Profile picture
Elliot Alderson @fs0c131y
, 19 tweets, 7 min read Read on Twitter
<Thread> China spies on fellow citizens with the help of private enterprise. Here is an example. 1/18
In July, 2017, @mashable and @fossbytes14 published an article explaining that the Chinese authorities are forcing its Muslim minority population in Xinjiang to install spyware on their smartphones. 2/18
mashable.com/2017/07/21/chi…
Fossbytes based his article on Twitter user comments including @o66071443. @o66071443 who was very active on Twitter, with +8K tweets and +32K followers, does not publish anything since October 3, 2017. 3/18
Mashable also used a tweet from @wenyunchao, a Chinese Internet Activist. 4/18
In both article, they used this notice, written in Uyghur and Chinese, was sent by WeChat to residents in Urumqi, Xinjiang's capital. 5/18
Here is a translation of the notice made by Google Translate. 6/18
As noticed by users on @HackerNews, this notice contains a QR code that allows you to download spyware. To this day the link is still active. 7/18
http://47.93.5.238:8081/APP/GA_AJ_JK/GA_AJ_JK_GXH.apk
By playing with the parameters of the URL, we can find 2 other applications. The links on the page can be translated: "Download Public Security Check", "Download Public Security Project". 8/18
http://47.93.5.238:8081/APP/
Thanks to VirusTotal I managed to get 6 different additional samples. I will analyse these applications in a next thread, this one is already super long. 9/18
The IP address 47.93.5.238 corresponds to bxaq.landaitap.com. Whois information shows that this domain has been registered with a landasoft address. 10/18
According to @Bloomberg, Shanghai Landasoft Data Technology Inc. designs and develops prepackaged software solutions for data management and analysis; human management; and criminal suspects trajectory and intelligence analysis. 11/18
bloomberg.com/research/stock…
Moreover, did you notice the itap in the URL? iTAP is a "product" of Landasoft. Here is the video presentation available on their website. Take the time to watch the full video and then think about the implications. 12/18
If you want to know more about iTAP and how it's use, you can check the case center. 13/18
landasoft.com/html/class/dsj…
By analyzing the APKs found previously, we can find the iTAP backend which is accessible only on mobile. 14/18
Take the time to zoom in on the banners, to observe the number of logos. It's frightening... 15/18
From this site you can download 2 files called ITAP_x32 and ITAP_x64. These archives contains an exe file detected as Trojan.Win32.KillProc.eljgui by NANO-Antivirus. 16/18
virustotal.com/#/file/e9ab71b…
This exe file will install a modified version of Chrome. If you are a reverse engineer specialized in this field, can you analyze this file? Your help will be super appreciate. 17/18
That's all! 18/18
unroll
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Elliot Alderson
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @fs0c131y see all

Profile picture
In 1981, the Primrose fails on a beach of the North Sentinel Island, pushed by a typhoon. You can still see the wreckage on Google Map, in a creek, in the northwest. The crew was saved only by a helicopter operated by the Indian Navy.
Exact coordinates on Google Maps. Open the link, this Island is wonderful! google.com/maps/place/Nor…
Awesome article in French about the North Sentinel Island from @lemondefr lemonde.fr/international/…
Read 3 tweets
Profile picture
I have a @Frida question: How to deal with a HashMap? I'm intercepting a Java method, "this" has a Hashmap in his attributes. I want to print the content of this HashMap cc @oleavr @enovella_
cc @NowSecureMobile 👋
cc @fridadotre
Read 3 tweets
Profile picture
.@Paytm, the most used banking app in #India, just sent a dummy notification to his users in the middle of the night. Imagine the reaction of the guy (hacker?) when he realised that he just sent a notification to millions of people
Paytm published a tweet regarding this notification
Read 3 tweets

Related threads

Profile picture
#Thread
CURSE OF KNOWLEDGE:
This is a powerful cognitive bias, and the one that's probably most responsible for you staying stuck in your dead-end way of doing things instead of breaking out.

What is it?
The mind's inability to remember what it was like to not know something.
At first glance you may think this is a relatively unimportant thing. Completely harmless.

But it's robbing you of your freedom. Here's how.

To understand, we're going to use an example from my life: Magic Tricks.

I'm a professional mentalist; I've performed in Vegas.
I know how the mind works, and I understand why the simple methods of magic are so powerful; they leverage exactly these kinds of mental hiccups. So, here's the example.

