Vast Cache of Chinese Police Files Offered for Sale in Alleged Hackof personal data.
By Karen Hao and Rachel Liang, July 4, 2022, WSJ
A vast trove of data on Chinese citizens allegedly siphoned from a police database, some of which checks out as legitimate, is being offered for sale by an anonymous hacker or hacking group. If confirmed, it would mark one of history’s largest leaks
The cache allegedly includes billions of records stolen from police in Shanghai, containing data on one billion Chinese citizens, according to a post advertising its availability that was published on Thursday by the hacker on a popular onlinecybercrime forum. The post, which began circulating on social media over the weekend, put the price for the leak at 10 Bitcoin, or roughly $200,000.
Cybersecurity experts say the claimed hack is alarming not just for its alleged size—which would rank among the biggest ever recorded and the largest known for China—but also because of the sensitivity of the information contained in the governmentdatabase.
A sample of the data posted by the hacker, who claimed it included 750,000 records, contained individuals’ personal names, national ID numbers, phone numbers, birthdays and birthplaces, as well as detailed summaries of crimes and incidents reportedto the police. The cases ranged from incidents of petty theft and cyber fraud to reports of domestic violence, dating as far back as 1995 to as recently as 2019.
While the scope of the data leak remains unconfirmed, The Wall Street Journal verified several of the records in the leak by calling people whose numbers were listed. Five people confirmed all of the data, including case details that would be difficultto obtain from any source other than the police. Four more people confirmed basic information such as their names before hanging up.
One woman, alarmed at the accuracy of the leaked details, asked whether the information about her had come from the iPhone that she had reported stolen in her case file in 2016.running naked,” he said, using popular Chinese slang for a lack of privacy.
Another man, surnamed Wei, who had reported being defrauded of 30,000 yuan after scammers persuaded him to join an investment scheme, according to the records released by the hacker, sighed after hearing that his data had been leaked. “We are all
Cybersecurity experts remain cautious, however, about believing all of the hackers’ claims.information.
Troy Hunt, a web-security consultant based in Australia, said the sheer size of the database—which would include the majority of China’s population of 1.4 billion people—drew some suspicion, as did the anonymity of the user who posted the
While most hackers are driven by financial motives, the solicitation for a large sum of money also raises the possibility that the claim has been exaggerated or falsified, Mr. Hunt said.recently passing the Personal Information Protection Law in 2021, in part due to widespread public anger that data breaches had reached unbearable levels.
Several numbers that the Journal tried were invalid or no longer in service. It is not uncommon for mobile phone users in China to change their numbers every few years.
The Shanghai police, Shanghai propaganda office and Chinese internet regulator didn’t respond to requests for comment.
On the forum where the database has been posted for sale, the hacker or group has claimed that the data was taken from Aliyun, a cloud computing subsidiary of Alibaba Group, which they say hosts the Shanghai police database.
On Monday, Zhao Changpeng, CEO of cryptocurrency exchange Binance, tweeted that the company had detected the hack and had “stepped up verifications for users potentially affected.” Binance didn’t respond to a request for comment.
Data leaks have been rampant globally in recent years. In 2021, a total of 4,145 publicly disclosed breaches collectively exposed over 22 billion records, according to cybersecurity company Risk Based Security.
But such a massive leak would be particularly sensitive in China, where black-market data brokers once did a brisk business trafficking in personal data. Over the past few years, Beijing has ramped up its protection of personal information, most
The actions have specifically targeted companies, however, leaving broad carve-outs for the government collection of information under national security considerations.
Cybersecurity experts say such a breach could have lasting and unpredictable consequences for the individuals affected.
“Trying to remove your information from the internet is like trying to remove pee from a pool,” said Mr. Hunt. “It just goes into a big melting pot of exposed data and you have no idea which bit has come from where.”
Mr. Hunt added that the leak highlighted how little China’s extensive system of internet filters, commonly referred to as the Great Firewall, can do to prevent its citizens’ data from being hacked and posted online for anyone to have access to.
“Despite China’s best efforts, the internet really doesn’t have borders,” he said.
https://www.wsj.com/articles/vast-cache-of-chinese-police-files-offered-for-sale-in-alleged-hack-11656940488
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 297 |
Nodes: | 16 (2 / 14) |
Uptime: | 107:40:05 |
Calls: | 6,662 |
Calls today: | 4 |
Files: | 12,209 |
Messages: | 5,335,499 |