This is the daily email newsletter of China Digital Times, a bilingual news site covering China from cyberspace.
Latest Updates from China Digital Times

  • Lawyer Wang Quanzhang Moved from Prison into New Isolation

  • From Narrative Consent to Narrative Warfare: China’s COVID-19 Messaging

  • China Joins in Global Hacking Spike Amid Pandemic


Photo: The Patterns of Xiapu, by Alex Berger

The Patterns of Xiapu, by Alex Berger (CC BY-NC 2.0)

© Josh Rudolph for China Digital Times (CDT), get_post_time('Y'). | Permalink | No comment | Add to
Post tags:

Feed enhanced by Better Feed from Ozh

Like Photo: The Patterns of Xiapu, by Alex Berger on Facebookshare on TwitterGoogle Plus One Button

Lawyer Wang Quanzhang Moved from Prison into New Isolation

Rights lawyer Wang Quanzhang was released from prison in Shandong on Sunday, but is still being kept under closely guarded isolation. Authorities have presented this as a standard measure against the ongoing COVID-19 pandemic, but Wang’s family and supporters fear that it is a form of "non-release ‘release,’" a tactic used to contain politically disharmonious figures after the end of their formal sentences. The use of disease containment as a pretext for political control was previously suspected in cases like the detention of citizen journalist Chen Qiushi, and was included in a list of recommendations to the government from a private consultancy translated by CDT in early February. Wang was one of hundreds of lawyers and others detained during the 2015 "Black Friday" or "709" crackdown, but while most were soon released and a few key figures were tried and sentenced, Wang was held incommunicado for nearly three and a half years before a closed trial for subversion on December 26, 2018. His sentencing a month later was subject to a reporting ban. After his detention, Wang’s wife Li Wenzu, alongside other detainees’ relatives, emerged as a fierce advocate on his behalf and that of other 709 prisoners.

The Guardian’s Verna Yu reported on Wang’s situation:

His wife, Li Wenzu, fears that the authorities are using the pandemic as an excuse to hold him under de facto house arrest indefinitely. She said Wang has been released from prison but authorities had sent him to his home town, Jinan, in the north-eastern province of Shandong (400km south of Beijing) for quarantine.

Chinese authorities have been using compulsory quarantine as a pretext to detain or restrict the movements of government critics.

“The government is continuing to restrict his personal freedoms and forcing us to be separated,” Li told the Guardian. “This behaviour is shameless, I’m absolutely opposed to this and am very angry.

“I fear the government is using the pandemic as an excuse to detain him. Would it be just 14 days as they say? I can’t trust them. So long as my husband has no freedom, I’ll continue to fight until he comes back.” [Source]

In a message posted to Twitter on Monday, Li gave further details suggesting that the restrictions on Wang are not merely a matter of disease control:

Quanzhang’s phone has been confiscated!

Starting from 7 p.m. today, I wasn’t able to contact Quanzhang by phone, however many times I tried. At 9:16 p.m., Quanzhang finally called me, and anxiously said: "My situation here’s changed. The community head who helped me buy a phone yesterday is going to take it away, because the SIM was registered to her ID card. Some leader found her today, and said that letting me use the phone was for contact with family members only, not for all the other miscellaneous calls that came in. Now she’s revoked permission, and is taking the phone away. I kept telling her that my family would be worried if I suddenly lost contact. In the end, they let me make one call to you. From now on the rule is only one call per day to family."

After he’d hurriedly finished speaking, Quanzhang hung up. When I called back again, the phone had been turned off.

Having heard what he’d said, I was furious!

In the name of "isolation," they’re not letting Quanzhang go out. He has no way to go out and sort out an ID card or buy a phone card. Younger brother was dragged off to the police station while trying to deliver food and a phone, couriers are not allowed to deliver to his door. This is even more lonely than being in prison, now he doesn’t even have anyone to talk to! [Chinese]

South China Morning Post’s Kinling Lo and Mimi Lau further reported on Wang’s new captivity, and on signs of the toll taken by Wang’s treatment in prison.

In a phone interview, Li said Wang appeared to suffer from hearing and short-term memory losses.

