A Chinese company that has links to the country's military (People's Liberation Army) and intelligence agencies has been collecting personal information of millions of people around the world as per a data leak. Of 2.4 million people's data, most are from the U.S., Australia, India and the U.K. The data trove is of high-profile leaders including President, Prime Minister, cabinet ministers, military chiefs and also of low-key individuals.
The company in question, Zhenhua Data Information Technology which is based in Shenzhen, China has been gathering the data from public open-source databases such as social media platforms. But it has also managed to get hands on bank records, job applications and even psychological profiles and criminal records.
China's Hybrid Warfare
The data trove, dubbed as Overseas Key Information Data Base (OKIDB) is of a complex nature. According to American professor Christopher Balding, to whom the data was leaked by someone linked to the company, the data cache includes name, date of birth, address, photographs, news stories, marital status, political affiliation, relatives and corporate misdemeanors of key individuals in politics, business and public service. Balding shared the data cache with Robert Potter, founder of Australia-based cybersecurity company Internet 2.0.
Some of the data Zhenhua has gathered from the dark web from previous breaches. On its website, it claimed to have records of more than 2.4 million individuals, 650 thousand organizations. The data dump includes information of roughly 52,000 Americans, 35,000 Australians, over 10,000 Britons and Indians.
While the data gathered from the public domain seems harmless, the company's Chief Executive Wang Xuefeng, who is a former IBM employee, has previously endorsed the idea of hybrid and psychological warfare through manipulating public view on WeChat, a Chinese social media and messaging app. An Australian intelligence officer said that the data is like a mosaic and if it is arranged properly, it could give insights.
Apart from that, Zhenhua's customers include the Chinese government, military and intelligence network, indicating the supply of the data. The intelligence community could comb through the data and create elaborate profiles of potential individuals to exploit their weaknesses. According to Balding, the database is "technically complex using very advanced language, targeting, and classification tools".
"The information specifically targets influential individuals and institutions across a variety of industries. From politics to organized crime or technology and academia just to name a few, the database flows from sectors the Chinese state and linked enterprises are known to target," Balding wrote on his blog.
'Cambridge Analytica on Steroids'
The data cache is similar to what infamous Cambridge Analytica, a British political consulting firm, gathered through Facebook between 2013 and 2016. One intelligence analyst told ABC that Zhenhua's database was "Cambridge Analytica on steroids" as it contained personal information of millions of individuals.
In the U.S., information on Navy vessels like USS Dwight Eisenhower and Nimitz carriers was gathered with ID numbers, associated social media posts and websites. Apart from that, the database also cataloged information on naval officers including John Richardson, former chief of naval operations and Thomas Modly, former Secretary of the Navy. Information about their service records, training and generic psychological profiles were also collated, as revealed by Washington Post. Even data related to their family members was also present in the OKIDB.
"Open source doesn't necessarily mean people want it to be public. The reason Cambridge Analytica was scandalous wasn't because they were accessing information on people's private messages on Facebook. It was because they were misusing the permissions that were given by users to those platforms," said Potter.
However, a Zhenhua representative denied that the company has a database of two million people. The person with the surname Sun, who identified herself as the head of business, said that the company had just integrated data that was available on the public domain and did not collect it.
"The report is seriously untrue. Our data are all public data on the internet. We do not collect data. This is just data integration. Our business model and partners are our trade secrets. There is no database of 2 million people," she told Guardian, adding that the company had no links to the Chinese government or military, rather it dealt with research organizations and business groups.
The data trove, however, isn't of any intelligence use as per an expert who reviewed it. The data cache contains raw information without any human analysis that could be beneficial for intelligence. "There might be gold in there, but this is not something that's useful enough for military or intelligence targeting," one of the cybersecurity contractors for the U.S. government said.
However, the data collected from social media platforms without consent is also illegal. Facebook spokesperson Liz Bourgeois said that "scrapping public data is against our policies" and thus the tech giant has banned Zhenhua and had sent a cease-and-desist letter.