I do a trick, and you want to know how it works. You'll do ANYTHING. Pay me $100, even. Great! Pay up!
Read 18 tweets
Profile picture
Let's talk about rejection, shall we? I'm used to doling out a LOT of rejections. I request about 1% of queries I receive. For all you non-math people that means 1 out of 100. And I receive a lot of rejections, too! I've got a LOT of client manuscripts out on submission. <thread>
Mostly when I reject a query I only read the letter & never get to the actual pages, because I'm rejecting for a query-letter-level reason, like I don't need another PB client right now or I don't like thrillers or I already represent something with the exact same plot. <thread>
I also reject things at the query level based on my personal preferences. For example, I'm not into sports, can't relate to sports-driven stories & frankly I'm just not interested. Even if it would be a big success. Even if well written. Because I don't want to read it. <thread>
Read 14 tweets
Profile picture
Corruption of the Faustian Bargain, via @mollyesque — for Wisconsin’s @LeahVukmir, Trump’s corruption and a pipeline of US secrets running from the White House to the Kremlin are a small price to pay for his ignorance and racism. @SykesCharlie is quoted. time.com/5443238/leah-v…
Let’s just do a <thread> for Republican candidates around the country enraptured by Trump and eager to follow his example. Like Brian Kemp in Georgia: making up stuff right before the election. @politicalinsidr sums this one up well. politics.myajc.com/blog/politics/…
Here’s Josh Hawley in Missouri, known for his role in a Trump lawsuit to have Obamacare & its protections for people with pre-existing conditions thrown out, using campaign consultants to run his state office & prepare a Senate candidacy. By @J_Hancock kansascity.com/news/politics-…
Read 7 tweets
Profile picture
@metaquest <Thread>
1/ Good luck with that.

From Friday the 13th's grand jury indictment:
"For example, on or about Friday, Oct 28, 2016 KOVALEV and his co-conspirators visited the websites of certain counties in
Georgia
Iowa
Florida
to identify vulnerabilities."
@metaquest 2/ This also happened on Friday, Oct 28 2016:
"Comey sent a letter to members of Congress advising them that the FBI was reviewing more emails. Members of Congress leaked the information to the public within minutes.[106]."
en.wikipedia.org/wiki/James_Com…
@metaquest 3/ So Russia GRU was noodling around with voter registration/election websites for Georgia, Iowa and Florida *on the same day* that Comey's letter re: HRC emails was leaked to press by @jasoninthehouse, who then resigned from Congress less than a year later (on Jun 30, 2017)🤔.
Read 14 tweets
Profile picture
<THREAD> Why are some exaggerating/mistaking what the #GrassleyMemo says?

See this widely-shared thread below by @KimStrassel.

I wrote about the Grassley memo at length here: justsecurity.org/51956/dissecti…

I’ll raise specific points of disagreement with Strassel in this thread ... 1/
2. Strassel: “it confirms the Nunes memo and blows up the Schiff talking points”

FALSE: it undercuts #NunesMemo on 2 main claims: whether the FISA application relied on news story for corroboration and whether DOJ told court about political origins of Steele’ dossier.

I wrote:
3. Strassel: #GrassleyMemo “is confirmation that the FBI's FISA application relied on the dossier and a news article”

FALSE: In addition to what I wrote in #2 on the news article, top expert David Kris explains Nunes memo highly implausible on this issue:
Read 10 tweets
Profile picture
<THREAD> I'm now hearing this meme that governments around the world have defeated communism.

Guys. It's time for some Marxist theory
A spectre is haunting Europe--the spectre of Communism. All the Powers of old Europe have entered into a holy alliance to 1/590
exorcise this spectre: Pope and Czar, Metternich and Guizot, French Radicals and German police-spies. Where is the party 2/590
Read 592 tweets

Trending hashtags

#BurmaShaveBillboard #KOSPI #MendocinoComplex #VIX #GamerGaters #China #DonnieTwoScoops #BeltAndRoad #MBTA #Cult45 #TwitterfingersInChief #UST #NunesMemo #Eurostoxx #StringOfPearls #GreatFallsMT #Israel #nk225 #KGB #SPX #ThanksTrump #Shcomp #TreasonWeasels #Democrats #WePayYOU

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!