“I was trying to get him to install WeChat but it requires a short verification and he couldn’t recall the code every time it was sent to him via text messages,” Li said.

[…] While she successfully had food and a bouquet of flowers delivered to Wang on Sunday afternoon, she said an unnamed cousin of Wang was taken away for questioning by police after being turned away from Wang’s flat.

Wang Qiaoling [wife of fellow rights lawyer Li Heping] said on Twitter that the bouquet of flowers she also ordered did not get to Wang, and the delivery man was taken into police custody.

Amnesty International China researcher Doriane Lau said the fact that authorities even turned away the delivery indicated Wang would likely face continued surveillance even though he had served his jail term.

“We are seeing more signs that the authorities are using the 14-day quarantine period for the coronavirus as a pretext to keep Wang under surveillance,” Lau said, adding that the group would carefully monitor Wang’s situation after two weeks. [Source]

NYU law professor Jerome Cohen anticipated this turn in Wang’s case in a blog post on Saturday:

I’ve used “Non-Release Release” (NRR) to describe the phenomenon of individual rights activists and lawyers in China often being released from prison into other, nominally “free” forms of what amounts to detention, such as de facto house arrest or enforced return and restriction to their native village. But NRR can also be used for large numbers of ordinary people, such as Muslims in the Xinjiang region. Many Uyghurs and other minorities there have reportedly been released from “re-education center” prisons, only to be forced to work in factories in various places.

[…] In the past decade NRR has been customized to suit the Party’s needs for effectively suppressing human rights lawyers on a more individualized basis than a formal system might allow, and also for a longer time than formal criminal or administrative sanctions might seem suitable. To the public, NRR looks better than sentencing a lawyer to life in prison, but it can nevertheless amount to a more discreet form of stifling someone forever. For example, whatever became of the great, courageous lawyer Gao Zhisheng? While repeatedly subjected to the formal criminal punishment system, his resistance generated periodic bad publicity for the Party and government. Since his last “release”, however, which forced him back to his native village, he has disappeared. Do people still remember him? Many wrongly assume he has happily been “reformed”.

Think blind “barefoot lawyer” Chen Guangcheng, who, after four years in prison, was “released” to his rural farmhouse with a couple of hundred thugs guarding him around the clock until his miraculous 2012 escape to the American embassy.

What will Wang Quanzhang’s “release” on April 5 amount to? It might have been more appropriate to release him on April Fool’s Day! [Source]

Others had also warned of a "non-release ‘release,’" including Li herself and the 12 rights groups behind a joint statement calling for real freedom for Wang last week:

To ensure that his treatment after release is in line with Chinese law and international human rights standards, we – the undersigned – strongly urge the Chinese government to:

  1. Respect the wishes and basic rights of Wang Quanzhang and his family, and permit Wang to immediately return to Beijing to reunite with his wife and son;
  2. Respect and ensure the protection of Wang Quanzhang and his family’s personal freedoms, in particular their freedom of movement;
  3. Ensure Wang Quanzhang or his family will not be put under house arrest or constant surveillance;
  4. Protect Wang Quanzhang and his family against any future harassment or persecution;
  5. Guarantee the equal right to education of Wang Quanzhang’s son.

[…] According to Chinese law, as highlighted by Lawyer Jiang Tianyong, an individual released from prison should be sent to their normal residential address as a priority, with “normal residential address” being the location where one has resided for at least one year. Wang lived and worked in Beijing before his arrest, therefore he has the right and should be allowed to return to Beijing.[Source]

Li Wenzu also described her anxiety about the future in an interview with Deutsche Welle’s William Yang, who posted the full, translated text at Medium last week.

I used to be a housewife that merely cared about my own family, and I never really cared about what happened in the outside world until Quanzhang was arrested. Now, I have turned into someone who has a broader view of the world and also knows more truth about what the Chinese government is trying to tell its citizens.

Another important change is that I have learned more about Quanzhang, especially what he does. In the past, I didn’t really know what his job entailed, but after spending the last few years around human rights lawyers and their family members, I learned more about the community as well as what Quanzhang’s life was like.

[…] Quanzhang is a man that deserves so much respect for what he does. I’m very proud of having a husband like Quanzhang, and I think once he is released from jail, I will be able to face many difficulties and challenges with him.

