Chinese Police Buy Mobile Trojan to Spy on Locals

The Chinese authorities have moved swiftly to delete from the web the embarrassing revelation that police in Zhejiang province procured a $24,000 mobile trojan to spy on Android and iPhone users in the region.

The incriminating evidence was spotted by netizens on the website of the Wenzhou Economic and Technological Development Zone’s Public Security Bureau (PSB), according to the China Media Project.

Ironically, the information on police expenditures in the region was apparently only posted in a bid to improve transparency. It was taken down a few hours later but not before being widely circulated on social media and picked up by respected business site Caijing.

China Digital Times claimed the authorities issued the following censorship order, effectively removing all mention of the notice from the Chinese internet:

“All websites nationwide must not repost the article ‘Wenzhou Economic and Technological Development Zone Public Security Bureau Spends 100,000 on Cellphone Trojan Horse.’ If already reposted, immediately delete.”

The mobile trojan, targeted at jailbroken Android and iOS devices, was purchased from state-run Wuhan Hongxin Telecommunication Technologies for the princely sum of RMB 100,000 ($16,000).

The police also bought a mechanism to deliver that malware onto targeted devices for RMB 49,000 ($7,887), according to the deleted post.

The story is an embarrassing one for China, given its repeated claims whenever challenged by the US and others that it does not condone any form of hacking or cyber-espionage and is a victim, not a perpetrator, of such attacks.

The accidentally leaked information from Wenzhou would seem to indicate that it is indeed spying on its own citizens – lending more credence to Washington’s assertions that PLA operatives are habitual offenders when it comes to high level cyber-espionage against foreign targets.

Charlie Smith, co-founder of anti-censorship body, told Infosecurity that the Chinese state has a long track record of using technology against its citizens.

In fact, China’s certificate authority, CCNIC, has been accused by the group in the past of disseminating information-stealing malware and of complicity in the recent Man in the Middle (MITM) attacks on iCloud, Google, Outlook and Yahoo users in China.

Smith said he couldn’t be sure that the activities of the Wenzhou police in buying mobile trojans to spy on citizens are being repeated at local levels across the country.

“But it is true that the authorities have many tools at their disposal when it comes to keeping an eye on their citizens,” he added.

“The authorities have a long history of producing malware and trojan horses to gain access to information from normal citizens.”

What’s Hot on Infosecurity Magazine?