The Official Chinese 🇨🇳 Espionage & Cold War Thread
88m3
Fast Money & Foreign Objects
ADevilYouKhow
Rhyme Reason
ADevilYouKhow
Rhyme Reason
thoughts on this caper @re’up
ADevilYouKhow
Rhyme Reason
ADevilYouKhow
Rhyme Reason
ADevilYouKhow
Rhyme Reason
ADevilYouKhow
Rhyme Reason
Will souring China-Australia relations force a rethink on trade? Will souring China-Australia relations force a rethink on trade?
afr.com
China's social media warfare database lists key Australians
10-13 minutes
Exclusive
Sep 14, 2020 – 4.55am
Key Points
- The Overseas Key Individuals Database ascribes a numerical ranking to each person.
- The database covers more than 2.4 million people globally including 35,000 Australians.
- It was compiled by Shenzhen firm Zhenhua Data, which lists the Communist Party among its main clients.
- Zhenhua also claims to offer propaganda weapons such as social media disinformation.
- Zhenhua says the aim is to transfer conflict on social media into the "real environment".
The leaked database, revealed by The Australian Financial Review, was compiled by Shenzhen firm Zhenhua Data, which lists the People's Liberation Army and Communist Party among its main clients.
The company talks of waging "hybrid warfare" and manipulating reality via social media and views its mission as using big data for the "great rejuvenation of the Chinese nation".
The Australian segment of the list is heavy with high profile figures from politics, law and the military, but also includes lesser known technology entrepreneurs, academics, business people and religious leaders. Those with criminal records or sanctioned by the corporate regulator also appear.
The emergence of the leaked database will add further tension to already strained relations between Beijing and Canberra, after China forced two Australian journalists to flee last week over fears they may be detained.
Dr Samantha Hoffman, an analyst at the Australian Strategic Policy Institute, said the database showed the power of open source intelligence collection and she noted Zhenhua referred to its activities as "information mobilisation".
"This company is involved in data collection to support China's party state and undermine Australian security," she said.
Known as the Overseas Key Individuals Database (OKIDB) it ascribes a numerical ranking to each person and is viewed by the intelligence community as a tool for China's security agencies to target and better understand influential figures within a country.
Zhenhua refers to its broader set of databases as the Internet Big Data Military Intelligence System. The power of such open source data collection is demonstrated by Zhenhua's partners saying; "Ninety percent of military-grade intelligence data can be obtained from open data analysis."
Beijing's key strategic interests around cutting edge technology, natural resources and its military modernisation are evident in the highest ranked Australians on the list.
Zhenhua's website was taken down after questions were put to the company.
These include David Mah, the co-founder of big data and AI start-up, Kepler Analytics. "I do hear lots of stuff from the front lines of technology," he told the Financial Review, noting he was also heavily involved with the Melbourne Accelerator Program.
Other technology entrepreneurs include Gov van Ek, the co-founder of block chain energy trading platform Power Ledger and Atlassian billionaires Mike Cannon-Brookes and Scott Farquhar.
The database notes Mr Cannon-Brookes has four children, his various residences in and around Sydney and that the parents of his wife, Anne, live in Kalamazoo, Michigan.
Brandon Munro, chief executive of uranium developer Bannerman Resources, is also on the list potentially for his role at the World Nuclear Association, where he helps forecast uranium demand out to 2040.
"Given the geopolitical importance of uranium supply and the scale of Bannerman’s Etango project [in Namibia], I am not surprised to be of interest to various governments," he said.
Etango is one of the world’s largest undeveloped uranium projects and located in Namibia where all current uranium production is controlled by Chinese nuclear power utilities.
Space is a major target for China
More traditional collection targets include Raydon Gates, the former commander of the Royal Australian Navy who previously headed Lockheed Martin in Australia, which developed the F35 Joint Strike Fighter. Pamela Melroy, a former space shuttle commander who now works with Australia's nascent space industry is also listed.
"Space has always been a major collection target for China," said Ms Melroy, who previously headed the space division at the Advanced Research Projects Agency which sits under the US Department of Defence.
Business figures like David Gonski and Jennifer Westacott also make the list, along with media boss Hugh Marks.
