22 September 2020

Chinese database details 2.4 million influential people, their kids, addresses, and how to press their buttons

Simon Sharwood

A US academic has revealed the existence of 2.4-million-person database he says was compiled by a Chinese company known to supply intelligence, military, and security agencies. The researcher alleges the purpose of the database is enabling influence operations to be conducted against prominent and influential people outside China.

The academic is Chris Balding, an associate professor at the Fulbright University Vietnam.

And he says the company is company is named "Shenzhen Zhenhua".

Security researcher Robert Potter and Balding co-authored a paper [PDF] claiming the trove is known as the “Overseas Key Information Database” (OKIDB) and that while most of it could have been scraped from social media or other publicly-accessible sources, 10 to 20 per cent of it appears not to have come from any public source of information. The co-authors do not rule out hacking as the source of that data, but also say they can find no evidence of such activity.

“A fundamental purpose appears to be information warfare,” the pair stated.

Balding wrote on his blog that the database contains the following:

The information specifically targets influential individuals and institutions across a variety of industries. From politics to organized crime or technology and academia just to name a few, the database flows from sectors the Chinese state and linked enterprises are known to target.

The breadth of data is also staggering. It compiles information on everyone from key public individuals to low level individuals in an institution to better monitor and understand how to exert influence when needed.

The database includes details of politicians, diplomats, activists, academics, media figures, entrepreneurs, military officers and government employees. Subjects’ close relatives are also listed, along with contact details and affiliations with political and other organisations.

In the paper, the pair said all that data allows Chinese analysts “to track key influencers and how news and opinion moves through social media platforms.”

“The data collected about individuals and institutions and the overlaid analytic tools from social media platforms provide China enormous benefit in opinion formation, targeting, and messaging.”

It gets worse: “From the assembled data, it is also possible for China even in individualized meetings be able to craft messaging or target the individuals they deem necessary to target.”

Balding said the database is “technically complex using very advanced language, targeting, and classification tools.”

But it was also hard to investigate, as parts were reportedly corrupt.

Balding therefore shared the data trove with Potter - of Australian security firm Internet 2.0 - to help make it accessible. The results were shared with select, non-Reg media outlets.

The Register has sought comment from Balding and Internet 2.0 but had not received a reply at the time of writing.

In their written output, Balding and Potter suggest that the open source intelligence used to create much of the database is a breach of many local laws as users of social networks do not expect or consent to the data they share being compiled into dossiers. Others have ranked news of the database'e existence alongside infamous data collection incidents such as the Cambridge Analytica scandal.

The academic thinks the database is worrying because “Chinese intelligence, military, and security agencies use the open information environment we in open liberal democracies take for granted to target individuals and institutions.”

In a second post Balding said the database matters because “what cannot be underestimated is the breadth and depth of the Chinese surveillance state and its extension around the world.

“The world is only at the beginning stages of understand how much China invests in intelligence and influence operations using the type of raw data we have to understand their targets.”

Analysis

Your humble hack and every other Register journalist is listed in various databases compiled using a combination of the stories we write on this site, our social media output, records of telephone conversations, and observed behaviour at real world events. Those databases are used to attempt to influence what we write. When the data is held by a public relations firm, it is proprietary. When it is collected by media database companies, they sell access to the data as-a-service.

Some of our production and back office team are listed in databases based on the likelihood they will sign off on purchases of myriad goods and services The Register needs to operate. The Register’s owners are listed in databases based on publicly available financial data and subsequently targeted with products and services that someone thinks are suitable for business owners.

A lot of these databases produce not much more than poorly targeted sales pitches or, for the editorial team, near-daily press releases about new Bitcoin startups that will overturn the global financial system by next Tuesday.

Happily none of those startups, PR firms, database companies or vendors possess a world-spanning security and intelligence apparatus or attempt to influence foreign nations.

Which is why this database is important, because it shows that China has a well-organised effort to give its influence operations the information they need to be efficient. Or ruthless.China does. And China uses them to conduct operations ranging from protesting against media coverage of its affairs, attempting to influence university curricula, suborning elected representatives and more. With a list that details targets’ relatives, who knows what other tactics a determined foe could employ to have someone influential dance to their tune?

Having said that, it would be more of a surprise if China did not have such a database and ignored the chance to compile it using the data so many of us carelessly scatter across the internet each day, or which is published in the public interest.

“Open liberal democracies must consider how best to deal with the very real threats presented by Chinese monitoring of foreign individuals and institutions outside established legal limits,” Balding wrote, before suggesting: “Increased data protections and privacy limits should be considered.”

“The threat of surveillance and monitoring of foreign individuals by an authoritarian China is very real,” he concluded. “Open liberal democratic states can no longer pretend these threats do not exist. Today’s database is compiled primarily from open sources, other databases China holds present much greater risks to Chinese and foreign citizens."

No comments: