"The personal details of millions of people around the world have been swept up in a database compiled by a Chinese tech company with reported links to the country’s military and intelligence networks, according to a trove of leaked data" theguardian.com/world/2020/sep…
Data includes "dates of birth, addresses, marital status, along with photographs, political associations, relatives", data scraped from social media and "information which appears to have been sourced from confidential bank records, job applications".
abc.net.au/news/2020-09-1…
Zhenhua Data looks like the Chinese version of US firms such as Babel Street, which sold its social media monitoring and data analytics products "to nearly every major defense, national-security or law-enforcement agency" in the US.

babelstreet.com
"The database is constructed around numerous existing databases or platforms and harvested into one large database with multiple points of overlap. Significant amounts of data comes from the Dow Jones owned database Factiva"

Summary of findings on SSRN:
papers.ssrn.com/sol3/papers.cf…
"Large amounts of the data was open source data ... 10-20% of the data was not publicly or easily available".

It includes "public sector employee records", "from known politicians to political aides to low level military personnel", as well as data on "organized crime figures".
Zhenhua Data "builds a 'relational database', which records and describes associations between individuals, institutions, and information ... weaving in public or sentiment analysis around these targets, Zhenhua offers 'threat intelligence services'."
Basically, like a combination of social media intel, cybersec/threat intelligence and data aggregation from public records and databases such as World Check, plus perhaps from some other data brokers, in combination with some Palantir-style network analysis capabilities.
"When a Globe and Mail reporter visited [the company's office in Shenzhen], three people sat at desks in what appeared to be a converted studio apartment, with the door open to the bathroom".

Thereafter, the "company’s website became inaccessible".
theglobeandmail.com/world/article-…
"The company, led by a former IBM data centre management expert, has also described its work online in job postings, LinkedIn records, blog articles and software patents. One employee described work 'mining the business needs of military customers for overseas data'."
"Stephanie Carvin, a former national security analyst who viewed the database on behalf of The Globe and Mail ... said it wasn’t clear whether this was a database used by Chinese intelligence – or just a database created by a company hoping to sell it to Chinese intelligence"
Zhenhua Data seems to be a tiny company. However, it is "believed to be owned by China Zhenhua Electronics Group which in turn is owned by state-owned China Electronic Information Industry Group (CETC), a military research company", according to ABC: abc.net.au/news/2020-09-1…
Oh, @Jeremy_Kirk writes "this data was sitting on an unsecured elasticsearch cluster for ages. Hundreds of gigabytes. For anyone to download. Including me in January"
Some more interesting facts in his blog post:
databreachtoday.com/blogs/does-thi…

(I totally disagree with his assessment of gathering and combining publicly accessible personal information as generally not a problem)
❌ "This is nothing new"
❌ "Chinese surveillance omg, we'd never do this"
❌ "Nothing to see here, just China bashing, we're doing the same in the US"

✅ Scrutinize the intersection of govt+commercial surveillance both in China/US, put it into the context of key developments...
(and, of course, not only in the US and Five Eyes countries, but also in the EU and in other regions)

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Wolfie Christl

Wolfie Christl Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @WolfieChristl

15 Sep
Android apps from dating to fertility to selfie editors share personal data with the Chinese company Jiguang via its SDK that is embedded in the apps, including GPS locations, immutable device identifiers and info on all apps installed on a phone.

Report: blog.appcensus.io/2020/09/15/rep…
Jiguang, also known as Aurora Mobile, claims to be present in >1 million apps and >26 billion mobile devices. Which seems wildly exaggerated.
jiguang.cn/en/

Anyway, researchers found Jiguang's SDK in about 400 apps, some of them with hundreds of millions of installs.
According to the paper, Jiguang’s SDK is "particularly concerning because this code can run silently in the background without the consumer ever using the app in which it is embedded". Also, the SDK uses several methods to "obfuscate and hide" its "behavior and network activity".
Read 17 tweets
2 Sep
"A threat intelligence firm called HYAS …is buying location data harvested from ordinary apps installed on peoples' phones around the world …and claims to be able to track people to their 'doorstep'."

