.

As activists have turned to social media to organize anonymously, it’s made them vulnerable to new forms of intelligence gathering. And repressive states haven’t missed the chance to use the Internet as a weapon for shutting down opposition. Russia routinely blocks the websites of dissidents and recently replaced the head of the country’s largest social media site with a government loyalist. Syria’s Assad regime has flipped the Internet killswitch a number of times during the country’s civil war before restoring service to continue surveillance on its enemies.

Along with a barricades and bludgeons approach to dealing with protests and political dissent, the Chinese government has taken an active role in policing the Internet. Beijing’s aggressive regime of Internet censorship has earned the nickname “the Great Firewall” and the distinction of having “the largest recorded number of imprisoned journalists and cyber-dissidents in the world," according to Amnesty International. But that by itself is hardly proof that the Chinese government created the app, only that it has the ability and political motive.

There was a time not that long ago when governments more or less monopolized spying on political protests. But these days, the online espionage field is crowded with commercial bots whose profits depend on tricking users out of the personal information they don’t freely divulge. Today, a phony app trying to spy on political dissidents isn’t the smoking gun of state power it used to be.

So activists started doing some detective work, to see who was behind the malware. It didn’t take long for them to discover where the app was sending its ill-gotten data. They found that all the information captured by the spyware was sent to a remote server in Korea. Code4HK, the activist group the spyware impersonated, claims the server’s IP address was “used as malware service before in Nov. 2013.” A more telling point: the server’s remote login screen is written in simplified Chinese, a dialect that’s associated not with Hong Kong but mainland China and the national government.

What the analysis can’t reveal with any certainty is who gave the order to spy on the protests. The obvious suspect is the Chinese government. In addition to running some of the world’s most powerful cyber espionage programs, China also has the motivation -- a desire to keep tabs on political dissidents and disrupt protest movements before they have time to expand. Right now the evidence tying the app to Beijing is circumstantial but many protesters have no doubt that it’s their government behind the spying.

“I think the central government is very likely to be behind the Trojan Android app attempt,” said one protester, a Hong Kong resident and computer software professional, who asked that his name not be used.

Whoever designed the app, it wasn’t particularly well engineered. Malware analayst Claudio Guarnieri called it “far from being one of the most sophisticated ones I've seen.”

Raymond Bakker, a software developer and whitehat hacker has taken the investigation a step further.

Using the same approach as forensic linguists who try to identify the author of a text by its writing style, Bakker studied the patterns in the spyware’s code and went looking for its programmer. What he found was “a post on a Chinese Android developer forum discussing roughly the same code that is used in the malware.” Bakker says that he is “pretty sure that the author of this post has ties with the malware” because “The way this code is written is unique and does not exist elsewhere on the Internet.”

Studying the app, Bakker found clues, but isn’t be sure of its provenance or exactly what it leads to other than an avatar on an Internet forum. What Bakker and others have provided is one more path to look down for a growing group of online sleuths trying to see behind the code.

Beyond that, it has made the activists themselves more vigilant. “We are not aware of any new spyware/malware being spread at this point” one protester told The Daily Beast. “We also regularly remind participants to use a number of secure and proven communications,” he said.

Related from The Daily Beast

Like us on Facebook - Follow us on Twitter - Sign up for The Cheat Sheet Newsletter

