Chinese hacker groups target Australian Uyghur activist online


A Uyghur activist says the Australian government needs to do more to educate the Uyghur community in Australia to protect themselves online against cyber-attacks by hacker groups in China.

Nurgul Sawut, a Uyghur community leader based in Canberra has been the victim of cyber-attacks by Chinese hacker groups as activists outside of China are frequently targeted.

Sawut was one of more than 10,000 people named last month on a Chinese blacklist of “suspected terrorists” due to her activism, reported by the ABC.

She told Guardian Australia she had been targeted since 2019 on Facebook, and the attacks took a number of forms.

There was the straight-out trolling, where they would set up accounts pretending to be people from the Uyghur community, including her sister, and then post incendiary comments denouncing her, or sending her nasty messages, up to sending malware.

Those usually came through by someone in the community whose account had been taken over.

“Either they have received those messages and forwarded to me, or they just came directly to me through their account,” she said. “And as soon as you open that, your mobile is bugged. That has happened to me twice, and I had to reset my phone, and throw one phone away.”

Sawut said she was now careful, had multiple devices, used encrypted email to communicate rather than Gmail or Hotmail, did not have Facebook connected to any other services, and tried to avoid any apps she knows might have links to China.

Facebook’s head of cyber-espionage investigations, Mike Dvilyanksi, and head of security policy, Nathaniel Gleicher, reported in March that a China-based hacking group known as Earth Empusa or Evil Eye had been targeting fewer than 500 activists, journalists and dissidents, predominantly Uyghurs from Xinjiang in China living in Turkey, Kazakhstan, the US, Syria, Australia and Canada.

The group used fake accounts on Facebook to appear to be journalists, students, human rights advocates or members of the Uyghur community to trick the targets into clicking onto malicious links that would install spyware on their devices. Often the links would look like Uyghur or Turkish news sites.

It followed a Google report in 2019 that users of its Android operating system were also targeted by hackers out of China.

Sawut said getting others in her community to educate themselves on cybersecurity was a challenge.

“We’re constantly educating people not to put WeChat on your main mobile phone. Some people are smart enough to have WeChat on an old phone, but some people say they don’t have anything to hide. It’s very careless.

“I can’t be that careless. The amount of contacts I make, it’s very critical, and I do end up putting people at risk if I carelessly did what other people do. I’m tenfold more careful than anyone else.”

Sawut said the Australian government should be educating the Uyghur community in Australia about how to protect themselves and what apps they should and should not use.

“A lot of the information should be released to the public, yet they pretty much keep their cards really close to their chest,” she said.

The Department of Home Affairs this month said in response to questions on notice from Senate estimates hearings it was not aware the activists in Australia were being targeted until Facebook published the blog post in March.

The Australian federal police said it was not investigating the matter, but did make inquiries with Facebook after the post. Facebook declined to comment.

Australia’s peak spy agency, the Australian Security Intelligence Organisation, said it would be inappropriate to comment, but said the agency takes the threat of foreign interference and espionage seriously.

When asked what the government was doing to support the Uyghur community who might have been targeted, the Department of Home Affairs told parliament $122.6m had been invested in the past few years to counter foreign interference, as well as $62.8m invested in strengthening Australia’s social cohesion.

There were no specific measures listed on cybersecurity education. (Source: The Guardian)