Daniel Sinclair+ Your Authors @_DanielSinclair Building for young people. Not reading @danielsunread. Lurking behind likes and thinking about social media, communication, & China Nov. 25, 2019 1 min read + Your Authors

"Since at least July 2016, Chinese authorities have been monitoring [Zapya] on some Uighurs’ phone in order to flag users for investigation... Directives in the leaked documents [ordered Uighurs abroad] to be monitored as well."  https://techcrunch.com/2019/11/24/leaked-chinese-government-documents-detail-how-tech-is-used-to-escalate-the-persecution-of-uighurs/ 

This cable trove confirms what was suspected, caught by HRW, & discovered by Project Zero. The Zapya dragnet may be those exact PZ exploits, and that — w/ the FBI the source — adds weight behind the idea that our intelligence community knew. For how long?

"In mid-2017, a group of California cybersecurity analysts reported that hackers had exploited flaws in Zapya, WeChat, and other apps to infiltrate users’ phones and steal private information." That is referring to SpyDealer.  https://www.icij.org/investigations/china-cables/how-china-targets-uighurs-one-by-one-for-using-a-mobile-app/   https://unit42.paloaltonetworks.com/unit42-spydealer-android-trojan-spying-40-apps/ 

What those documents unveil, and what the researchers have discovered and analyzed, is an organized, multi-year compromise of both iOS and Android, and many apps. The public deserves the right to know how & when the FBI discovered it, and whether the attacks reached U.S. shores.

IIRC, Apple provided a comment and denied the existence of a gag order following the publication of this iOS Security letter. But we also now know of the existence of several now-public National Security Letters. What don't we know?

You can follow @_DanielSinclair.


Tip: mention @threader_app on a Twitter thread with the keyword “compile” to get a link to it.

Enjoy Threader? Sign up.

Since you’re here...

... we’re asking visitors like you to make a contribution to support this independent project. In these uncertain times, access to information is vital. Threader gets 1,000,000+ visits a month and our iOS Twitter client was featured as an App of the Day by Apple. Your financial support will help two developers to keep working on this app. Everyone’s contribution, big or small, is so valuable. Support Threader by becoming premium or by donating on PayPal. Thank you.

Follow Threader