[…] I think the Chinese government sees us as their enemies, so they won’t let us have an easy life. Many human rights lawyers and their families still face persecution even after they have been released from jail, so I’m sure the same will happen to us. If the government continues to oppress us, I will definitely keep protesting. [Source]

All this time,
I’ve been counting the days on my fingers
The days till Quanzhang’s release
The days of his isolation
The days till our reunion

[Image: “The second day of Quanzhang’s isolation”]

© Samuel Wade for China Digital Times (CDT), get_post_time('Y'). | Permalink | No comment | Add to
Post tags: , , , , , , , ,

Feed enhanced by Better Feed from Ozh

Like Lawyer Wang Quanzhang Moved from Prison into New Isolation on Facebookshare on TwitterGoogle Plus One Button

From Narrative Consent to Narrative Warfare: China’s COVID-19 Messaging

From Narrative Consent to Narrative Warfare: China’s COVID-19 Messaging

By Lukas Mejia and Marine Ragnet

An official press release by the Chinese embassy in France recently stated that Chinese methods for containing the COVID-19 pandemic in the mainland were seen by French health officials as an “interesting source of inspiration.” “It was the ‘dictatorship’ from which the world first sought help, and not the American flagship of democracy,” the release further read. This language predicates a narrative war currently being waged at the forefront of the epidemic and attempts to discredit the United States’ dominance over health governance. These efforts give way to new insights as to how Chinese information operations have begun to shift.

2008 was a decisive year for China, hosting its first-ever Olympics. The event served as a figurative maturation of the Chinese Communist Party’s (CCP) tenure over the country, which had ushered unprecedented economic growth and development. It was a signal that China was ready to take leadership in the Indo-Pacific region, while also conditioning foreign actors to acknowledge its narrative on issues including human rights, extraterritorial maritime claims, and economic programs.

But in the weeks before the event, and as the torch journeyed through other parts of the world, protests broke out in Lhasa and descended into riots. The torch’s passage through London and Paris was then marred by further protests. And in facing a reality check of its global image, which was still tainted by oppression and crackdowns, the Chinese government began to aggressively pursue the laundering of its reputation worldwide.

In the run-up to the Olympics, orchestrating pro-Beijing demonstrations, blackmailing activists, and threatening to exclude foreign actors from economic offerings became par for the course in Chinese foreign policy. As many have noted, Chinese information operations have since been characterized by the co-opting of political elites, economic institutions, the media, public opinion, civil society, technology, and academia — blurring the covert and the diplomatic, in an effort to engineer global consent of its brand, until now.

As the world now confronts the COVID-19 Pandemic, the Chinese state has shifted its approach. A Russianization of tactics now permeates information operations in face of shaping the narrative behind the blame, figures, and containment of the virus. Reports highlight Beijing’s presence on western social media platforms and a more confrontational approach to information manipulation that draws from Russian tactics. Among these, Chinese officials have been amplifying messaging from Russian and Iranian propaganda outlets. The Alliance for Securing Democracy (ASD) suggests such actions demonstrate that China has “confidence in its brand.”

In recent months, Chinese government officials’ presence on social media has increased exponentially–despite many platforms being banned in the mainland. ASD estimates that Twitter accounts connected to Chinese embassies, consulates, and ambassadors have increased by more than 250 percent. The official account of China’s Embassy in France has positioned itself as a model and mediator in the crisis, in an effort to demonstrate the effectiveness of China’s political system and showcase itself as a factor of stability, in comparison to the United States.

In examining the Chinese government’s official Twittersphere, our research has found that narratives being promulgated vary from praising the CCP for its efforts to combat the outbreak, to openly criticizing Donald Trump’s handling of the pandemic. A recent public statement from the Chinese Embassy in Paris–retweeted hundreds of times–goes as far as comparing European political systems with that of China. These narratives are often retweeted by Chinese embassies based in francophone Africa.

