Report: China Mining Western Social Media for IntelligenceChinese Authorities Reportedly Using 'Sophisticated' Software to Monitor Dissent
Chinese government agencies are reportedly using "sophisticated" software to monitor popular social media sites, including Twitter and Facebook, and collect information on Western officials and journalists, according to a recent investigation by The Washington Post.
The publication reviewed some 300 procurement documents for government projects dating back to 2020 that reportedly included the acquisition of surveillance software.
Findings from the Post's investigation show that the Chinese government is ramping up efforts among its existing programs and leveraging new software to monitor foreign dissent.
According to the paper's investigation, Chinese state media, propaganda departments, cyber regulators, police and military agencies have reportedly pursued a $320,000 software program that mines Twitter and Facebook to create a database of foreign journalists and academics, as well as a project from the Beijing police intelligence program that reportedly totals $216,000 and analyzes communication within Western nations on topics including Hong Kong and Taiwan - which are both the focus of pro-democracy demonstrations.
The Chinese government, through a cyber center in Xinjiang, is also reportedly cataloging the "mainly Muslim minority group's language content abroad." This refers to Muslim Uighurs, who are native to northwest China.
The New York Times says that Chinese government contractors have allegedly used databases pulled from the darknet to identify authors of content flagged by the Chinese Communist Party.
A spokesperson for Twitter told the Post that the social media platform does not allow developers to use data sets for surveillance purposes.
Facebook did not immediately respond to Information Security Media Group's request for details regarding alleged activity on its platform.
Officials at the Chinese embassy in Washington, D.C., did not immediately respond to ISMG's request for comment about the software usage and alleged surveillance.
'An Ongoing Issue That Will Get Worse'
Some security experts stress that China's focus on social media data can certainly be dangerous over time.
"This information can be very useful to nation-states for espionage in both the private sector, where they compete with other countries, and looking at public sector employees or potential political influencers," says Erich Kron, a former security manager for the U.S. Army’s 2nd Regional Cyber Center.
Kron, who is currently a security awareness advocate for the firm KnowBe4, says, "Since this information is viewable publicly, it is not difficult to create software that will gather and index information from these sources. … The ability to scrape social media is an ongoing issue that will only get worse in time."
"To paraphrase an old adage, the hand that rocks the data is the hand that rules the world. Safeguarding consumer data is at the heart of our national defense," says Chris Olson, CEO of The Media Trust, an enterprise digital safety platform.
Ross Rustici, a former technical lead for the U.S. Department of Defense, says that while these developments will not drastically alter U.S.-China relations, their effects may still be felt.
"This discovery is unlikely to cause any additional tension between Beijing and Washington, as this type of information gathering is commonplace across government agencies in both countries," says Rustici, who is currently the managing director of the advisory firm StoneTurn. "If anything, this will be leveraged for further discussions between Washington and Silicon Valley about what the platforms are responsible for, what they are enabling and what implications their platforms pose to national security and broader stability."
The relationship between the U.S. and China remains complicated. U.S. President Joe Biden recently announced a diplomatic boycott of the Winter Olympics in Beijing, set to begin in early February, citing China's human rights record.
And last month the U.S. imposed new sanctions on China over alleged abuse of ethnic and religious minorities in its western region, including Xinjiang's Muslim Uighurs, according to The Associated Press.
China APT Activity
The surveillance developments come as tech firms detect Chinese state-backed hacking efforts.
Last week, CrowdStrike reported that the China-linked advanced persistent threat group AQUATIC PANDA attempted to leverage the Apache logging library flaw called Log4j in VMware's Horizon Tomcat web server service. The firm's threat hunting unit, Falcon OverWatch, says it denied an attempted attack on "a large academic institution" (see: Crypto Platform Suffers Log4j-Related Ransomware Attack).
The researchers say the threat actors used a modified version of the Log4j exploit, and that AQUATIC PANDA - whose dual mission is intelligence collection and industrial espionage - continued reconnaissance and "malicious behavior" to retrieve malware, and attempted to harvest credentials using "living off the land" tactics.
OverWatch said the unnamed victim organization was "able to quickly implement their incident response protocol, eventually patching the vulnerable application and preventing further threat-actor activity."
In November, IT consulting firm Booz Allen Hamilton published a report stating that Chinese threat actors may increasingly look to steal sensitive, encrypted data in hopes of decrypting it with quantum computing technology in the years ahead (see: Report: China to Target Encrypted Data as Quantum Advances).
The researchers say Chinese threat actors may target government, private sector and academic data with long-term value - including trade secrets, biometric identification markers, Social Security numbers, criminal records, weapon designs and research and development around pharmaceuticals, biology, materials science and chemistry, among other areas.
The report says that although quantum computing's benefits are largely far off, rapid advancement and a Chinese political realignment focusing on next-generation technologies make the threat active, and highly sensitive data held by state actors could potentially be decrypted by the end of the decade.