After a hacker offered to sell stolen data from one billion Chinese individuals, Chinese President Xi Jinping encouraged state bodies to “protect information security.” The data was taken from Shanghai National Police, according to an advertisement on a criminal forum that was later removed.
According to the hacker, the data contains names, residences, National ID numbers, and mobile phone numbers. Cyber-security specialists have confirmed that at least some of the data provided is genuine.
The 23 terabytes of data are believed to be the greatest ever data sale on record, and were being offered for $200,000 until the post was withdrawn on Friday.
No Chinese officials have replied to the disclosure, and President Xi has made no mention of the data transaction. However, the South China Morning Post reports that the president has directed Chinese government agencies to “defend information security… to protect personal information, privacy, and confidential corporate information” in order to ensure that people feel secure when submitting data for public services.
The admins of the website where the sale was listed – by a user named ChinaDan – wrote a note on Friday that read: “Welcome to our forum, Chinese users. You’ve most certainly arrived here as a result of the Shanghai police database leak. The data is no longer being sold, and posts about it have been removed.”
The website administrators then added that they have many other similar and high quality Chinese databases for sale, adding: “We are not in China and we are not Chinese, so we do not have to obey Chinese laws.”
According to DarkTracer, which monitors cyber criminal activity, another hacker posted an advertisement on Tuesday for 90 million Chinese citizen records, which the hacker claims to have stolen from Henan National Police (HNGA). None of that information has been independently confirmed.
“It remains unclear exactly why the data has been withdrawn,” Toby Lewis, global head of threat analysis at Darktrace said.
“The original offer of sale suggests that the hacker was looking to sell the data to several buyers without exclusivity, rather than just one. So one theory is that for a high enough price exclusivity could have been bought, and that kind of purchase could possibly have been made by the Chinese state itself.”
Lewis believes the stolen information was a key issue for Chinese authorities, who apparently restricted comments about the sale on Chinese social media shortly after it was advertised.
Deb Leary, CEO of Forensic Pathways, believes the data was sold to a high bidder as well, but adds, “It’s interesting, and not surprising, that the hacker forum leveraged the incident to market themselves as a go-to site for stolen data.”
“They don’t seem to be worried about angering the Chinese authorities.”
In April, the FBI conducted a multinational police operation that seized and shut down a famous hacking website called Raid Forums. The site’s Portuguese creator and a British man from Croydon were both detained.
Hackers can use large data sets like the Chinese cache to send impersonation emails and other harmful attempts to deceive users into turning over money to criminals.
However, because the data has vanished, it may never be verified.
Another possibility is that the data and ChinaDan were revealed to be fraudulent by the website admins.
However, Louise Ferrett, Threat Analyst at Searchlight Security, believes the material is legitimate.
“There are indications that the data on sale was legitimate. Firstly, the source of the data has been reported by some security teams as human error on the part of a government developer,” she said.
(Adapted from BBC.com)