In addition to social media accounts, the CCP also makes use of more traditional sources of information such as TV. The success of the English version of Russia Today inspired CCP propaganda officials to launch CCTV-News in 2010, renamed China Global Television in 2017, and present today in most Western European countries. Like Russia Today, the news broadcaster has hired foreign journalists and experts to report on issues around the world. These efforts are part of China’s wider strategy of engaging foreign audiences. General Secretary Xi Jinping urged state media to “use methods that overseas readers enjoy and accept, and language that they can understand, to explain the China story, [and] transmit China’s voice.”

We further found that messages emanating from these outlets aim to put forward China’s efforts in combating the outbreak while discrediting the United States. In doing so, CGTN’s French channel has disseminated the claim that the United States might be at the origin of the virus, propagating information backed by false academic evidence. CGTN France’s podcast series also maintains that Xi Jinping is leading the fight against COVID-19, asserting that he “personally guided and deployed the Chinese people to lead the interception battle, which is also the people’s joint battle against the COVID-19 epidemic.” Episodes of the podcast shared on Twitter are then retweeted by official Chinese government accounts such as consulates or embassies across France and francophone Africa.

This overall shift in the way that it conducts influence operations means that China is not only sufficiently confident in its global narrative but is also sufficiently armed to launch an international debate upon the global health community–a domain mostly dominated until now by the West. Gravely affected by the pandemic, European states are caught in the middle of a battle of narratives, pushing nations to eschew multilateralism in favor of their own responses. In a context where globalization is in retrenchment, Chinese help may feel welcome. But as China seeks to further its influence and reshape global institutions to its liking, the issues of human rights and transparency are likely to be neglected.
Lukas Mejia is an open-source analyst that has worked with New York University, the UN CTED, and the US State Department’s Global Engagement Center in furthering research and developing tools around the field of counter-disinformation — understanding the threat actors, methods, and trends.

Marine Ragnet (@marineragnet) is a public and international affairs professional that has previously conducted research for the French Ministry of Foreign Affairs, the European Commission, and presently for a US State Department mandated platform. She has worked in India, France, the United States, the UAE and Jordan across the public, private and NGO sectors and is intimately aware of the technical aspects of narrative warfare and disinformation which she encountered throughout her career.

© Sophie Beach for China Digital Times (CDT), get_post_time('Y'). | Permalink | No comment | Add to
Post tags: , , , , ,

Feed enhanced by Better Feed from Ozh

Like From Narrative Consent to Narrative Warfare: China’s COVID-19 Messaging on Facebookshare on TwitterGoogle Plus One Button

China Joins in Global Hacking Spike Amid Pandemic

Last week, U.S. cybersecurity firm FireEye published a report on "one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years," identifying its alleged perpetrator "APT41" as "one of the most prolific threats that FireEye currently tracks." From Christopher Glyer, Dan Perez, Sarah Jones, and Steve Miller:

[…] Between January 20 and March 11, FireEye observed APT41 attempt to exploit vulnerabilities in Citrix NetScaler/ADC, Cisco routers, and Zoho ManageEngine Desktop Central at over 75 FireEye customers. Countries we’ve seen targeted include Australia, Canada, Denmark, Finland, France, India, Italy, Japan, Malaysia, Mexico, Philippines, Poland, Qatar, Saudi Arabia, Singapore, Sweden, Switzerland, UAE, UK and USA. The following industries were targeted: Banking/Finance, Construction, Defense Industrial Base, Government, Healthcare, High Technology, Higher Education, Legal, Manufacturing, Media, Non-profit, Oil & Gas, Petrochemical, Pharmaceutical, Real Estate, Telecommunications, Transportation, Travel, and Utility. It’s unclear if APT41 scanned the Internet and attempted exploitation en masse or selected a subset of specific organizations to target, but the victims appear to be more targeted in nature.

[…] There is a lull in APT41 activity between January 23 and February 1, which is likely related to the Chinese Lunar New Year holidays which occurred between January 24 and January 30, 2020. This has been a common activity pattern by Chinese APT groups in past years as well.

[…] We did not observe APT41 activity at FireEye customers between February 2 and February 19, 2020. China initiated COVID-19 related quarantines in cities in Hubei province starting on January 23 and January 24, and rolled out quarantines to additional provinces starting between February 2 and February 10. While it is possible that this reduction in activity might be related to the COVID-19 quarantine measures in China, APT41 may have remained active in other ways, which we were unable to observe with FireEye telemetry. We observed a significant uptick in CVE-2019-19781 exploitation on February 24 and February 25. The exploit behavior was almost identical to the activity on February 1, where only the name of the payload ‘un’ changed.

