Personal data of over 1 billion Chinese citizens stolen and sold for a pittance

A hacker (or group of hackers) claims to have obtained the history collected by the Chinese Communist Party , detailing the small violations and illegalities committed by over 1 billion Chinese citizens.

Systematically collected over the years to prove with hard data the fairness and loyalty of every citizen, the data centralized in a huge database details small and large offenses for many of China’s population since 1995.

Contrary to expectations, the owner of this “treasure” is content with relatively little, a sign that he does not understand the importance and value of the database that accumulates more than 23TB of information that directly concerns the personal lives of Chinese citizens. Or perhaps, in Chinese society, the collection of this information has become so commonplace that no one realises how important it really is.

According to details taken from The Wall Street Journal, hackers have already demonstrated the authenticity of the information they hold by publishing a sample of it, detailing in great detail the personal lives of every citizen of the Chinese state. The records catalogued using key identifying data such as full name, phone number and unique code extracted from a national ID card detail the equivalent of a criminal record. Intended to describe each citizen’s good conduct in relation to the rules laid down by the Chinese Communist Party, the archive lists all kinds of misconduct from 1995 to the present.

Most likely, the data was centralized in support of the Social Credit system, used to separate “good citizens” from those who defy, in whatever way, the rules laid down by the CPP. Particularly important at the individual and family level, the Social Credit system decides all sorts of benefits, from granting train or plane tickets for out-of-town travel to admitting or rejecting one’s own children from higher education institutions.

One can only surmise to what extent the publication of such important data would affect the lives of ordinary Chinese, once their “conduct” as good citizens appears along with their ID and phone number. A first danger would be the large-scale exploitation of personal data for activities such as sending unsolicited messages, to impersonation of identity to commit fraud and other illegalities.

What we can say with sufficient certainty is that the information was extracted from a police database, with some suspicion of the involvement of Aliyun, a cloud solutions provider for the giant Alibaba. Thus, the database would have been made available to Alibaba to determine the level of trust in customers, determining their eligibility for risky services, such as credit when purchasing goods.

Given the very small amount demanded as a reward (just 10 Bitcoin), there are some question marks over the true interests behind the incident billed as the largest security breach in Chinese history.