Recent research by SpyCloud has unveiled alarming evidence of government insiders in China participating in the data broker market, highlighting potential security risks associated with state surveillance. The findings are based on a notable leak earlier this year involving communications from I-Soon, a contractor for both the Ministry of Public Security and the Ministry of State Security. In one of the leaked exchanges, an employee discussed selling “qb,” which SpyCloud interprets as “qíngbào,” meaning intelligence. This suggests a troubling commoditization of sensitive information by individuals within government agencies.
In examining the motivations behind such actions, SpyCloud researchers point to the average annual salary in China, which hovers around $30,000 even for state-owned IT companies. The prospect of earning nearly a third of this amount daily through the sale of access to surveillance data presents a significant allure, particularly for those with the opportunity and means to exploit it. According to the analysts, this is not a matter of orchestrated fraud, but rather individuals keen to make extra income on the side by leveraging the access available to them through their official positions.
The phenomenon of insiders monetizing their access to surveillance data aligns with China’s ongoing struggle against corruption, noted Dakota Cary, a researcher specializing in China policy and cybersecurity. His review of the SpyCloud findings indicates that corruption permeates various sectors of the Chinese government, including security and military, as evidenced by Transparency International’s ranking of China 76th out of 180 countries in its Corruption Index. The current political climate fosters a culture where exploitation of governmental resources for personal gain is not only plausible but expected.
SpyCloud’s investigation involved searching for personal information on various high-ranking officials within the Chinese Communist Party, members of the People’s Liberation Army, and individuals identified in U.S. indictments related to state-sponsored cyber activities. The results revealed a trove of personal data, including phone numbers, email addresses, bank card details, and hashed passwords, many of which could have been obtained through data breaches.
While some data brokers claim to limit their searches to exclude information on celebrities and government officials, the researchers discovered that workarounds typically exist. SpyCloud analyst Kyla Cardona highlighted that alternative services are always available to facilitate these searches, indicating a deeply entrenched market for such conduct.
The implications of these findings suggest a significant breach of cybersecurity protocols and ethics within governmental agencies. The vast reservoirs of centralized citizen data, initially intended for state use, may not only fall into private hands but can also empower those who monitor the monitors. Such scenarios raise critical concerns about operational security and the integrity of surveillance systems.
As Cardona described, this duality creates a precarious environment: “It’s a double-edged sword. This data is collected for them and by them. But it can also be used against them.” The implications of this situation must be considered within the framework of the MITRE ATT&CK Matrix, where tactics such as initial access and privilege escalation could be relevant to the vulnerabilities that allow such insider threats to flourish.
In essence, the exploitation of surveillance data highlights a broader issue of trust and security within China’s governmental structure, warning stakeholders globally about the potential ramifications of insider threats in data management and cybersecurity protocols. As businesses continue to grapple with similar concerns, the lessons from this incident underscore the importance of robust safeguarding measures against insider threats.