[…] This activity is one of the most widespread campaigns we have seen from China-nexus espionage actors in recent years. While APT41 has previously conducted activity with an extensive initial entry such as the trojanizing of NetSarang software, this scanning and exploitation has focused on a subset of our customers, and seems to reveal a high operational tempo and wide collection requirements for APT41. [Source]

FireEye released a detailed report on APT41 last August, describing it as "a prolific Chinese cyber threat group that carries out state-sponsored espionage activity in parallel with financially motivated operations."

[…] APT41 is unique among tracked China-based actors in that it leverages non-public malware typically reserved for espionage campaigns in what appears to be activity for personal gain. Explicit financially-motivated targeting is unusual among Chinese state-sponsored threat groups, and evidence suggests APT41 has conducted simultaneous cyber crime and cyber espionage operations from 2014 onward.

[…] Like other Chinese espionage operators, APT41 espionage targeting has generally aligned with China’s Five-Year economic development plans. The group has established and maintained strategic access to organizations in the healthcare, high-tech, and telecommunications sectors. APT41 operations against higher education, travel services, and news/media firms provide some indication that the group also tracks individuals and conducts surveillance. For example, the group has repeatedly targeted call record information at telecom companies. In another instance, APT41 targeted a hotel’s reservation systems ahead of Chinese officials staying there, suggesting the group was tasked to reconnoiter the facility for security reasons.

[…] Like other Chinese espionage operators, APT41 appears to have moved toward strategic intelligence collection and establishing access and away from direct intellectual property theft since 2015. This shift, however, has not affected the group’s consistent interest in targeting the video game industry for financially motivated reasons. The group’s capabilities and targeting have both broadened over time, signaling the potential for additional supply chain compromises affecting a variety of victims in additional verticals.

APT41’s links to both underground marketplaces and state-sponsored activity may indicate the group enjoys protections that enables it to conduct its own for-profit activities, or authorities are willing to overlook them. It is also possible that APT41 has simply evaded scrutiny from Chinese authorities. Regardless, these operations underscore a blurred line between state power and crime that lies at the heart of threat ecosystems and is exemplified by APT41. [Source]

In a blog post later in August, the company described coming "toe-to-toe with APT41" following "suspicious activity on a publicly-accessible web server at a U.S.-based research university." In October, FireEye reported the apparent involvement of APT41 and "separate threat groups with suspected Chinese state-sponsored associations" in targeted tapping of text message conversations and phone call metadata from "political leaders, military and intelligence organizations and political movements at odds with the Chinese government." This was achieved by compromising network infrastructure, but "beyond telecommunication organizations, other client verticals that possess sensitive records related to specific individuals of interest, such as major travel services and healthcare providers, were also targeted by APT41. This is reflective of an evolving Chinese targeting trend focused on both upstream data and targeted surveillance." APT41 has also been linked to an attacker called Winnti Group, which has been accused elsewhere of "highly targeted" invasion of computers at two or more Hong Kong universities late last year amid the city’s long-running anti-extradition turned pro-democracy protests.

Over the past year, U.S. officials have complained that "since the announcement of Made In China 2025, the Department [of Justice] has brought trade secret theft cases in eight of the ten technologies that China is aspiring to dominate," claiming "probably about a thousand plus investigations" ongoing into actual or attempted theft of American IP, "almost all leading back to China." As FireEye alluded in its August report on APT41, such direct theft subsided following an agreement on commercially-motivated hacking between China and the Obama administration in 2015, but was later reported to have revived. The carefully narrow terms of the 2015 agreement somewhat complicate this picture, however.

In the realm of non-commercial espionage, meanwhile, the U.S. Department of Justice brought charges against four Chinese military officers in February for their alleged involvement in the 2017 breach of credit reporting agency Equifax. Reporting on politically driven hacks against Apple iPhone users and Australian political bodies last year suggested that some victims are choosing to keep quiet to avoid antagonizing China.