Systemic misuse of data from apps and 'advertising': vice.com/en_us/article/…
"HYAS' location data comes from X-Mode, a company that started with an app named 'Drunk Mode,' designed to prevent college students from making drunk phone calls and has since pivoted to selling user data from a wide swath of apps"
According to an X-Mode spokesperson quoted by Vice, they 'obfuscate any user IDs' and they 'aggregate devices using generalization' when they sell location data gathered from apps. Whatever this means.
Read 7 tweets
1 Sep
Amazon is hiring 'intelligence analysts', who should work
on 'sensitive topics that are highly confidential, including labor organizing threats against the company' and spy on 'organized labor, activist groups, hostile political leaders'.

Via @jfslowik / amazon.jobs/en/jobs/102606…
Amazon's list of enemies, to be targeted by their corporate intelligence agency:

'hate groups, policy initiatives, geopolitical issues, terrorism, law enforcement, and organized labor'

...plus 'activist groups' and 'hostile political leaders'.
Here's another Amazon job listing with a similar description:
amazon.jobs/en/jobs/121361…

In both cases, 'preferred qualifications' include:

'Previous experience in Intelligence analysis and or watch officer skill set in the intelligence community, the military, law enforcement...'
Read 10 tweets
25 Aug
For more than a year, 1200+ apps installed on hundreds of millions of iPhones and iPads contained malicious software operated by a shady adtech/data company that spied on users in order to steal ad revenue from competitors, according to security firm Snyk:
snyk.io/blog/sourmint-…
App vendors integrated this software/SDK by Mintegral, a Chinese adtech firm owned by Mobvista, another adtech firm, to earn money through ads.

Many iOS apps are affected, from dating to games, also very popular ones like Helix Jump, Subway Surfers and PicsArt. And their users.
For more than a year, 1200 app vendors: 🙈🙉🙊

Mediation platforms including Twitter's MoPub, who helped embedding Mintegral 🙈🙉🙊

Apple: "no evidence that users have been harmed" 🙈🙉🙊

Industry associations: fighting against any regulation 🙈🙉🙊

forbes.com/sites/johnkoet…
Read 7 tweets
28 Jul
When the data industry is talking about sharing 'anonymized' profile data:

They do indeed not share email addresses, for example. But they share hashed versions of it, and they all use THE SAME hash function, and can thus still monitor and act on people across the digital world.
Calling this kind of personal data sharing 'anonymized' is corporate misinformation. A whole industry has been built on this lie.

Many still don't understand that.

Also, the question of whether or not you can reverse the hash is irrelevant, if everyone uses the same function.
Of course, hashed IDs can also be based on phone numbers or other data.

There are more complex versions of this, e.g. hashing the hashes, using temporary IDs and later match it to persistent ones, linking/matching chains of identifiers, using salted hashes for sub-purposes etc.
Read 20 tweets
23 Jul
Remember the debate about eBay port scanning visitors?

Turns out this was about ThreatMetrix, a fraud/identity analytics firm. The CIA was an early investor. Now owned by a massive data broker. FB and thousands of other companies are sending data to them. blog.nem.ec/2020/05/24/eba…
ThreatMetrix is owned by LexisNexis Risk Solutions / RELX.

Together, they claim to have data on hundreds of millions of people including names, addresses, phone numbers, email addresses, insurance records, criminal records and data on 4.5 billion devices.
relx.com/~/media/Files/…
I wrote about LexisNexis in 2016 (crackedlabs.org/dl/Christl_Spi…), about ThreatMetrix in 2017 (crackedlabs.org/dl/CrackedLabs…).

Many companies are harvesting data for marketing and advertising. Data collection for risk/fraud/identity stuff is even more pervasive, secretive and unaccountable.
Read 20 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!