The personal details of more than 100 Australian citizens – including a former federal MP – are among those uncovered by a hacker in a massive leak of data stolen from Chinese police authorities.
Most important points:
- The hacker tries to sell the personal information for 10 bitcoins (about $300,000)
- Leaked police reports shed light on the treatment of Uyghurs and other minorities
- The data sets are believed to span more than 20 years
Last week, a hacker claimed on an online forum that they had stolen 1 billion records, mostly from Chinese citizens, in an ongoing bid to sell the information for 10 bitcoins, or nearly $300,000.
The reports provide a rare insight into how authorities are cracking down on political dissidents and the persecution of minorities in China, including Uyghurs and Falun Gong practitioners.
That hacker placed three sample data sets online, good for 750,000 individual records.
The ABC called 20 individuals in China identified in the leak to confirm the authenticity of the police reports.
Cybersecurity experts and other media also verified some data from the 23 terabyte database.
However, the total size of the files and the data breach have not been confirmed by the tight-lipped Chinese authorities.
In a Shanghai police file with 250,000 records, the ABC found personal details of a former Australian federal member of parliament, who had called police to report a theft from the trunk of a car in 2004.
The ABC has contacted the person, but has not received a response.
Dozens of Australian citizens were also identifiable in that dataset, along with their passport details, home addresses, birthdays and police reports.
More than half of Australian records related to failure to register with local police within 24 hours of their arrival in China, a requirement of China’s Exit and Entry Act, which came into effect in 2013.
The records span more than 20 years from 1995 to 2019.
The Chinese Cyberspace Administration, the Australian Department of Foreign Affairs and Trade, the Australian Federal Police and the Australian Cyber Security Center have all been approached for comment.
All mentions of the leak were censored on popular Chinese social media platforms Weibo and WeChat.
Weibo — the Chinese equivalent of Twitter — has banned the Chinese keywords “Shanghai database” and “data breach” since last week, but posts questioning the authenticity of the database that avoided those keywords remain online.
‘There is data, so there is money’
Robert Potter — the co-founder of cybersecurity company Internet 2.0 — told the ABC that he reviewed the datasets and that they appeared authentic because the records resemble other Chinese government data systems he has evaluated in the past.
“Given the scale of the dataset, it would be difficult to make large-scale changes,” said Mr Potter.
He said the leaked information came from an Alibaba cloud server.
Since 2019, the Shanghai Public Security Bureau has kept its database on an Alibaba cloud service.
The ABC has contacted Alibaba for comment.
Mr Potter suggested that Australians who found their name on the list should be given new passports.
Loading
Lennon Chang, a cybersecurity and cybercrime specialist at Monash University, said the amount of data leaked by the hacker was “unprecedented”.
“This is a huge database, including all the personal information and the criminal records that have been kept [by the police]said Dr. Chang.
By posting some of the data online, Dr. Chang, the hacker showed that the dataset is accurate to attract more potential buyers.
“He’s not just trying to sell to one person,” said Dr. Chang, adding that many people searched for the sample data and tried to play with it.
“There is data, so there is money.”
Police data reveal investigation into minority groups
The leak reveals a series of police investigations into human rights activists and people from religious minorities, including Muslim Uyghurs and Falun Gong practitioners.
China has reportedly detained more than a million people of Muslim ethnic groups, including Uyghurs and Kazakhs, in re-education centers the state calls vocational training centers.
Falun Gong, a controversial spiritual movement, has been banned in China since 1999, and practitioners around the world claim their fellow members were imprisoned and silenced in a subsequent crackdown.
In one case, the ABC spoke to a woman in China identified in the leak, who confirmed she had reported a Falun Gong practitioner to local law enforcement.
Others were approached by police for political comment, including “humiliating” the national leader and posting anti-Chinese Communist Party (CCP) comments on foreign websites.
Unverified reports in the police file showed that two people were visited by the Shanghai police for posting “inappropriate comments”, criticizing President Xi Jinping and the CCP on Twitter via a Virtual Private Network (VPN) in 2018 and 2019 .
In one of the police reports, which the ABC has not been able to independently verify, a Uyghur police officer called the local police for help because a hotel in Shanghai did not allow him to check in.
The report said it was due to his Uyghur background, which Chinese authorities say is often linked to terrorism or a security threat.
In another incident, Shanghai police inspected a hotel room where a Uyghur guest was staying in 2018 and wrote in the report that the risk of terrorism had been ruled out.
Data breach comes as Xi Jinping makes historic third bid for president
While the identity of the hacker remains unknown, the incident once again exposes the challenge China faces when it comes to data vulnerability.
China passed a new personal information protection law last November, tightening rules around data collection, use and storage as Beijing stepped up its monitoring and data collection during the pandemic.
dr. Chang said hacking, or leaking private information of citizens, would be considered a violation of the law.
“It’s actually good timing to allow us to see if the data protection law is in action with the Chinese government,” he said.
dr. Chang said another possible intention of the data breach could be to disrupt or influence Mr Xi’s bid for a third term as party leader.
“What I’m more interested in is the timing of this data leakage,” said Dr. chang.
The CCP will hold its annual meeting in a few months and it is widely expected that Mr Xi’s term will be extended for a third term.
It is a pivotal moment for the political stability of the country as Mr Xi’s opponents are expected to challenge his power, even as many of them have been suppressed as his anti-corruption campaign has intensified.
#Australians #exposed #Chinas #massive #data #breach #including #federal