1. Forum
  2. Usenet
  3. SOC.CULTURE.CHINA

  • Vast Cache of Chinese Police Files Offered for Sale in Alleged Hack

    From David P.@21:1/5 to All on Fri Jul 8 09:59:15 2022
    Vast Cache of Chinese Police Files Offered for Sale in Alleged Hack
    By Karen Hao and Rachel Liang, July 4, 2022, WSJ

    A vast trove of data on Chinese citizens allegedly siphoned from a police database, some of which checks out as legitimate, is being offered for sale by an anonymous hacker or hacking group. If confirmed, it would mark one of history’s largest leaks of
    personal data.

    The cache allegedly includes billions of records stolen from police in Shanghai, containing data on one billion Chinese citizens, according to a post advertising its availability that was published on Thursday by the hacker on a popular online cybercrime
    forum. The post, which began circulating on social media over the weekend, put the price for the leak at 10 Bitcoin, or roughly $200,000.

    Cybersecurity experts say the claimed hack is alarming not just for its alleged size—which would rank among the biggest ever recorded and the largest known for China—but also because of the sensitivity of the information contained in the government
    database.

    A sample of the data posted by the hacker, who claimed it included 750,000 records, contained individuals’ personal names, national ID numbers, phone numbers, birthdays and birthplaces, as well as detailed summaries of crimes and incidents reported to
    the police. The cases ranged from incidents of petty theft and cyber fraud to reports of domestic violence, dating as far back as 1995 to as recently as 2019.

    While the scope of the data leak remains unconfirmed, The Wall Street Journal verified several of the records in the leak by calling people whose numbers were listed. Five people confirmed all of the data, including case details that would be difficult
    to obtain from any source other than the police. Four more people confirmed basic information such as their names before hanging up.

    One woman, alarmed at the accuracy of the leaked details, asked whether the information about her had come from the iPhone that she had reported stolen in her case file in 2016.

    Another man, surnamed Wei, who had reported being defrauded of 30,000 yuan after scammers persuaded him to join an investment scheme, according to the records released by the hacker, sighed after hearing that his data had been leaked. “We are all
    running naked,” he said, using popular Chinese slang for a lack of privacy.

    Cybersecurity experts remain cautious, however, about believing all of the hackers’ claims.

    Troy Hunt, a web-security consultant based in Australia, said the sheer size of the database—which would include the majority of China’s population of 1.4 billion people—drew some suspicion, as did the anonymity of the user who posted the
    information.

    While most hackers are driven by financial motives, the solicitation for a large sum of money also raises the possibility that the claim has been exaggerated or falsified, Mr. Hunt said.

    Several numbers that the Journal tried were invalid or no longer in service. It is not uncommon for mobile phone users in China to change their numbers every few years.

    The Shanghai police, Shanghai propaganda office and Chinese internet regulator didn’t respond to requests for comment.

    On the forum where the database has been posted for sale, the hacker or group has claimed that the data was taken from Aliyun, a cloud computing subsidiary of Alibaba Group, which they say hosts the Shanghai police database.

    On Monday, Zhao Changpeng, CEO of cryptocurrency exchange Binance, tweeted that the company had detected the hack and had “stepped up verifications for users potentially affected.” Binance didn’t respond to a request for comment.

    Data leaks have been rampant globally in recent years. In 2021, a total of 4,145 publicly disclosed breaches collectively exposed over 22 billion records, according to cybersecurity company Risk Based Security.

    But such a massive leak would be particularly sensitive in China, where black-market data brokers once did a brisk business trafficking in personal data. Over the past few years, Beijing has ramped up its protection of personal information, most recently
    passing the Personal Information Protection Law in 2021, in part due to widespread public anger that data breaches had reached unbearable levels.

    The actions have specifically targeted companies, however, leaving broad carve-outs for the government collection of information under national security considerations.

    Cybersecurity experts say such a breach could have lasting and unpredictable consequences for the individuals affected.

    “Trying to remove your information from the internet is like trying to remove pee from a pool,” said Mr. Hunt. “It just goes into a big melting pot of exposed data and you have no idea which bit has come from where.”

    Mr. Hunt added that the leak highlighted how little China’s extensive system of internet filters, commonly referred to as the Great Firewall, can do to prevent its citizens’ data from being hacked and posted online for anyone to have access to.

