The Search for Digital Privacy in Hong Kong

Hong Kong has been under the microscope of global political observers for the past several years, as debates and protests rage on with the goal of shaping the city-state’s digital privacy laws. Law enforcement agencies have rolled out mass digital surveillance campaigns, and Hong Kong activists have taken to more secure communication channels as a result. As citizens continue to grapple with this turbulent situation, a great many have turned to dark web forums in search of like minded allies. While this may help them avoid the watchful eye of the authorities, it also opens the door for cybercriminals and threat actors to recruit new allies, increasing the scope of the cyber threat landscape.

Our research found that Hong Kongers are active on the dark web, selling traditional tools used to carry out cyberattacks like credit card skimmers, stolen databases of PII and credentials, and hacking services for hire. But we also found that activists have shown great ingenuity in using more common channels to circumvent digital surveillance efforts.

Download the full research report to learn more about the increasingly complex cyber threat landscape that is unique to Hong Kong. For some of the key highlights and takeaways, keep reading:

Activists Demonstrate Resourcefulness to Evade Censorship

In addition to using dark web forums for covert communication, activists and protestors commonly use communication apps like WhatsApp and Telegram. Now it appears that many activists are moving to Signal, an encrypted messaging app, after WhatsApp’s parent company, Facebook, recently made changes to its data privacy policy that many users find unpalatable.

But Hong Kongers have also displayed a cunning ability to use existing tech products to communicate broadly. Apple’s Airdrop feature, which uses Bluetooth to instantly “drop” files or messages on nearby users’ devices, has been widely used by activists. These users Airdrop messages, political slogans, and information about specific rallies to mass audiences. When recipients Airdrop those messages to others within their range, the reach extends far beyond the original sender’s surroundings and can eventually reach others across the city.

The same is true of Bluetooth’s Bridgefy app, which uses a mesh network that has a range of 330 feet to link multiple devices. This enables users to chat by essentially hopping onto other users’ phones until the message reaches the intended recipient, even if they are in a completely different area. With authorities dutifully watching social media platforms, texting on mobile devices, and other common communication channels, Hong Kongers are able to relay their messages well beyond the reach of their personal networks using these tools.

Targeted Disinformation and Malware Complicates the Landscape

The previous paragraph may have left you wondering, “how do protesters Airdropping messages ensure they reach the right targets?” The short answer is: they can’t. Activists take a risk every time they attempt to widely spread messages to political allies, and if authorities can trace the message back to a source, they could risk being censored – or worse.

Hong Kong activists are subject to digital surveillance by local police. Speaking on the condition of anonymity, a Hong Kong police officer explained that the force’s Cybersecurity and Technology Bureau is unable to crack newer Apple iPhone models locally but has found ways to compromise Android systems and information on Google Drive once police have seized a device.

Last year, some 23,750 Twitter accounts were found to have spread “geopolitical narratives favorable to [China].” Twitter ended up taking down thousands of accounts linked to China that were part of a “manipulative and coordinated” campaign to spread disinformation about the ongoing Hong Kong protests. Another 150,000 accounts that were designed to signal-boost the content were subsequently taken down.

Hong Kongers have also been targeted by malware and disinformation campaigns originating in mainland China. While the threat actors involved are presumed to be state-sponsored, there is no way to ascertain that this is the case. Such campaigns date back as far as 2014, with the iOS trojan XSSER mRAT. Another prominent example occurred in 2016 with a Poison Ivy RAT variant. Notable 2020 malware strain LightSpy may have been another attempt at targeting political dissidents in Hong Kong.

The fight for digital privacy reform in Hong Kong will likely continue in the coming years, as authorities and activists alike show no signs of backing down or acquiescing. IntSights researchers will continue to monitor the situation, particularly through the lens of potential security impacts to business. Read our new report, Hong Kong: Center Stage for the World’s Digital Privacy Battle, to gain a clearer picture of the current landscape and cyber threat environment.

Download Your Copy

Stay up to Date!

Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.