A massive leak of surveillance data held by China’s government has exposed Australian travellers to identity theft. The leak includes the names, birth dates and passport numbers of Australians in what is a massive leak of surveillance data.
Robert Potter, CEO and founder of online security firm Internet 2.0, told The Australian that travellers’ passports details were among the many categories of data that leaked from what he called a hastily built server.
There is no information about where the data is stored within China, but it relates to activity in the Shanghai region.
“It is essentially an open server that was found and studied extensively by ourselves and a bunch of journalists around public security bureau data that was being held in a cloud environment in China,” Mr Potter said.
Mr Potter said the system looked like a new attempt to merge lots of different sorts of data together. “The data within it is pretty vast and very diverse,” he said.
He said the data included information from camera feeds, tracking using facial recognition, vehicle number plates, feeds of immigration and case files of counter-terrorism officials.
He said there were records about minority Uighurs and some of the data related to people as young as 5-years-old.
“It also contains informant information from people who have contacted the police in China, to inform on other people – that data was also spilt as a component of this server.
“The Chinese government, having built its security apparatus very quickly, has left a number of sections of it fundamentally insecure. As a result they have a very large digital exhaust of private data that they‘ve spilt onto the public internet.”
Mr Potter said the data wasn’t a complete feed from any one of its sources; it looked more like partial feeds from each source and an attempt to normalise them.
The data about foreigners that spilt onto the internet included the entry and exit details from Shanghai, either through the airport or a port. “That information contains their names, date of birth and passport numbers,” Mr Potter said.
Asked whether this represented an opportunity for identity theft of Australians, Mr Potter said: “It absolutely does. So just about every person who‘s on this system would require a new passport.”
Asked whether all the data is related to entry and exiting through Shanghai, Mr Potter said the data was fundamentally from around the province, but he expected there would be similar systems in other provinces in China.
He said the data exposed the extensive tracking of Uighurs taking place within China. “When a Uighur checks into a hotel in Shanghai, it (the server) pulls up their records including court records and potential previous arrests.
“It pulls up where they originally from as part of personal identity in China … there’s even a section that is just purely tagged for Uighurs known to authorities. So there‘s a huge amount of collection (of data) just on the ethnic identity level.”
He said the records included details of interviews of Uighurs by PSD officials in China during their time in Shanghai. He said the case files showed details of who had met with inspectors.
He said it was not his private company’s role to contact Australians whose details were in the cache but he imagined the Australian government would. He said those who examined the data didn’t have intentions to retain it.
“I would suspect that the people who had their identity documents leaked would obviously have something to be concerned about. But I believe the government would likely be in touch with them at some point in the next few weeks to get a new passport.
“The Chinese surveillance state, when you‘re in China, is something we should all be aware of. They have ambitions to control large amounts of data on individuals.”
Internet 2.0 has also released a report quantifying the data it has been sifting through. The report says the system feeds contained more than 1.1 million records and include a company intelligence collection.
“Those subject to technical surveillance and investigation within this system were overwhelmingly ethnic minorities and disproportionately Uighur.”
The data includes ‘blacklist records’ of people branded as terrorists and they are overwhelmingly Uighur. The Uighurs comprise 93.26 per cent of ’blacklist records’, followed by Han (3.35 per cent), Hui (1.97 per cent), Kazakh (0.49 per cent) and Tibetan (0.17 per cent).
Of the several thousand immigration data records, 161 related to Australian travellers.
There are more than 6000 records about people with bad behaviour on public transport. There are 269 records about foreign investment among the company record collection.
The report says that China has developed a watchlist for any company or employee with possible access to material that could be used for the illegal manufacture of explosives or drugs.
Published in The Australian newspaper.