Yahoo Sports
Former MLB infielder, Little League World Series star Sean Burroughs dies at 43
The seven-year major leaguer collapsed while coaching his son's Little League game on Thursday.
Yahoo Sports
Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race
The value of the Dolphins and Formula One racing is enormous.
Yahoo Sports
The best RBs for 2024 fantasy football, according to our experts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Yahoo Sports
Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’
The 2024 Yankees have rediscovered their bravado and hold the second-best record in the AL, thanks in large part to the superstar outfielder.
Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Autoblog
Which pickup trucks get the best fuel economy? Here are the tops for gas mileage (or diesel)
Trucks aren't known for being fuel efficient, though times are changing. These are the trucks with the best gas mileage in various segments.
Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Sports
Former NBA guard Darius Morris dies at 33
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Yahoo Sports
Golf’s moment of truth is here, and the sport is badly flailing
Nonexistent negotiations and missed opportunities for reconciliation between the PGA Tour and LIV Golf have the sport stuck in place.
Yahoo Sports
2024 Fantasy Football Mock Draft, 1.0
The Yahoo Fantasy football crew got together for their very first mock draft of 2024. Andy Behrens recaps the results.
Yahoo Finance
Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'
Ryan says he would be writing in a Republican candidate instead of voting for Donald Trump.
Yahoo Sports
Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1
It’s key to note that we’re not saying the “best team” or “best roster.” Instead, we’re talking about the best confluence of factors that can outline a path for survival and then success.
Yahoo Sports
Yahoo Fantasy staff's Mock Draft 1.0: Shocking picks are plentiful
Teams have made their big splashes in free agency and made their draft picks, it's time for you to do the same. It's fantasy football mock draft time. Some call this time of year best ball season, others know it's an opportunity to get a leg up on your competition for when you have to draft in August. The staff at Yahoo Fantasy did their first mock draft of the 2024 season to help you with the latter. Matt Harmon and Andy Behrens are here to break it all down by each round and crush some staff members in the process.
Yahoo Sports
Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from
With free agency and the draft behind us, what 32 teams look like today will likely be what they look like Week 1 and beyond for the 2024 season. Matt Harmon and Scott Pianowski reveal the post-draft fantasy power rankings. The duo break down the rankings in six tiers: Elite offensive ecosystems, teams on the cusp of being complete mixed bag ecosystems, offensive ecosystems with something to prove, offenses that could go either way, and offenses that are best to stay away from in fantasy.
Yahoo Finance
Recession-proof stocks are leading the market's latest leg higher
The Utilities and Consumer Staples sectors have popped since mid-April as investors search for value.
Yahoo Finance
Mortgage rates drop for the first time in five weeks with experts adjusting their forecasts
The average 30-year fixed mortgage rate edged back toward 7% this week but remains elevated, prompting housing experts to revise their forecasts for the rest of 2024.
Yahoo Sports
Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing
The Cardinals' nightmare season continues.
Yahoo Sports
Cavaliers flip the script against the Celtics in Game 2, making this series a mystery
For one night, Cleveland's game plan worked to perfection. Do the Cavs have a shot to take down the Celtics?
Yahoo Sports
Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap
Jake Mintz & Jordan Shusterman discuss the Padres-Marlins trade that sent Luis Arraez to San Diego, as well as recap all the action from this weekend in baseball and send birthday wishes to hall-of-famer Willie Mays.
Engadget
The best budgeting apps for 2024
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.

News

Life

Entertainment

Finance

Sports

New on Yahoo

A Double Agent App Targets Hong Kong

Recommended Stories

Former MLB infielder, Little League World Series star Sean Burroughs dies at 43

Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race

The best RBs for 2024 fantasy football, according to our experts

Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’

The FDIC change that leaves wealthy bank depositors with less protection

Which pickup trucks get the best fuel economy? Here are the tops for gas mileage (or diesel)

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

Former NBA guard Darius Morris dies at 33

Golf’s moment of truth is here, and the sport is badly flailing

2024 Fantasy Football Mock Draft, 1.0

Former House Speaker Paul Ryan says he’s not voting for Trump : 'Character is too important'

Ranking the best situations for the rookie quarterbacks: Start with Michael Penix in Atlanta at No. 1

Yahoo Fantasy staff's Mock Draft 1.0: Shocking picks are plentiful

Post-draft NFL fantasy power rankings: Offenses we love, like and want to stay away from

Recession-proof stocks are leading the market's latest leg higher

Mortgage rates drop for the first time in five weeks with experts adjusting their forecasts

Cardinals lose C Willson Contreras after left arm fractured by J.D. Martinez's swing

Cavaliers flip the script against the Celtics in Game 2, making this series a mystery

Blockbuster May trade by Padres, MVP Ohtani has arrived, Willie Mays’ 93rd birthday & weekend recap

The best budgeting apps for 2024