WUC Warns of Recent Rise in State-Sponsored Hacking

Press Release – For immediate release
6 September 2012
Contact: World Uyghur Congress www.uyghurcongress.org
0049 (0) 89 5432 1999 or
[email protected]

The World Uyghur Congress must regrettably draw attention to a recent rise of emails purportedly being sent from the WUC aimed at tricking recipients into opening infected attachments. The emails are targeting Uyghur activists, colleagues and friends from other NGOs and international organisations, with at least 4 different emails being identified. In view of many similar attacks in the past and the sophistication of these fake emails, the WUC believes that the infected emails are state-sponsored efforts by China to disrupt the work of the WUC.

The emails are being sent from email addresses which exhibit minor alterations in the real email address. Some of the subject matter reflects some of the work that the WUC is currently doing, such the upcoming WUC Executive Committee meeting. These fake emails therefore illustrate a particularly worrying trend by China to specifically monitor the WUC and other Uyghur organisations with the sole purpose of disrupting peaceful activism to secure and promote the fundamental human rights of Uyghurs in East Turkestan and abroad. In doing so, China is exporting its efforts to curtail alternate discourse to that of official narrative.

The WUC therefore kindly asks as our obligation to raise awareness of such a situation that all recipients of emails from the WUC be extra vigilant by ensuring that the emails are genuine. To do so, you can do the following:

  1. All press releases will be published on the WUC website as well as being sent out via our mailing list. Therefore, should there be any cause for suspicion, check the email with the press release against the one on our website.
  2. For emails from the WUC personnel, please check that the spelling of the email address matches that of previous ones in which you have had correspondence.
  3. Run a virus check on the attached documents.
  4. Should you still have doubts, please contact the WUC email account: [email protected]

This is not the first time that the WUC, Uyghur activists and other China human rights activists, such as the Tibetans, have had their emails hacked or been at the receiving end of other problems due to outside interference in the effective running of the WUC as a presence on the internet. One of the most serious incidents happened in June and July 2011 – around the time of the 2nd anniversary of the 5 July Urumqi crackdown – where the WUC servers were brought down completely after a DDoS attack (‘Distributed Denial of Service attack’), in addition to blocking the WUC’s office phone line and mobile numbers via constant incoming calls and thousands of emails being sent to WUC’s accounts in a two day period which rendered them inaccessible.

Recently, Kapersky Lab intercepted an advanced persistent threat (APT) campaign targeting Uyghur human rights activists. The emails sent were written in Uyghur and consisted a ZIP file with a Mac OS X backdoor intended to connect command and control servers located in China, allowing attackers to list and transfer files, in addition to executing commands on the infected machine. Other experts have noted further emails with similar intentions emerging during the Muslim holy month of Ramadan.