Activist Drew Pavlou’s hacked emails putting Uighurs at risk

Human rights activist Drew Pavlou has been the target of Chinese hackers who accessed his private email account and may have obtained the identity of vulnerable Uighurs.

Liam Mendes

@liammendes

4 min read

7:46PMOctober 04, 2021.

Updated 10:38PMOctober 04, 2021

Student activist Drew Pavlou, right, joins rallying Uighurs at Adelaide’s Victoria Square in February. Picture: Mike Burton

Human rights activist Drew Pavlou has been the target of Chinese hackers who accessed his private email account and may have obtained the identity of vulnerable Uighurs with whom he has been in contact.

The breach was confirmed by cyber security experts who laid a trap for the hackers by planting false information in the account – a fake book contract said to be worth $350,000.

The exact figure soon found its way into a social media post by a pro-Beijing activist group run by two Australians.

One of the pair believes the 1989 Tiananmen Square massacre is a hoax and the other, believed to be his daughter, is a pro-China activist with links to China’s People’s Liberation Army.

Mr Pavlou suspects information obtained from his hacked emails resulted in Chinese authorities detaining the mother of an Australia-based Uighur he had interviewed for a research project.

Shortly after the anti-China activist was initially hacked, she was tracked down and sent to a re-education facility in Xinjiang by Chinese authorities.

She had previously been the target of Chinese secret police after her son was identified as being at a high-profile protest held at the University of Queensland with Mr Pavlou in 2019.

The protest was a show of support for Hong Kong democracy and denounced human rights abuses committed by Beijing against Uighurs. Following subsequent protests, Mr Pavlou was suspended from the University of Queensland.

He has since been subject to multiple hit-pieces by CCP mouthpiece the Global Times and was the target of a Chinese foreign ministry spokesman a year ago.

The 22-year-old believes the transcript of the interview with the Uighur, which included details of his attendance at the UQ protests and discussions about Chinese influence at Australian universities, had enough detail to identify the woman.

Mr Pavlou said when he realised the potential gravity of the situation, he “wanted to vomit … The possibility that a Uighur Australian’s family member may have been taken to one of these incarceration camps because they were friends with me and talking with me is really scary,” he said.

“That’s something that weighs on my conscience so much, and I still feel so sick about it.”

Cyber security experts from Internet 2.0 discovered the breach on January 25 after hackers also used Mr Pavlou’s inbox to send emails to pro-China activists in an attempt to discredit him.

The tweet revealing the figure planted in Mr Pavlou’s email.

After discovering the breach, Mr Pavlou’s and a handful of other activists’ private email accounts were used as part of a canary trap – a method for exposing how information leaked by providing slightly different versions of a sensitive document – to determine the exact source of the leak.

The trap involved Vicky Xu, an Australian journalist, author and Chinese Communist Party critic, who had faced a well-publicised brutal and sexualised smear campaign by pro-China trolls trying to silence her following her criticism of China’s treatment of Uighurs.

Emails with fake contracts that included a monetary figure she was to be paid for a book she was writing were sent from a burner email account to each activist.

Each figure was unique to each activist to track the flow of the information.

“After a cyber campaign targeting the activist community within Australia, Internet 2.0 assessed the commentary of pro-China Twitter to identify what information might be interesting to them,” chief executive and founder of Internet 2.0 Robert Potter said. “After seeing much speculation on the value of the book contract received by Vicky Xu, Internet 2.0 placed fake information within activist emails.”

About seven weeks later, the Twitter account of registered not-for-profit Critical Social Work Publishing House, an organisation established to “publish the work of social work practitioners and others helping to address injustice and inequality from a critical perspective” tweeted the exact figure that had been planted in Mr Pavlou’s email.

“Curious … Apparently Vicky Xu received a $350,000 advance from her publisher for the book she’s taken time off to write. If this is true, does anyone know if her publisher made her delete her Twitter account because of tweets like this?” the tweet read.

Critical Social Work Publishing House is written by two Australians, one of whom is Jaqueline “Jaq” James, a pro-China voice who claims to be a “Western Propaganda Analyst” and has lectured in English for the CCP’s People’s Liberation Army. She also claims to have worked as a legal policy officer for the Australian government.

Jaqueline ‘Jaq’ James, one of the authors of Critical Social Work Publishing House, claims to have worked as an English lecturer for the People’s Liberation Army.

The other author is Milton James, believed to be her father, who wrote a July 2020 article questioning whether the 1989 Tiananmen Square massacre – where Chinese authorities killed hundreds of students – actually happened. “The story that Chinese troops machine-gunned hundreds of innocent student protesters on the night of 3rd or 4th June 1989 has been thoroughly debunked by many of those present in the square on those nights,” he wrote.

It is unclear exactly how Critical Social Work Publishing House obtained the figure that was planted in Mr Pavlou’s email.

Milton and Jaqueline James did not respond to repeated requests for comment.

Mr Potter said the IP addresses linked to the hack originated from mainland China, but the attack could not be confirmed to have come from a state-sponsored actor.

However, it had the sophistication, and fitted the profile, of an attack by a state actor.

Milton James, Tiananmen Square massacre denier and one of the authors of Critical Social Work Publishing House.

“The data fits what was placed on social media by pro-China activists. Based on the uniqueness of the number, it appears the information has been shared with pro-China activists in one way or another,” Mr Potter said.

“The remote logins were from multiple IP addresses which shows they had preset cyber infrastructure for an attack. They had robust infrastructure and they bypassed his two-factor authentication,” he said.

Mr Pavlou, however, is certain the hacking was undertaken by state-sponsored actors with the information passed on to pro-China activists.

“It says a lot about the nature of Chinese power and global influence that they are trying to interfere in Australia’s democracy to undermine and attack their critics in this country, and they’re possibly actually carrying out illegal crimes to do it.

“This is a very clear case of Chinese interference in Australian democracy. They’re deliberately trying to undermine the credibility and genuinely attack and smear anti-CCP critics in Australia,” Mr Pavlou said.