In what could be the biggest hack in history, a hacker has claimed to have stolen 23 terabytes of data including the personal information of 1 billion Chinese citizens that were collected by the Shanghai National Police. The China data leak raises questions about Beijing’s mass surveillance of its citizens which could potentially impact the broader technology industry.
The apparent theft has laid bare personal data of Chinese citizens such as their name, address, birthplace, national ID number, mobile number and all crime and case details. The hacker is seeking to sell the trove of data for 10 bitcoins (~$200,000).
Forensic and security experts have often shed light on the staggering scale of China’s mass surveillance project, and the data leak just reflects the risks attached to securely managing such a large amount of data. Although China has banned the word ‘data leak’ on Weibo and denied any breach, the country’s cabinet on Thursday emphasized scaling cybersecurity measures.
The threat of China data leak
The Chinese government has been keeping close track of its citizens through smart city projects and the social credit system. The country has continually been upgrading its technology systems to form a nationwide surveillance architecture. China is also a leader in artificial intelligence big data which the US claims is used for political repression.
Reports indicate that China is using video surveillance and facial recognition technologies to identify people. The surveillance also allegedly includes social media accounts, e-commerce data, medical history and even hotel records. A Brookings report said that China has undertaken a massive project of data fusion to make sense of all this data, which the local authorities call ‘visualization’ and ‘police informatization’.
Beijing’s surveillance of Uyghur Muslims in the Xinjiang region has made headlines in the past, along with the strict measures the government took to silence any dissent. China is using an application known as the Integrated Joint Operation Platform (IJOP) to store data on Uyghurs and others.
IJOP includes data such as physical traits, height, weight, and even behavioural characteristics. The solution is said to have been developed by state-owned defence contractor China Electronics Technology Group Corporation (CETC), but a hack of another technology firm SenseNets revealed similar data in its system.
SenseNets is a Chinese firm that works with the country’s police on the mass surveillance of citizens by providing facial recognition and crowd analysis technology. Separately, US-based diagnostics and laboratory products maker Thermo Fisher had sold its equipment for gene mapping to Chinese authorities. This was then used to trace DNA samples of Uyghurs, said a patent filing. The company has since stopped exporting technology to China.
Chinese technology firms in the past have chalked up deals with foreign countries to provide surveillance systems, naming it a smart city package. Major technology companies such as Alibaba, Tencent, Huawei, ByteDance, ZTE, Hikvision, SenseTime, Megvii, Dahua Technology and several others have allegedly helped the Chinese government in various capacities to spread its surveillance web.
For a long time, Beijing has pushed for mass surveillance under the guise of national security. However, the China data leak incident could undermine this stance, while also putting additional pressure on the tech sector which is reeling under regulatory crackdowns.