Tracking a distinct population: China's surveillance of its Uyghur minority.
Let us begin with a quick review of a story that broke a week ago, because it's continued to develop. We saw last week that Google's Project Zero had released details of its research into a quiet, sustained watering-hole campaign against iPhone users. They found five distinct exploit chains in use by the attackers. "There was no target discrimination," Google's blog said, "simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week." Apple patched the zero-day vulnerability back in February that the campaign had exploited. Google notes that this is just one campaign, and "there are almost certainly others."
These reports were amplified over this past weekend. Forbes reported that the attacks also affected Android and Windows systems. There was speculation at the time of the initial reports that the attacks, which in Google's account seemed relatively indiscriminate, were in fact intended to target specific groups. It now appears, according to TechCrunch, that the attackers were Chinese security services, and the targets were China’s predominantly Muslim Uyghur minority.
Those same security services, Reuters said at week's end, have also compromised telecommunication network in several Asian countries with a view to keeping track of the activities of Uyghur travelers abroad.