Minitrue: Wenzhou Police Purchase Trojan Horse

The following instructions, issued to the media by government authorities, have been leaked and distributed online. The name of the issuing body has been omitted to protect the source.

All websites nationwide must not repost the article “ Economic and Technological Development Zone Spends 100,000 on Cellphone Trojan Horse.” If already reposted, immediately delete. (January 7, 2015)

各地各网站,不要转载《温州经济技术开发区公安分局花10万购手机木马》一文,已转载的请立即删除。[Chinese]

On December 15, the website of Zhejiang Province’s Wenzhou Economic Technology Development Zone disclosed a regional police department’s purchase of 149,000 RMB in equipment and software allowing the remote control of Android phones and jailbroken iPhones for . After web users—notably among them, journalist Liu Hu [Chinese]—spotted the revelation and commented online, the original disclosure disappeared (but is still available via Google Cache) and news began to spread. The Wall Street Journal’s James T. Areddy reports:

The police department in an economic-development zone there in December said on an official website that it planned to award a 149,000 yuan ($24,000) contract to a domestic state-run company to supply it software services for what it described as a “Trojan Horse.” A Trojan Horse is a program that helps others pilfer information from an unsuspecting user.

The notice from the Wenzhou Economic and Technological Development Zone’s public security bureau explained the purpose of the Trojan Horse program and a related delivery system: “targeting mobile phones using the Android system or iPhone after jailbreak for real-time surveillance on information like phone calls, text messages and photos on mobile phones.” “Jailbreak” refers to the steps phone owners sometimes take to modify their gadget’s software to get around restrictions placed by manufacturers and carriers so that users can tap multiple app stores and other services.

The notice was posted the zone’s website as part of a transparency initiative related to public spending. But it became unavailable sometime Wednesday after online users pointed to it and the news spread on the Weibo micrioblog service. […]

[…] It isn’t clear whether the services were supplied or deployed. [Source]

The censorship directive was aimed at a January 7 Caijing article which spread widely on Chinese Internet portals. China Media Project’s David Bandurski notes that the Caijing article and other coverage have now been deleted, and provides a PDF of the original Caijing report.

After Wenzhou’s awkward receipt disclosure, The Washington Post’s Simon Denyer and Xu Yangjinjing review Beijing’s avowed opposition to hacking, and relay netizen commentary on the legality and public knowledge of these types of government practices:

China’s government insists it staunchly opposes hacking and cyber-attacks, and has denied  U.S. government accusations that it spies on foreign companies. State media here has also accused the United States of hypocrisy after former National Security Agency contractor Edward Snowden revealed details of the NSA’s own cyber-surveillance program.

Reacting to the Wenzhou report, Chinese Web users pointed out Article 286 of the country’s criminal law that threatens up to five years in prison for anyone who “deliberately make and spread disruptive programs such as computer viruses.”

But the revelation did not come as a surprise to citizens here, who live in a culture where surveillance is central to the Party’s effort to “maintain security” – which often means measures to suppress dissent and prolong its rule.

[…] “The government buys Trojans, and then publicizes it! The government is improving,” one person posted on social media. [Source]

Weibo user 米娜多丶took a similarly sardonic comment a bit further, contrasting the Wenzhou Public Security Bureau’s transparency with Washington’s lack of it:

米娜多丶: The PSB’s work is straightforward and upright, practical and realistic, and subject to public inspection. The stark contrast between “buying a Trojan horse” and the “PRISM incident” only serves to shame the U.S. imperialists. They couldn’t do better! (January 7, 2015)

此公安局做事光明磊落,实事求是,公开监督,使得“购买木马”和“棱镜事件”形成鲜明的对比,让美帝国主义羞愧不已,抬头不能! [Chinese]

Other netizens commented on the fact that only jailbroken iPhones would be in jeopardy of attack by the Wenzhou PSB’s new equipment. While many urged their fellow web-users not to jailbreak their iPhones, Knightmaster said, “So the main reason for your cat-fight with is that they won’t open the back door for the ” (你国跟苹果撕逼的主要原因是苹果不给公安部开后门). Last July, CCTV claimed that iPhones could result in the leaking of state secrets, and in October Beijing denied allegations that Chinese government actors tried to intercept Chinese Apple users data. Read more netizen commentary on the Wenzhou PSB’s revelation via CDT Chinese.

真Since directives are sometimes communicated orally to journalists and editors, who then leak them online, the wording published here may not be exact. The date given may indicate when the directive was leaked, rather than when it was issued. CDT does its utmost to verify dates and wording, but also takes precautions to protect the source.