The database catalogues major Australian political figures stretching as far back as former Liberal leader Andrew Peacock to current Prime Minister Scott Morrison, while documenting an extensive list of family connections and what is described as "relationship mapping".
Andrew Hastie, chairman of the powerful Parliamentary Joint Standing Committee on Intelligence and Security, is listed along with his wife Ruth, his five-year-old son, Jonathan, and father Peter.
The children of former Treasurer Peter Costello and opposition leader Anthony Albanese are also listed.
"The Chinese party-state intends to use bulk data collection to support its efforts to shape, manage and control its global operating environment, and to generate cooperative and coercive tools of control," said Dr Hoffman.
Zhenhua Data did not respond to emailed questions about its work for the PLA, Communist Party or China's security services.
A person at its head office in Shenzhen, who declined to give her name, said "these questions touch upon our trade secrets".
"It's not convenient to disclose," she said.
Zhenhua's website was taken down after questions were put to the company. The website claimed the database went live in December 2018 after 15 months of development.
Robert Potter, from cyber security company Internet 2.0 which contracts to the Australian and US governments, said the database showed Beijing's strong collection capability, linked to an ambition to drive surveillance beyond it own borders.
"To collect so broadly, with detail, on a global scale, shows China’s technology sector has a significantly greater capability than almost any other country," he said.
Mr Potter's firm reconstructed the database and gave access to the Financial Review, London's The Daily Telegraph, The Indian Express, The Washington Post, Italy's Il Foglio and The Globe and Mail in Canada.
'Anything can be turned into reality'
The database covers more than 2.4 million people globally. The consortium has access to the records of 51,000 Americans, 35,000 Australians, 10,000 Indians, a similar number of British nationals and 5,000 Canadians.
In addition to profiling people Zhenhua claims the database can be used for "public opinion intervention" or the amplification of extreme social media voices to sow discord or spread disinformation.
"Anything can be turned into reality through social media," the company's website states.
While its website openly references links to the Chinese government, job advertisements posted on LinkedIn go a step further.
A job posted by Zhenhua's Wang Donxin talks about "hiring a sales person in the Military industry" who would have to "manage sales into the Military and the Party".
Another person who worked at Zhenhua described their work as "mining the business needs of military customers for overseas data".
A further posting talked of leading a "four person team" to develop a "military deployment simulation demonstration system" for social media.
The company website detailed its use of the database for its so-called social media "numbering project", which appears to have been activated in December last year.
Zhenhua describes the manipulation of social media as 'hybrid warfare' and says it is 'less expensive than traditional warfare'.
This database is overlaid with scrapings from social media platforms including Twitter, Facebook, LinkedIn and Crunchbase.
It claims to offer "public opinion intervention", akin to Russian troll farms which have successfully manipulated public opinion through social media.
An article on Zhenhua's website lays out the company's thinking on how these propaganda weapons can be deployed abroad.
"Social media can manipulate reality and weaken a country’s administrative, social, military, or economic forces," the company says. It says this may lead to "internal conflicts, social polarisation, and radicalism in a country".
Zhenhua describes this as "hybrid warfare" and says it is "less expensive than traditional warfare".
The use of social media to shape and manipulate public opinion is usually associated with Russia and its well-publicised campaign to discredit Hillary Clinton during the 2016 US Presidential election.
But in recent months there has been growing concerns about these same tactics being used against Australia, possibly by actors in China.
QUT researcher, Dr Timothy Graham said Australia had entered "this battlefield" during last summer's bushfires.
He found a "suspiciously high number of bot-like and troll-like accounts” pushing out disinformation and attributing the fires to arson, rather than climate change and the prolonged drought.
He said this campaign was aimed at fostering "distrust in scientific expertise, scepticism of the media and rejection of liberal democratic authority”.
While he said there was no hard evidence to attribute this activity to China, the Department of Foreign Affairs and Trade was concerned enough about the spreading of disinformation to establish a new taskforce.
The Foreign Minister Marise Payne labelled it an "infodemic" and said such disinformation could cost lives during the COVID-19 pandemic .
"The disinformation we have seen contributes to a climate of fear and division when, at a time like this, what we need is cooperation and understanding,” she said.
On its website Zhenhua says the aim is to transfer conflict on social media into the "real environment".