The attacks attributed to APT41 are just part of a spike in reported activity by both Chinese-sponsored and other government-linked and criminal hacking groups around the world amid the ongoing pandemic, which has prompted a coordinated response from the security community. Other recent incidents include attacks on the World Health Organization, including some tentatively linked to "Dark Hotel," an entity suspected to be linked with the South Korean government with "a long history of hacking North Korean and Chinese victims, with a focus on espionage." NBC’s Kevin Collier reported earlier this month on the prolific use of outbreak-related information as bait in phishing attacks.

“We’ve seen Russia use it against Ukraine, China use it against Southeast Asia, North Korea against South Korea,” said Ben Read, the senior manager for cyberespionage analysis at the cybersecurity firm FireEye.

FireEye analyzed emails from Chinese hackers to Vietnamese targets, and in one purporting to be reassurances from Vietnamese Prime Minister Nguyen Xuan Phuc that the government was doing everything in its power to contain the spread of the virus FireEye found malware that would compromise the computer of any user who downloaded it.

“These lures have really authentic branding, like they pretend to be from the CDC or the WHO or other really credible groups, and then target people based on ‘this seems like a really interesting thing offering me more information in a time that has so much information,’” said Lindsay Kaye, who also researched coronavirus phishing emails for the cybersecurity company Recorded Future.

[…] “The story started in Asia, and has kind of migrated, so the threat actors are following the virus,” said Adam Meyers, CrowdStrike’s vice president of intelligence. “They go from China to surrounding areas around China, they start targeting Japan, they start targeting South Korea, they start targeting Europe.” [Source]

More from Patrick Howell O’Neill at MIT Technology Review:

Two hacking groups aligned with the Chinese government targeted Vietnam, the Philippines, Taiwan, and Mongolia, the cybersecurity firms FireEye and Check Point reported today. The hackers are sending email attachments with genuine health information about coronavirus but laced with malware such as Sogu and Cobalt Strike, according to Ben Read, a senior intelligence analyst at FireEye.

[…] “You expect to get information from government sources, so it’s most likely that you will open and execute documents to see what it says,” said Lotem Finkelstein, head of threat intelligence at Check Point. “It makes it very useful to trigger an attack. The coronavirus outbreak serves threat actors very well, especially those that rely on phishing attacks to ignite attacks.”

[…] In addition to ongoing activity by government-sponsored hackers, cybercriminals are taking advantage of the chaos of current events. Hackers have previously used anxiety surrounding Ebola, Zika, and SARS to make money. 

[…] “Attackers are also subverting internal businesses’ credibility in their attacks,” researchers from the cyber firm Proofpoint wrote. “We have seen a campaign that uses a Coronavirus-themed email that is designed to look like an internal email from the company’s president to all employees … This email is extremely well-crafted and lists the business’ president’s correct name.” [Source]

The Washington Post examined the explosion in online scams on Thursday. Security issues such as phishing have become all the more pressing as information workers move en masse toward online remote work, putting many at greater risk than they might be on closely guarded corporate networks. This week, product recommendation site The Wirecutter published its first guide to "The Best Security Key for Multi-Factor Authentication," which offer "the strongest protection against phishing attacks" for accounts with platforms like Google, Facebook, and Twitter. Google’s own Titan security keys, whose Chinese manufacturing has provoked some suspicion, were not The Wirecutter’s top choice, for unrelated reasons. For more on security keys and how to use them, see user guides at

© Samuel Wade for China Digital Times (CDT), get_post_time('Y'). | Permalink | No comment | Add to
Post tags: , , , , , ,

Feed enhanced by Better Feed from Ozh

Like China Joins in Global Hacking Spike Amid Pandemic on Facebookshare on TwitterGoogle Plus One Button

Download our free iOS app

Please follow us on:  Twitter | Facebook | Tumblr I Instagram

Support CDT with your Amazon purchases through AmazonSmile

2020 Copyright © China Digital Times
 Powered by WordPress

unsubscribe from this list | update subscription preferences 

This email was sent to <<Email Address>>
why did I get this?    unsubscribe from this list    update subscription preferences
China Digital Times · 2512 Telegraph Ave · Berkeley, CA 94704 · USA