Archived

It’s no secret that President Xi Jinping’s government uses technology companies to help maintain the nation’s massive surveillance apparatus.

But in addition to forcing businesses operating in China to stockpile and hand over info about their users for censorship and state-snooping purposes, a black market for individuals’ sensitive data is also booming. Corporate and government insiders have access to this harvested private info, and the financial incentives to sell the data to fraudsters and crooks to exploit.

“The data is being collected by rich and powerful people that control technology companies and work in the government, but it can also be used against them in all of these scams and fraud and other low-level crimes,” [SpyCloud infosec researcher Aurora] Johnson says.

To get their hands on the personal info, Chinese data brokers often recruit shady insiders with wanted ads seeking “friends” working in government, and promise daily income of 20,000 to 70,000 yuan ($2,700 and $9,700) in exchange for harvested information. This data is then used to pull off scams, fraud, and suchlike.

Some of these data brokers also claim to have “signed formal contracts” with the big three Chinese telecom companies: China Mobile, China Unicom, and China Telecom. The brokers’ marketing materials tout they are able to legally obtain and sell details of people’s internet habits via the Chinese telcos’ deep packet inspection systems, which monitor as well as manage and store network traffic. (The West has also seen this kind of thing.)

Crucially, this level of surveillance by the telcos gives their employees access to users’ browsing data and other info, which workers can then swipe and then resell themselves through various brokers.

“There is a huge ecosystem of Chinese breached and leaked data, and I don’t know that a lot of Western cybersecurity researchers are looking at this,” Johnson continued. “It poses privacy risks to all Chinese people across all groups. And then it also gives us Western cybersecurity researchers a really interesting source to track some of these actors that have been targeting critical infrastructure.”