It says this will then lead to "conflict between the state and society or between different groups of society."
Zhenhua hints at its desire to foster conflict overseas in job descriptions seeking copywriters with "good writing skills and creative ideas", while it says "priority is given to the basic ability of retouching pictures".
It described its main function as providing services for the "military, security and foreign propaganda".
telegraph.co.uk
The Zhenhua files: Who is on the Chinese database?
By Tony Diver and Robert Mendikk, Chief Reporter 13 September 2020 • 8:00pm
9-11 minutes
Royals
The Zhenhua files contain a family tree of British royals, with profiles of the Queen, Prince Charles, the Dukes of Cambridge and Sussex, the Duchess of Cornwall and Princess Diana.
Also listed is Prince Michael, the Queen's cousin, who has led a delegation of British businessmen on a trade mission to China, and Peter Phillips, the monarch's grandson. Mr Phillips was criticised earlier this year when he appeared in a Chinese television advert for a state-owned milk company.
The database's entry for Prince Charles contains a brief description of his interests, including his work as a writer, polo player, entrepreneur, painter, helicopter pilot and children's writer. The Prince of Wales qualified as a helicopter pilot in 1974, after which he flew in the 845 Naval Air Squadron. He served in both the Royal Air Force and the Royal Navy.
Charles is thought to be a China sceptic, and skipped a state banquet with President Xi Jinping during his visit to London in 2015.
Princess Anne, the Queen's daughter, is listed in the Zhenhua files as an "event rider". The Princess Royal has three European Championship medals for eventing, and won BBC Sports Personality of the Year in 1971. She was also the first member of the Royal Family to compete in the Olympic Games. Mark Phillips, her ex-husband, has a profile in the database.
Prince Andrew is mentioned, but the only information listed about him is his relationship to other royals.
Politicians
Dozens of British politicians have profiles in the Zhenhua database, which collates their tweets, comments in newspapers and CVs.
Boris Johnson, the Prime Minister, has a profile alongside most of his Cabinet. Brandon Lewis, the Northern Ireland Secretary, is mentioned several times. Darius Guppy, Mr Johnson's university friend – who once asked him for the address of a journalist with the intention of intimidating him – is listed as a close associate.
Bob Seely and Tom Tugendhat, the chairman of Parliament's Foreign Affairs Committee, are mentioned. Both have been critical of China and campaigned to have Huawei removed from the UK's 5G network, citing security concerns about the involvement of Beijing officials with the company's leadership. Mr Tugendhat's wife, Anissa Morel, has a small profile in the files with "relative or close associate" status.
Rod Starmer, the father of the Labour leader, Sir Keir Starmer, has a profile, suggesting he has gained "key overseas individual" status. Mr Starmer is a retired toolmaker with no public profile.
The children of Tony Blair, John Prescott, Menzies Campbell, Amber Rudd, Dominic Grieve, Ed Vaizey and Chris Philp are also in the database. The wives of Johnny Mercer and David Lidington and the ex-husband of Anne-Marie Treveyan are listed.
Jennifer Mordaunt, the mother of former defence secretary Penny Mordaunt, is named. Mrs Mordaunt is also a relative of Philip Snowdon, the first Labour Chancellor of the Exchequer.
The files contain a partial family tree of Sir Winston Churchill, including his grandson, the former MP Sir Nicholas Soames, his granddaughter Arabella Soames and great-granddaughter Flora.
At least two current or former members of the BBC Trust appear in the database, alongside senior members of the judiciary and their families.
Military
Zhenhua Data advertises its database as a resource for military and security clients engaged in foreign propaganda and names a number of high-ranking officers in the UK armed forces along with their CVs.
General Sir Nick Carter, the Chief of the Defence Staff, is listed alongside his place of birth, educational record, honours and social media profiles. The files contain the education and service records of General Richard Dannatt, the former head of the British Army.
Sir George Zambellas, a former First Sea Lord, is listed along with General Sir Richard Barrons, an influential former head of the UK's Joint Forces Command, a bridging unit between the UK's three armed services.
Most of those listed are current or retired senior Naval officers. Some senior officers' profiles include details of warships they have commanded or tours of duty they have completed.
