Reports have emerged of a massive Chinese database filled with 2.4 foreign nationals – including high profile celebrities and academics – has been leaked online; one of the most significant information security revelations of 2020.
The database belongs to Zhenhua Data, a company based in Shenzhen, and is likely connected to the Ministry of State Security, according to reports. It contains information on 2.4 million people around the globe, including 35,000 Australians.
Included in that list of 35,000 Australians are journalists, high-ranking politicians, members of the military, diplomats, academics, business executives, lawyers, accountants and engineers.
“The company has violated the privacy of millions of global citizens, the terms of service of just about every major social media platform and hacked other companies for their data.” – Robert Potter
According to the ABC, more specifically Australian billionaires like Mike Cannon-Brookes and Scott Farquhar were implicated, as well as high-profile business people like David Gonski and Jennifer Westacott.
656 Australians were classified as “special interest” within the database, which included Supreme Court Judge Anthony Cavanough, former ambassador to China, Geoff Raby, former foreign minister Bob Car, and Navy Admiral and former Lockheed Martin CEO, Raydon Gates.
Zhenhua Data is a major supplier of technology to the Chinese Communist Party.
The database contains information like dates of birth, addresses, marital status, as well as political beliefs, information on relatives and even photographs and social media accounts. The leak was shared with major publications in the US, Canada, Germany, Italy, Australia and the U.K..
According to a report from The ABC, “it collates Twitter, Facebook, LinkedIn, Instagram and even TikTok accounts, as well as news stories, criminal records and corporate misdemeanours.”
One intelligence analyst has told the ABC that the database represents something along the lines of “Cambridge Analytica on steroids,” suggesting that much more sensitive information could be on the database.
For more information on an Information Security Management System like ISO 27001, Click Here for your Free Gap Analysis Checklist.
A huge portion of the information listed on the database can be obtained by ‘scraping’ social media profiles, however, the ABC is writing that “some profiles have information which appears to have been sourced from confidential bank records, job applicants and psychological profiles.”
The database was leaked to Professor Chris Balding, who has told the ABC that “China is absolutely building out a massive surveillance state both domestically and internationally.”
“They’re using a wide variety of tools – this one is taken primarily from public sources, there is non-public data in here, but it is taken primary from public sources,” he added.
“I think it speaks to the broader threat of what China is doing and how they are surveilling, monitoring and seeking to influence not just their own citizens, but citizens around the world.”
Professor Balding was given information about the database after publishing a series of articles that were critical of Chinese technology company, Huawei. He has said that he worked hard to keep the identity of the individual who leaked the documents a secret.
“We’ve worked very hard to make sure that there are no links between me and that person, once I realised what had been given to me,” Balding said.
“They are still in China… but hopefully, I think they will be safe,” he said.
Professor Balding took the database to a Canberra-based cyber security specialist, Internet 2.0. Robert Potter, CEO of Internet 2.0 has said that “this mass collection of data is taking place in China’s private sector, in the same way Beijing outsources its cyber attack capability to private subcontractors.”
“In the process, the company has violated the privacy of millions of global citizens, the terms of service of just about every major social media platform and hacked other companies for their data.”
Clive Hamilton of Charles Sturt University has told The ABC that “the company boasts that it has 20 information collection centres spread around the world… This suggests that there’s almost certainly one in Australia. That means somewhere in Australia, there is a Chinese state-owned company that is sucking up data from across Australia and feeding it into China’s intelligence service.”
Hamilton continued to explain that “it really is quite sinister in the way that China is targeting so many aspects of society in a country like Australia for sucking up and storing this intelligence, and using artificial intelligence in a exceptionally sophisticated way.”