    “Despite China’s best efforts, the internet really doesn’t have borders,” he said.

    https://www.wsj.com/articles/vast-cache-of-chinese-police-files-offered-for-sale-in-alleged-hack-11656940488

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From ltlee1@21:1/5 to David P. on Sat Jul 9 03:28:41 2022
    On Friday, July 8, 2022 at 12:59:17 PM UTC-4, David P. wrote:
    Vast Cache of Chinese Police Files Offered for Sale in Alleged Hack
    By Karen Hao and Rachel Liang, July 4, 2022, WSJ

    A vast trove of data on Chinese citizens allegedly siphoned from a police database, some of which checks out as legitimate, is being offered for sale by an anonymous hacker or hacking group. If confirmed, it would mark one of history’s largest leaks
    of personal data.

    The cache allegedly includes billions of records stolen from police in Shanghai, containing data on one billion Chinese citizens, according to a post advertising its availability that was published on Thursday by the hacker on a popular online
    cybercrime forum. The post, which began circulating on social media over the weekend, put the price for the leak at 10 Bitcoin, or roughly $200,000.

    Cybersecurity experts say the claimed hack is alarming not just for its alleged size—which would rank among the biggest ever recorded and the largest known for China—but also because of the sensitivity of the information contained in the government
    database.

    A sample of the data posted by the hacker, who claimed it included 750,000 records, contained individuals’ personal names, national ID numbers, phone numbers, birthdays and birthplaces, as well as detailed summaries of crimes and incidents reported
    to the police. The cases ranged from incidents of petty theft and cyber fraud to reports of domestic violence, dating as far back as 1995 to as recently as 2019.

    While the scope of the data leak remains unconfirmed, The Wall Street Journal verified several of the records in the leak by calling people whose numbers were listed. Five people confirmed all of the data, including case details that would be difficult
    to obtain from any source other than the police. Four more people confirmed basic information such as their names before hanging up.

    One woman, alarmed at the accuracy of the leaked details, asked whether the information about her had come from the iPhone that she had reported stolen in her case file in 2016.

    Another man, surnamed Wei, who had reported being defrauded of 30,000 yuan after scammers persuaded him to join an investment scheme, according to the records released by the hacker, sighed after hearing that his data had been leaked. “We are all
    running naked,” he said, using popular Chinese slang for a lack of privacy.

    Cybersecurity experts remain cautious, however, about believing all of the hackers’ claims.

    Troy Hunt, a web-security consultant based in Australia, said the sheer size of the database—which would include the majority of China’s population of 1.4 billion people—drew some suspicion, as did the anonymity of the user who posted the
    information.

    While most hackers are driven by financial motives, the solicitation for a large sum of money also raises the possibility that the claim has been exaggerated or falsified, Mr. Hunt said.

    Several numbers that the Journal tried were invalid or no longer in service. It is not uncommon for mobile phone users in China to change their numbers every few years.

    The Shanghai police, Shanghai propaganda office and Chinese internet regulator didn’t respond to requests for comment.

    On the forum where the database has been posted for sale, the hacker or group has claimed that the data was taken from Aliyun, a cloud computing subsidiary of Alibaba Group, which they say hosts the Shanghai police database.

    On Monday, Zhao Changpeng, CEO of cryptocurrency exchange Binance, tweeted that the company had detected the hack and had “stepped up verifications for users potentially affected.” Binance didn’t respond to a request for comment.

    Data leaks have been rampant globally in recent years. In 2021, a total of 4,145 publicly disclosed breaches collectively exposed over 22 billion records, according to cybersecurity company Risk Based Security.

    But such a massive leak would be particularly sensitive in China, where black-market data brokers once did a brisk business trafficking in personal data. Over the past few years, Beijing has ramped up its protection of personal information, most
    recently passing the Personal Information Protection Law in 2021, in part due to widespread public anger that data breaches had reached unbearable levels.

    The actions have specifically targeted companies, however, leaving broad carve-outs for the government collection of information under national security considerations.

    Cybersecurity experts say such a breach could have lasting and unpredictable consequences for the individuals affected.

    “Trying to remove your information from the internet is like trying to remove pee from a pool,” said Mr. Hunt. “It just goes into a big melting pot of exposed data and you have no idea which bit has come from where.”

    Mr. Hunt added that the leak highlighted how little China’s extensive system of internet filters, commonly referred to as the Great Firewall, can do to prevent its citizens’ data from being hacked and posted online for anyone to have access to.

    “Despite China’s best efforts, the internet really doesn’t have borders,” he said.

    https://www.wsj.com/articles/vast-cache-of-chinese-police-files-offered-for-sale-in-alleged-hack-11656940488

    Meaningless article objectively speaking.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)