Francis Pym, who served as Foreign Secretary under Margaret Thatcher during the Falklands War, is named. Mr Pym, who was sacked after he criticised the Prime Minister, was a member of the House of Lords until his death in 2008.
The Zhenhua database contains information about British and US warships, including tweets that name the location of the ships when docked in ports. A Five Eyes intelligence source suggested the purpose of the tweets was to use open-source data to track the ships on their routes around the world.
The files also contain information on British diplomats worldwide and their families, including Dominick Chilcott, the British Ambassador to Turkey.
While UK officers appear many times in the files, a far larger portion of the Zhenhua database is dedicated to the tracking of senior military figures in the United States, defence think tank workers in Washington DC and US Navy warships.
The database also includes businesspeople and policymakers who have been publicly named as former naval intelligence officers in the United States.
Academics
The Zhenhua database contains thousands of mentions of British universities, including Oxford, Cambridge, Imperial College London, UCL and Durham.
Most of the "hits" for UK institutions come from the biographies of leading scientists, businesspeople and technology experts. It is thought the biographies have been "scraped" from publicly-available sources on the internet, such as LinkedIn and other professional databases, before being curated for the needs of Chinese intelligence agencies.
Zhenhua Data appears to have used "bots" to save information about hundreds of academic conferences, policy papers and seminars, and holds lists of speakers and attendees and their research. But few historians, linguists or philosophers are named, suggesting a particular Chinese intelligence interest in science and technology academics. Many of the experts named in the files work in Artificial Intelligence, software development and computing.
Academics who research infectious diseases, microbiology and immunology are also named, alongside their professional and academic records, while another apparent area of interest for Chinese intelligence officers is the study of warfare in Western countries. The database contains a biography of Dr David Betz, a leading war studies professor at King's College London.
One of the database's indices, which tracks the social media posts of specific users, contains thousands of tweets from the official accounts of UK universities. Another, which lists prominent think tanks in the UK and US, names academics and researchers working for defence organisations in Britain.
The International Institute for Strategic Studies, the Henry Jackson Society and the Royal United Services Institute – all of which have dedicated significant resources to analysing the rise of China in the defence sphere – appear in the files hundreds of times.
The Institute For Fiscal Studies, an influential Westminster think tank, and the Centre for Policy Studies, a right-wing policy forum established by Margaret Thatcher in 1974, are also named.
Business
The database leaked from Zhenhua's servers contains thousands of profiles of British businesspeople scraped from corporate databases around the world.
There is professional information about employees and former employees of some of the UK's largest companies, including Tesco, KPMG, BP, GlaxoSmithKline, Barclays, British American Tobacco, British Gas, AstraZeneca and Unilever.
The database lists more than 200 people with professional connections to HSBC, which controversially declared support for the new security laws in Hong Kong enacted by the Chinese government earlier this year.
Roger Carr, the chairman of BAE Systems, Britain's largest manufacturer and supplier of military hardware and arms, is listed in the database alongside his full CV. The text of his biography matches his description on the BAE website, suggesting the information has been scraped from his official profile and added to the Zhenhua database.
Two employees of Babcock International, another UK defence company, have profiles on Zhenhua's servers, along with at least two senior employees at Rolls Royce.
The property tyc00n and Tory donor Richard Desmond is listed in the files as a businessman.
Another index within the database contains a slew of newspaper reports about the effect of Brexit on UK companies. The reports are thought to have been downloaded from online news archives, filtered and stored on Chinese servers. The database also lists a number of consultants who advertise their ability to help British businesses operating in China to navigate the Brexit process and the negotiation of free trade agreements.
But despite its strategic importance to the Chinese government, there is little information in the database about employees of Huawei, the telecoms company banned from Britain's 5G networks by the UK Government.
The files name several Huawei staff living in the US, China and Israel, including Andy Purdy, the company's chief security officer in the United States. Mr Purdy has defended it against claims that it is not independent from the Chinese Communist Party.
The Zhenhua files: Who is on the Chinese database?
By Tony Diver and Robert Mendikk, Chief Reporter 13 September 2020 • 8:00pm
9-11 minutes
Royals
The Zhenhua files contain a family tree of British royals, with profiles of the Queen, Prince Charles, the Dukes of Cambridge and Sussex, the Duchess of Cornwall and Princess Diana.
