The Zhenhua Data leak that exposed the personal details of millions around the world

Ultimately, the unethical accumulation of data will not end until security laws are passed to protect personal privacy.

Chinese company Zhenhua Data – a data-scraping company with ties to the Chinese Communist Party – has been accumulating a vast database of detailed personal information on at least 2.4 million people, titled the Overseas Key Information Database (OKIDB).

The data was released by an anonymous source at the Shenzhen-based company earlier this month and it’s feared that it is being or could be used by China’s intelligence service, the Ministry of State Security.

The list is vast, encompassing state and federal politicians, military officers, diplomats, academics, engineers, journalists, lawyers, accountants and so on.

Colin Tukuitonga, Associate Pacific Dean at the University of Auckland, says it even identifies the relatives of several politicians who don’t appear on the list.

Included in the 250,000 records retrieved are 52,000 Americans, 35,000 Australians, 10,000 Indians, 9,700 Brits, 5,000 Canadians, 2,100 Indonesians, 1,400 Malaysians and 138 Papua New Guineans.

While the data dump is a mere drop in the bucket of the intelligence data that’s been collected throughout the world, some have raised concerns about the use of the company’s data accumulation.

How was the data acquired?

A substantial portion of the intelligence was “scraped" from open-source material. However, some profiles display information that was seemingly sourced from confidential bank records, job applications and psychological profiles.

Gold Coast Bulletin says researchers found that up to 20% of the data was not from an open source, pointing to the possibility that it may have been procured through hacking or via the Dark Web.

The data dump further suggests the use of artificial intelligence to sift through data and create complex profiles of individuals, going so far as to label some on the list “politically exposed” or “identified targets.”

Precisely why the company has chosen these labels is still unknown, but there doesn’t appear to be a rhyme or reason as to how – or why – the list was compiled.

Zhenhua Data says that it provides “services for military, security and foreign propaganda" and describes itself as wanting to take part in the “great rejuvenation of the Chinese nation."

Zhenhua Data’s chief executive, Wang Xuefeng, a former IBM employee, has even spoken openly of his support for “hybrid warfare” and “psychological warfare” to influence public opinion.

In response to an inquiry from The Guardian, a representative of Zhenhua said, “The report is seriously untrue.”

The representative, who identified herself as the head of business for the company, stated, “Our data are all public data on the internet. We do not collect data. This is just a data integration. Our business model and partners are our trade secrets. There is no database of 2 million people.”

Although data gathering is not concerning in itself, Zhenhua’s connection to the Chinese government makes it difficult for critics to rule out the possibility of foul play.

“This mass collection of data is taking place in China’s private sector, in the same way Beijing outsources its cyber attack capability to private subcontractors," Internet 2.0’s chief executive Robert Potter told the Australian Broadcasting Corporation (ABC).

Why is the data now public?

Earlier this month, American Professor Chris Balding allegedly obtained the database from an inside source and promptly passed along the information to Canberra cybersecurity company Internet 2.0, which was able to restore 10% of the 2.4 million records.

In a personal statement regarding the data, Balding said, “The individual who provided the Shenzhen Zhenhua database by putting themselves at risk to get this data out has done an enormous service and is proof that many inside China are concerned about CCP authoritarianism and surveillance.”

“China is absolutely building out a massive surveillance state both domestically and internationally," Balding told the ABC.

“I think it speaks to the broader threat of what China is doing and how they are surveilling, monitoring and seeking to influence … not just their own citizens, but citizens around the world."

Yet, while Balding and many critics are running for the hills, some say that this data is akin to the extensive databases possessed by Google and Facebook.

Liang Haoyu, the big data director at GTCOM, a company previously listed as a partner of Zhenhua, said that “90% of military-grade intelligence data can be obtained from open data analysis.”

Still, while the company’s actions may not be illegal, Facebook has opted to ban Shenzhen Zhenhua Data Technology from its platform.

A Facebook spokesperson told ThePrint, “Scraping public data, as this company appears to have done to a number of services including Facebook, is against our policies. Even public data shouldn’t be collected in this way. We have banned Zhenhua Data Technology from our platform and sent a cease-and-desist letter … ordering them to stop.”

Ultimately, the unethical accumulation of data will not end until security laws are passed to protect personal privacy. Until then, countries cannot condemn Zhenhua’s actions when many are living in the same “glass house.”

Have a tip or story? Get in touch with our reporters at tips@themilsource.com