Original link: https://www.williamlong.info/archives/6853.html
An anonymous hacker or group of hackers is selling the trove of data it has stolen from Chinese citizens, some of which have been verified as genuine. If confirmed, it would be one of the largest personal data breaches ever.
According to a post on a popular cybercrime forum last Thursday, the hacker advertised the data for sale, according to which the data cache allegedly includes billions of records containing data about 1 billion Chinese nationals. data. The post, which began circulating on social media over the weekend, priced the leaked data at 10 bitcoins (about $200,000).
Cybersecurity experts say the attack claimed by the hackers is astounding not only because of its alleged scale (if true, it would be one of the largest on record, but also the largest ever experienced by China) scale of known hacking attacks), but also because of the sensitivity of the information contained in this government database.
The hackers released a data sample they said included 750,000 records, including names, ID numbers, phone numbers, birthdates and places of birth, and detailed police information. Among them, there are cases of petty theft, Internet fraud, etc., as well as domestic violence police records. The earliest cases can be traced back to 1995, and the latest is 2019.
While the scope of the data breach remains unconfirmed, reporters verified the veracity of some of the information by calling at the numbers listed in the leaked records. Five people confirmed all the leaked data, including details of reports that are difficult to obtain from sources other than the police. Four others hung up after confirming that basic information such as names was true.
One woman, stunned by the accuracy of the leaked information, asked if the information about her came from her stolen iPhone, which she had reported in 2016.
Another man, Wei, sighed after hearing that his personal information had been leaked, saying everyone was running naked — a popular Chinese slang term for a lack of privacy. According to the case records released by the hackers, Wei was tricked into joining an investment plan by an online liar, and was defrauded of RMB 30,000.
Still, cybersecurity experts remain cautious and don’t fully believe all the hackers’ claims.
Australia-based cybersecurity consultant Troy Hunt said the sheer size of the database, which would cover most of China’s 1.4 billion people, raised some doubts, as did the anonymous nature of the users who posted them.
Hunt said that while most hackers were financially motivated, the act of asking for large sums of money also increased the likelihood that these claims would be exaggerated or false.
Several of the phone numbers the reporter tried to call were either invalid or no longer in use. In China, it is not uncommon for mobile phone users to change their numbers every few years.
Shanghai police and propaganda departments, as well as China’s internet regulator, did not respond to requests for comment.
On the forums where the aforementioned database was publicly sold, hackers or hacker groups claimed that the target of the attack was Alibaba Group Holding Limited (Alibaba Group Holding Limited, 9988.HK, BABA, referred to as Alibaba), a cloud computing subsidiary of Alibaba Group Holding Ltd. Cloud (Aliyun), they say the database of the Shanghai police is hosted on the Alibaba Cloud platform.
Alibaba said it was aware of the incident and was investigating.
Changpeng Zhao, CEO of cryptocurrency exchange Binance, tweeted on Monday that the company had detected the aforementioned hack and had stepped up verification of potentially affected users. Binance did not respond to a request for comment.
In recent years, the global data breach problem has been quite serious. According to cybersecurity firm Risk Based Security, there will be 4,145 publicly disclosed breaches in 2021, with a total of more than 22 billion records compromised.
However, a data breach of this magnitude would be especially sensitive in China. China’s black market data brokers once sold personal information on a rampage. In the past few years, the Chinese government has stepped up its efforts to protect personal information, passing the Personal Information Protection Law in 2021, in part because the level of data breaches has become unbearable and people are complaining. .
However, these actions have specifically targeted businesses, leaving broad leeway for governments to collect information for national security concerns.
Cybersecurity experts say such a breach could have lasting and unpredictable consequences for affected individuals.
“Trying to remove your information from the Internet is like trying to remove urine from a swimming pool,” Hunt said. “The information just goes into a melting pot of exposed data sets, and you don’t know where each piece of information comes from.”
Hunt also said the leak underscores how little China’s vast internet filtering system can do to prevent citizens’ data from being hacked and posted online for access.
“Despite China’s best efforts, the internet really has no borders,” he said.
Source: The Wall Street Journal, by Karen Hao, Rachel Liang
This article is reprinted from: https://www.williamlong.info/archives/6853.html
This site is for inclusion only, and the copyright belongs to the original author.