Also listed is Prince Michael, the Queen's cousin, who has led a delegation of British businessmen on a trade mission to China, and Peter Phillips, the monarch's grandson. Mr Phillips was criticised earlier this year when he appeared in a Chinese television advert for a state-owned milk company.
The database's entry for Prince Charles contains a brief description of his interests, including his work as a writer, polo player, entrepreneur, painter, helicopter pilot and children's writer. The Prince of Wales qualified as a helicopter pilot in 1974, after which he flew in the 845 Naval Air Squadron. He served in both the Royal Air Force and the Royal Navy.
Charles is thought to be a China sceptic, and skipped a state banquet with President Xi Jinping during his visit to London in 2015.
Princess Anne, the Queen's daughter, is listed in the Zhenhua files as an "event rider". The Princess Royal has three European Championship medals for eventing, and won BBC Sports Personality of the Year in 1971. She was also the first member of the Royal Family to compete in the Olympic Games. Mark Phillips, her ex-husband, has a profile in the database.
Prince Andrew is mentioned, but the only information listed about him is his relationship to other royals.
Politicians
Dozens of British politicians have profiles in the Zhenhua database, which collates their tweets, comments in newspapers and CVs.
Boris Johnson, the Prime Minister, has a profile alongside most of his Cabinet. Brandon Lewis, the Northern Ireland Secretary, is mentioned several times. Darius Guppy, Mr Johnson's university friend – who once asked him for the address of a journalist with the intention of intimidating him – is listed as a close associate.
Bob Seely and Tom Tugendhat, the chairman of Parliament's Foreign Affairs Committee, are mentioned. Both have been critical of China and campaigned to have Huawei removed from the UK's 5G network, citing security concerns about the involvement of Beijing officials with the company's leadership. Mr Tugendhat's wife, Anissa Morel, has a small profile in the files with "relative or close associate" status.
Rod Starmer, the father of the Labour leader, Sir Keir Starmer, has a profile, suggesting he has gained "key overseas individual" status. Mr Starmer is a retired toolmaker with no public profile.
The children of Tony Blair, John Prescott, Menzies Campbell, Amber Rudd, Dominic Grieve, Ed Vaizey and Chris Philp are also in the database. The wives of Johnny Mercer and David Lidington and the ex-husband of Anne-Marie Treveyan are listed.
Jennifer Mordaunt, the mother of former defence secretary Penny Mordaunt, is named. Mrs Mordaunt is also a relative of Philip Snowdon, the first Labour Chancellor of the Exchequer.
The files contain a partial family tree of Sir Winston Churchill, including his grandson, the former MP Sir Nicholas Soames, his granddaughter Arabella Soames and great-granddaughter Flora.
At least two current or former members of the BBC Trust appear in the database, alongside senior members of the judiciary and their families.
Military
Zhenhua Data advertises its database as a resource for military and security clients engaged in foreign propaganda and names a number of high-ranking officers in the UK armed forces along with their CVs.
General Sir Nick Carter, the Chief of the Defence Staff, is listed alongside his place of birth, educational record, honours and social media profiles. The files contain the education and service records of General Richard Dannatt, the former head of the British Army.
Sir George Zambellas, a former First Sea Lord, is listed along with General Sir Richard Barrons, an influential former head of the UK's Joint Forces Command, a bridging unit between the UK's three armed services.
Most of those listed are current or retired senior Naval officers. Some senior officers' profiles include details of warships they have commanded or tours of duty they have completed.
Francis Pym, who served as Foreign Secretary under Margaret Thatcher during the Falklands War, is named. Mr Pym, who was sacked after he criticised the Prime Minister, was a member of the House of Lords until his death in 2008.
The Zhenhua database contains information about British and US warships, including tweets that name the location of the ships when docked in ports. A Five Eyes intelligence source suggested the purpose of the tweets was to use open-source data to track the ships on their routes around the world.
The files also contain information on British diplomats worldwide and their families, including Dominick Chilcott, the British Ambassador to Turkey.
While UK officers appear many times in the files, a far larger portion of the Zhenhua database is dedicated to the tracking of senior military figures in the United States, defence think tank workers in Washington DC and US Navy warships.
The database also includes businesspeople and policymakers who have been publicly named as former naval intelligence officers in the United States.
