Facebook said Wednesday that hackers based in China used the social media platform as part of a campaign to hack and spy on diasporas of Uyghurs, the minority group the country has been accused of putting in “re-education” camps.
The hackers used Facebook to identify, track and send malicious links to Uyghur activists, dissidents and journalists living in the U.S., Australia, Canada and Turkey, among other countries, Facebook said.
Facebook stopped short of directly blaming the Chinese government for sponsoring the campaign. “We can see geographic attribution based on the activity, but we can’t actually prove who’s behind the operation,” the company’s head of cybersecurity policy, Nathaniel Gleicher, said in a phone call with journalists.
But Facebook did say the hackers are part of the same operation that the cybersecurity company Volexity cited in 2019 as being affiliated with the Chinese government. It published research that revealed that the country’s hackers had gone to extreme measures to hack and spy on Uyghurs. They used sophisticated, previously unknown tools to load malicious code into multiple Uyghur news sites so that they would hack and spy on nearly any smartphone that visited.
“Who else would have the resources, the time and effort to go after these people? If you told me it was Iceland I'd be pretty surprised,” Volexity CEO Steven Adair said in a phone call Wednesday.
Some of the research into the hackers came from the cybersecurity company Mandiant, Facebook said.
“We believed this was sponsored by the Chinese government,” John Hultquist, Mandiant’s head of threat intelligence, said in a phone call.
He added that hacking and spying on phones has become a staple of China’s tactics against people the country wants to track.
“It won't stop,” Hultquist said. “If you're a security service, hitting on these mobile phones is really optimal. Not only can you have access to their digital lives, you can read their SMS, you can physically locate them, you can turn their speaker on.”
Facebook’s head of cyberespionage, Mike Dvilyanski, said on the call that while it had found and removed fewer than 500 accounts that sent malicious links to Uyghurs, it was “an extremely targeted operation.”
“We were seeing them create personas on Facebook that are designed to look like journalists that focus on issues critical to the Uyghur community, that are designed to look like activists that might be standing up for the Uyghur community, designed to look like members of the community,” Dvilyanski said. “Then use that as a way to trick them into clicking into these links to expose their devices.”
Multiple investigative reports have shown that China maintains re-education camps that detain an estimated 1 million Uyghurs, an ethnic group largely based in the country’s northwestern Xinjiang region. With omnipresent cameras, face recognition technology and intense collection of residents’ data, it’s one of the most heavily surveilled areas in the world.
Dozens of countries have jointly condemned China’s treatment of Uyghurs, and the White House sanctioned two Chinese officials over them Monday.
A spokesperson for China’s embassy didn’t immediately respond to a request for comment.
Nury Turkel, a longtime Uyghur rights activist and member of the U.S. Commission on International Religious Freedom, said in a phone call that knowing your phone can be taken over by state-sponsored hackers is harrowing.
“Imagine that the government is monitoring your communication, intruding on your privacy, and you wanted to call your parents to talk with them," he said. "You cannot say anything other than ‘How are you, have you been taking your pills, how’s your blood sugar level?’ Nothing else."
“This is one of the ways in which China finds a way to create anxiety, sense of despair, sense of hopelessness, sense of insecurity,” Turkel said.