Security warning following the sale of stolen Chinese data


After a hacker offered to sell stolen data from one billion Chinese citizens, President Xi Jinping urged public bodies to “defend information security.”

Security warning following the sale of stolen Chinese data

The data was stolen from Shanghai National Police, according to an advertisement on a criminal forum that was later removed.

The data includes names, addresses, National ID numbers, and mobile phone numbers.

Cyber-security experts have confirmed that at least some of the data provided is genuine.

The 23 terabytes of data were being offered for $200,000 (£166,000) until the post was taken down on Friday.

No Chinese officials have responded to the news, and President Xi has made no mention of the data sale.

However, the South China Morning Post reports that the president has directed Chinese government agencies to “defend information security… to protect personal information, privacy, and confidential corporate information” in order to ensure that people feel secure when submitting data for public services.

The moderators of the website where the sale was listed – by a user named ChinaDan – posted a notice on Friday that read: “Welcome to our forum, Chinese users. You’ve most likely arrived here as a result of the Shanghai police database leak. The data is no longer being sold, and posts about it have been removed.”

The website administrators then stated that they have many other similar and high quality Chinese databases for sale, adding, “We are not in China and we are not Chinese, so we do not have to obey Chinese laws.”

According to DarkTracer, which monitors cyber criminal activity, another hacker, possibly inspired by the publicity surrounding ChinaDan’s offer, posted an advertisement on Tuesday for 90 million Chinese citizen records, which the hacker claims to have stolen from Henan National Police (HNGA). None of that information has been verified.

“It’s unclear why the data was withdrawn,” Toby Lewis, global head of threat analysis at Darktrace, said.

The hacker intended to sell the Chinese security data to several buyers.

“One theory is that exclusivity could have been purchased for a high enough price, and that such a purchase could possibly have been made by the Chinese state itself.”

Mr Lewis believes the leaked information was a major concern for Chinese authorities, who reportedly blocked discussions about the sale on Chinese social media shortly after it was advertised.

Deb Leary, CEO of Forensic Pathways, believes the data was sold to a high bidder as well, but adds, “It’s interesting, and not surprising, that the hacker forum used the incident to promote themselves as a go-to place for stolen data.”

“They don’t appear to be concerned about upsetting Chinese authorities.”

In April, the FBI led an international police operation that seized and shut down a popular hacking website called Raid Forums.

The site’s Portuguese creator and a British man from Croydon were both arrested.

Hackers can use large data sets like the Chinese cache to send impersonation emails and other malicious attacks to trick people into handing over money to criminals.

However, because the data has vanished, it may never be verified.

Another possibility is that the data and ChinaDan were discovered to be fake by the website administrators.

However, Louise Ferrett, Threat Analyst at Searchlight Security, believes the data is legitimate.

“There are signs that the data for sale was legitimate.” “First and foremost, some security teams have reported the source of the data as human error on the part of a government developer,” she explained.

“Secondly, multiple sources have confirmed that the sample data provided by the seller, known as ChinaDan, was genuine.”

“This doesn’t necessarily mean the entire database was real, but these two elements combined make it more likely,” Mrs Ferrett explained.

Download The FreeDom News app For Iphone and Android – Share the Apps with Friends and Family.