Academics
The Zhenhua database contains thousands of mentions of British universities, including Oxford, Cambridge, Imperial College London, UCL and Durham.
Most of the "hits" for UK institutions come from the biographies of leading scientists, businesspeople and technology experts. It is thought the biographies have been "scraped" from publicly-available sources on the internet, such as LinkedIn and other professional databases, before being curated for the needs of Chinese intelligence agencies.
Zhenhua Data appears to have used "bots" to save information about hundreds of academic conferences, policy papers and seminars, and holds lists of speakers and attendees and their research. But few historians, linguists or philosophers are named, suggesting a particular Chinese intelligence interest in science and technology academics. Many of the experts named in the files work in Artificial Intelligence, software development and computing.
Academics who research infectious diseases, microbiology and immunology are also named, alongside their professional and academic records, while another apparent area of interest for Chinese intelligence officers is the study of warfare in Western countries. The database contains a biography of Dr David Betz, a leading war studies professor at King's College London.
One of the database's indices, which tracks the social media posts of specific users, contains thousands of tweets from the official accounts of UK universities. Another, which lists prominent think tanks in the UK and US, names academics and researchers working for defence organisations in Britain.
The International Institute for Strategic Studies, the Henry Jackson Society and the Royal United Services Institute – all of which have dedicated significant resources to analysing the rise of China in the defence sphere – appear in the files hundreds of times.
The Institute For Fiscal Studies, an influential Westminster think tank, and the Centre for Policy Studies, a right-wing policy forum established by Margaret Thatcher in 1974, are also named.
Business
The database leaked from Zhenhua's servers contains thousands of profiles of British businesspeople scraped from corporate databases around the world.
There is professional information about employees and former employees of some of the UK's largest companies, including Tesco, KPMG, BP, GlaxoSmithKline, Barclays, British American Tobacco, British Gas, AstraZeneca and Unilever.
The database lists more than 200 people with professional connections to HSBC, which controversially declared support for the new security laws in Hong Kong enacted by the Chinese government earlier this year.
Roger Carr, the chairman of BAE Systems, Britain's largest manufacturer and supplier of military hardware and arms, is listed in the database alongside his full CV. The text of his biography matches his description on the BAE website, suggesting the information has been scraped from his official profile and added to the Zhenhua database.
Two employees of Babcock International, another UK defence company, have profiles on Zhenhua's servers, along with at least two senior employees at Rolls Royce.
The property tyc00n and Tory donor Richard Desmond is listed in the files as a businessman.
Another index within the database contains a slew of newspaper reports about the effect of Brexit on UK companies. The reports are thought to have been downloaded from online news archives, filtered and stored on Chinese servers. The database also lists a number of consultants who advertise their ability to help British businesses operating in China to navigate the Brexit process and the negotiation of free trade agreements.
But despite its strategic importance to the Chinese government, there is little information in the database about employees of Huawei, the telecoms company banned from Britain's 5G networks by the UK Government.
The files name several Huawei staff living in the US, China and Israel, including Andy Purdy, the company's chief security officer in the United States. Mr Purdy has defended it against claims that it is not independent from the Chinese Communist Party.
washingtonpost.com
Chinese firm harvests social media posts, data of prominent Americans and military
By Gerry ShihcloseGerry ShihChina correspondentEmailEmailBioBioFollowFollow
11-14 minutes
The cache, called the Overseas Key Information Database, or OKIDB, purports to offer insights into foreign political, military and business figures, details about countries’ infrastructure and military deployments, and public opinion analysis. The database contains information on more than 2 million people, including at least 50,000 Americans and tens of thousands of people who hold prominent public positions, according to Zhenhua’s marketing documents and a review of a portion of the database.
Although there is no evidence showing that the OKIDB software is currently being used by the Chinese government, Zhenhua’s marketing and recruiting documents characterize the company as a patriotic firm, with the military as its primary target customer.
U.S. experts who have reviewed the database offer conflicting assessments of its value. Swaths of the database appear to be raw information copied wholesale from U.S. providers such as Factiva, LexisNexis and LinkedIn and contain little human analysis or finished intelligence products. Much of the social media trove appears to be scraped from public accounts accessible to anyone.
