A naukri.com initiative
Wired
1M
136
Image Credit: Wired
China’s Surveillance State Is Selling Citizen Data as a Side Hustle
- Chinese cyber-security firm SpyCloud is showcasing its finding of a thriving black market for accessing the personal data of Chinese citizens, much of which is obtained through insiders of Chinese surveillance agencies selling access no Western-style verification or guarantee. The data collections on sale for just a few dollars can include phone numbers, banking details, travel, location data and a raft of other personal information. Some of the insider sources are paid more than $1,400 per day to 'sell QB', shorthand for qíngbó or intelligence; some brokers reportedly refused to interact with Western researchers.
- Chinese-language data vendors, all members of Telegram network, including those calling themselves Social Engineering Libraries (SGKS) and Happy Household Information Exchange Platform, use a points system allowing individuals to query databases based on information such as phone numbers and email addresses. Premium searches on individuals and companies can reveal passport details and geolocation data. Vendors typically accept Taiwan cryptocurrency Tether – some accept payment from Alipay or WePay.
- I Soon, a cyber-espionage contractor to the Chinese Ministry of Public Security and Ministry of State Security, leaked communications and files earlier this year, including a conversation in which one employee noted that he was on the site to 'sell qb'. US indictments of alleged hackers have been mined for information.
- According to SpyCloud analysts, some brokers avoid providing access to celebrities or government officials, but consumers are easily able to find a different service providing access for a fee.
- China has a massive surveillance apparatus, but with low economic and social status, many insiders have access to significant amounts of personal information and search it out for sale on criminal marketplaces.
- The leaked communications and documents throw up larger issues of cyber-security breaches and potential misuse in a country whose efforts at transparency are still ranked 76th in Transparency International's Corruption Index.
- SpyCloud used the brokers to try to obtain information on Chinese Communist Party officials and Chinese hackers previously accused by the US government. The researchers obtained credit card details, hashed passwords and several other forms of private data.
- China's big three state-owned telecommunications firms – China Mobile, China Telecom and China Unicom – are named as sources of some of the information. None of the brokers or telcos have responded to requests for comment.
- The data brokers offer training in 'mixing' and other withdrawal methods, according to SpyCloud. Insiders are paid in virtual currency, which remains largely untraceable.
- It has been suggested that such data could even be used against its original creators, the Chinese intelligence agencies and law enforcement services.
Read Full Article
8 Likes
For uninterrupted reading, download the app