Skip to the content

Chinese play cat and mouse with Hong Kong protest technology



As reports emerge of the Chinese authorities launching cyber-attacks on the phones of Hong-Kong protestors, it may be becoming harder for people to remain anonymous as they use tools such as "mesh networking" app FireChat, one computer science academic has told

FireChat is a chat and messaging app that uses Bluetooth to create a peer-to-peer "mesh network" between users' phones, jumping up to 70 metres at a time if no normal phone or Wi-Fi signal is available. It runs on Apple iOS and Android devices, allowing people to chat with others nearby or open topic-based "chat rooms" to which anyone can subscribe, similar to public feeds on social networks such as Twitter.

The app recently picked up hundreds of thousands of users among the Hong Kong protestors following rumours that the internet might be shut down locally at the request of the Chinese government. This has started a new game of technological cat and mouse with the Chinese authorities, who maintain a notoriously hard grip on communications in mainland China.

The use of pseudonyms is one way protestors have been trying to protect themselves on what is a public network: Open Garden, the Californian start-up company that created the app, has already suggested people think carefully before using their real names and is working on adding encryption for private chat. The company is also planning to start checking that well-known or popular users are who they say they are, endorsing "official accounts" to make it harder for officials to masquerade as protest leaders.

However Gareth Tyson, lecturer in electronic engineering and computer science at Queen Mary, University of London, told that using a pseudonym may not be perfect protection from concerted action from the authorities.

"You do have a unique identifier associated with your phone, the MAC [media access control] address, burned into the microchip in the phone. So if someone was arrested they might be able to be linked to their messages.

"A protestor might be able to say I was just passing the message on, that is how mesh networks work, but I believe FireChat also keeps local stores of the messages."

Short of arresting users, the authorities have limited powers to prevent people using FireChat in the first place as it is not connected to a single centralised service or website, Tyson said.

"They could try and put in a lot of malicious nodes, which would stop forwarding messages - but this would be difficult as there are so many nodes in a mesh", he said. "More straightforward would be using jamming equipment to flood the area with radio waves, but it would be easy to see if they were doing it.

"Practically speaking the easiest way would be to scare people by saying we are monitoring it, and there are punishments for using it. So there are ways to block its use, it's just very difficult to do it without showing their hand."

Another route of attack open to the authorities might be to try and compromise the phones in other ways: cybersecurity firm Lacoon Mobile Security announced recently it had discovered a "very sophisticated" new spyware attack known as Xsser that targets both iOS and Android devices and which appears to be aimed specifically at the Hong Kong protesters. The spyware is capable of obtaining text messages, photos, call logs, passwords and other data from host phones, the company said.

The firm said the Chinese government has been enticing protestors into uploading the spyware by posing as campaign organisers Occupy Central. Activists have been receiving a message on the popular chat service Whatsapp from an unknown phone number, saying: "Check out this Android app designed by Code4HK, group of activist coders, for the coordination of Occupy Central!" Once the victims click on the link, their devices are infected.

Apart from the risks of interception and exposure, FireChat may not be well-suited to leading large-scale movements at a strategic level because of problems with the uncontrolled spread of rumours and overwhelming streams of data, Tyson said.

"If you look at a FireChat screen there can be 50 people babbling on, so finding a hierarchy is difficult. You also probably wouldn't use such an open network for something that could actually expose you such as demo planning: it would only take a few monitoring points in the area, and police could get a heads up as soon as you were thinking about it."

Instead the app and other tools like it could find their real strength as more mundane, localised tools for requesting supplies or support, he said. "People maybe need food, water, or transport - they can ask, does anybody have a car I can use, or is there a toilet nearby?"

Other countries where FireChat is proving popular include others where the authorities have blocked internet signals or social networks including Taiwan, Iraq, Iran, Syria and Egypt. It is also being used in regions with poor network coverage such as India, Brazil, Africa and even remote parts of European countries, because it allows people to share internet connections across gaps.

Additionally, FireChat - and similar services such as TribeHive - are used in the US and elsewhere at large gatherings such as music festivals and sports events, where network coverage can be affected by the sheer number of people trying to access services at once.

The same principle has also been used to allow people to communicate during natural disasters or emergencies that affect communications networks. After Hurricane Sandy hit the East Coast of the US in 2012, for example, some affected communities used mesh networks to communicate when cellphone and internet services were disrupted.

In the UK, communications overload was seen in the wake of the 7-11 tube bombings, and public bodies here might consider developing mesh services to build resilience against future outages, Tyson said.

"When those kinds of events take place similar problem crops up and the network becomes overloaded, so something like FireChat might be particularly helpful with geolocal information that needs to be circulated, maybe for people avoid a particular area for example.

"A service like that doesn't exist at the moment, but it could be built."

Pictured: Protesters occupy Gloucester Road, Wan Chai, Hong Kong on 29 September 2014 by Citobun/Wikimedia Commons.
FireChat: What is is, and what it is not:

Register For Alerts

Keep informed - Get the latest news about the use of technology, digital & data for the public good in your inbox from UKAuthority.