“There might be gold in there, but this is not something that’s useful enough for military or intelligence targeting,” said one cybersecurity contractor for the U.S. government who has reviewed the data and spoke on the condition of anonymity to avoid being publicly associated with a sensitive cache. Zhenhua’s claims, the contractor said, are “totally aspirational.”
But the database, combined with Zhenhua’s digital trail — marketing materials, patents and employees’ résumés — provides a small window into the firm’s ambitions, if not actual capabilities, to glean insights by aggregating and analyzing publicly available, or open-source, data. The potential power of big data has been a long-standing concern for privacy advocates and governments alike, and its use is not exclusive to China. Large-scale open-source collection is undertaken by U.S. government agencies and American companies — the source of much of Zhenhua’s data.
Robert Potter, founder of the Australia-based Internet 2.0 cybersecurity company, and Christopher Balding, an independent researcher, provided an incomplete copy of the underlying database that feeds into the OKIDB software to several news organizations, including The Washington Post. Potter and Balding said they downloaded and reconstructed about 10 percent of the full database, which is estimated to be about 1 terabyte of text. (Potter worked for The Post as a cybersecurity consultant in 2019.)
“Open liberal democracies must consider how best to deal with the very real threats presented by Chinese monitoring of foreign individuals and institutions outside established legal limits,” Balding said.
Zhenhua declined requests for comment. An employee at the company said speaking to reporters would reveal trade secrets. China’s Ministry of Defense did not respond to faxed questions seeking comment.
Researchers and current and former U.S. officials say OKIDB appears consistent with a years-long push by the Chinese government to expand the country’s ability to harvest vast amounts of data for strategic purposes, even if that data is not immediately revelatory.
The Nimitz-class aircraft carrier USS Ronald Reagan sailing in the Philippine Sea on July 19. (U.S. Navy/Reuters)
In 2018, Pentagon officials were alarmed when a fitness-tracking app revealed the locations of overseas U.S. bases.
“We know the Chinese Communist Party seeks to promote bulk data collection now, with the intent that the ability to process and use it will follow in the future,” said Samantha Hoffman, a researcher at the Australian Strategic Policy Institute’s Cyber Center. “This data set proves that they’re targeting individuals and that social media is an important tool.”
Little is known about Zhenhua, which operates out of a technology incubator in Shenzhen and an office park in northwest Beijing. Corporate records show the company was founded in 2017 and is majority-owned by a former IBM engineer named Wang Xuefeng, who could not be reached for comment.
The records do not offer any indication that Zhenhua is controlled by the government, but the company positions itself among a constellation of data and security firms in the government’s close orbit.
One of the corporate partners listed on Zhenhua’s website, a big-data firm called TRS, prominently advertises clients such as the Chinese military and the Ministry of Public Security, for which it claims to offer big-data analysis tools that can connect “biographies, vehicles and telecommunications” — and visualize them — with “one click.”
Another partner is Huarong. The big-data and security hardware firm’s website includes references to Palantir, the Silicon Valley-based U.S. military contractor, but advertises itself as a party-linked, “Red-blooded” company spun off from an unnamed People’s Liberation Army enterprise. Huarong co-hosted a “military-civil fusion” trade conference last year in Beijing, where companies seeking business opportunities mingle with military officials.
Another of Zhenhua’s partners is Global Tone Communication Technology, the subsidiary of a state-owned enterprise owned by the central propaganda department that claims to analyze 10 terabytes of social media and Web content a day for government and business clients.
In a 2017 speech, an executive of the company said 90 percent of military-grade intelligence could be derived from open sources, according to a photo retrieved by Hoffman.
Anna Puglisi, a former U.S. national counterintelligence officer for East Asia who is now at Georgetown University’s Center for Security and Emerging Technology, said vast, meticulous open-source collection was a hallmark of Chinese information gathering.
U.S. counterintelligence vis-a-vis China is “traditionally focused on what’s illegal, what’s directly tied to what military or intelligence officer, the spy-on-spy stuff like what we had with the Soviet Union,” Puglisi said. But in reality, massive open-source collection “fits into the much more holistic way that China goes about acquiring information,” she added. “Things like LinkedIn, social media — this seems like an evolution of that methodology.”
