29 September 2020

Hack for the Uighurs: how to undermine China’s genocide


Rows of people branded ‘enemies of the state’ by their Government, sit on the ground waiting to be led onto trains and taken to concentration camps. They will be subjected to torture and forced labour; some will die.

This is not Nazi Germany and these people are not Jews. This time, the government is Chinese and the people are Uighurs, Falun Gong, Kazakhs, Tibetans, political activists, Christians, and many more who are persecuted because of their religion, ethnicity or political views. And though these scenes could be straight out of the 1940s, this is a very modern genocide.

The Chinese government uses cutting-edge technology to suppress its people. There is a system of mass-surveillance, including facial and voice recognition, DNA collection, location tracking and much more. Chinese authorities rely on technology for the collection and analysis of vast amounts of data on civilians, from physical attributes, religion and political views to social and familial ties, marking out those who are deemed ‘suspicious’. Without these systems, the government’s ability to monitor, track and imprison its citizens would be severely compromised – that means they’re vulnerable.

To stop China’s human rights violations, it’s time to start hacking. Diplomacy, sanctions and public admonitions haven’t worked – if anything the persecution has accelerated. The international community has stood by long enough, it should take swifter and harsher measures to target the systems controlling the concentration camps.

This will require sophistication and resources, and can be best achieved through cooperation between democracies with advanced hacking capabilities. The Chinese government has invested a lot of money in cyber-defences and built a large ‘cyber army’ to guard its technology from being hacked. The government’s tight control over the internet in China will also make their networks difficult to penetrate – but not impossible.

It’s the hackers’ motto that ultimately, any system can be compromised. Advanced Persistent Threat (ATP) hacking, which involves large-scale, targeted infiltrations to computer systems that may remain undetected for long enough to cause damage, can be effective. A number of attack vectors can be used. One option is to exploit employees who lack expertise in cyber security to unwittingly provide network access. Hackers can then use malicious software on the employee’s device as part of a targeted attack (phishing emails for example) or a non-targeted attack (planting malicious codes in a common website, software or programming libraries).

Recruiting employees as agents who will knowingly grant access to hackers is another way. The government’s tight control over its employees, monitoring them and ensuring their loyalty through indoctrination or intimidation, will make it difficult. However, recruitment of spies by intelligence agencies has been happening ever since Delilah betrayed Samson to the Philistines, and past leaks of official documents to journalists show that some are unwilling to toe the line.

Other attack vectors include endpoint ports (gaining access to a port like a computer, a camera) and attack through the Internet of Things (IoT). It is safe to assume that systems used by the Chinese authorities will have sophisticated security measures to detect and block attacks. These include ‘air gapping,’ a tool used to physically isolate a computer network from unsecured networks like the internet. In some cases, a computer is completely isolated and data can only be transferred to it physically, by using a USB memory stick for example. So using an employee, wittingly or unwittingly, is the best option for gaining access.

Remote hacking is more difficult because of China’s ‘Great Firewall’ which constantly monitors and blocks online activity. ‘Deep Packet Inspection’ is used to closely scrutinise data and block, re-route or log it accordingly. While this kind of extensive inspection and securing of data is effective, it’s costly, time-consuming and requires constant updates which have to be done by an expert. Therefore it’s prone to human error. Using the right resources China’s cyber-security measures can be compromised remotely.

Once access to a network has been established, the intelligence gathering options are numerous. Information used for detaining people in camps, such as personal details, voice and iris samples, digital fingerprints, religious and political activities and other information regarding people’s ‘trustworthiness’, could be encrypted or deleted. Gaining access to cameras could provide footage of human rights violations and crimes against humanity. Documents proving practices such as forced confessions, slave labour, forced abortions or sterilisations, could also be obtained. These could then be made public or used in international courts of law.

Hacking technology inside the camps is a first step. If China’s behaviour persists, cyber attacks should escalate to include other systems used for suppression, such as police networks, security cameras and systems used by local authorities.

If the countries involved maintain ambiguity and avoid publicly humiliating China, violent conflict can be avoided. In fact, the Chinese government could even deny that a successful attack took place to save face. But it is reasonable to assume that there will be retaliative cyber-attacks, possibly targeting sensitive infrastructure in the energy, health, transport and utilities industries. It is therefore imperative for the nations involved to ramp-up cyber defences.

Targeted hacking could obstruct the systems used for human rights abuses in camps without disabling critical infrastructure or harming Chinese civilians. It’s not a comprehensive solution, but when other measures fail, this non-violent approach could slow down and disrupt the authorities’ ability to spy on, track and detain people. It will also send a strong and necessary message from Democracies that we will not stand by and allow a genocide. Never Again.

Click here to subscribe to our daily briefing – the best pieces from CapX and across the web.

CapX depends on the generosity of its readers. If you value what we do, please consider making a donation.

Dr Limor Simhony is a policy adviser and researcher. She was Director of Counter Extremism at TRD Policy, specialising in policy, research and advocacy relating to online extremism, disinformation and radicalisation.

Columns are the author's own opinion and do not necessarily reflect the views of CapX.