In 2015, China’s government issued its first high-level strategy paper on big data and made it a pillar of an industrial development plan called Made in China 2025. Also in 2015, an essay in the Communist Party’s International Liaison Department’s influential world affairs journal suggested that China could conduct automated Web scraping or legally purchase proprietary databases as its governmental and commercial dealings expand.
In 2017, China passed an inaugural national intelligence law that required Chinese organizations and citizens to assist with state intelligence work in accordance with the law.
A U.S. official said it was “not a surprise” that a Chinese company was scraping information for strategic gain. Law enforcement and intelligence officials have been warning various agencies for years about digital hygiene, and Congress has also been reviewing social media best practices to minimize espionage risk from China in particular, the official said.
Facebook CEO Mark Zuckerberg speaks in San Jose, Calif., in 2018. Facebook said it has banned Zhenhua from its platform. (Josh Edelson/AFP/Getty Images)
Rep. Jim Himes (D-Conn.), a member of the House Intelligence Committee, said the present-day ubiquity of individual data is such a significant concern that it is now difficult, for example, to recruit and protect intelligence officers. But open-source data is universally used for spying, he added.
“If there’s a silver lining here, it’s we can do to China what they do to us,” Himes said.
Facebook spokeswoman Liz Bourgeois said the company has banned Zhenhua from its platform and sent it a cease-and-desist letter.
“Scraping public data, as this company appears to have done to a number of services including Facebook, is against our policies,” Bourgeois said.
A Twitter spokesman said the company had no data-sharing agreements with Zhenhua. A LinkedIn spokeswoman said the company does not permit the use of “software that scrapes or copies information” under its user agreement and that the company is constantly working to improve its defenses to prevent such collection.
Although The Post did not have access to the OKIDB software interface, and much of the OKIDB’s underlying data retrieved by Potter and Balding was in raw form, a review of data entries offers clues about the company’s interests.
Navy vessels such as the USS Dwight Eisenhower and Nimitz carriers are tagged with ID numbers, against which relevant social media posts and websites are catalogued. The database assigned hashes and collated information on officers including former chief of naval operations John M. Richardson. There were cursory markups in Chinese about Navy officers’ service history or whether they completed training for prospective commanding officers.
Entries on former acting secretary of the Navy Thomas Modly, for example, named his wife and four children, and educational and private-sector background. The entry included a field for a psychological profile, which was filled with a generic placeholder.
Images of the OKIDB software taken by Potter, who accessed it through an open server, show a user interface that displays tweets posted from U.S. military installations laid over a map with time stamps. One Facebook post sucked into the OKIDB was from the USS George Washington urging sailors’ families to refrain from posting publicly about where the aircraft carrier was going.
On LinkedIn, one of Zhenhua’s engineers, Zhou Peng, describes building a “demonstration system for military deployment simulation.”
Twitter said it had no data-sharing agreements with Zhenhua. (Chris Ratcliffe/Bloomberg News)
Aside from military figures, the database seemed to scoop up tweets from influential China watchers in Washington. Tweets from Scott Kennedy, a China trade expert at the Center for Strategic and International Studies, frequently surface in the database, as do missives from Bill Bishop, publisher of the Sinocism newsletter, and Lyle Morris, who studies the PLA at the Rand Corp.
Part of the company’s ambitions appear to be offensive.
Public corporate records show the company filed patents between late 2018 and April related to scraping news and information, managing data and processing video, but also social media manipulation. The company in September 2019 patented a tool that “simulates social media interaction.”
“Social media can manipulate reality and weaken a country’s administrative, social, military or economic forces, and may also lead to internal conflicts, social polarization and radicalism in a country,” Zhenhua said on its recently deactivated page, china-revival.com.
Zhenhua maintains a company blog on WeChat with a possibly tongue-in-cheek name — “Bureau 99” — that is reminiscent of the numbered divisions within the Chinese military.
On the blog, an unnamed author posts takes on intelligence, U.S.-China relations and how social media influences U.S. presidential campaigns. In one post in August, the author said Chinese open-source intelligence was historically “minimally effective” and relegated to institutions such as the Academy of Military Sciences.
That changed with the passage of China’s national intelligence law in 2017, the author wrote: The law “promoted the healthy development of the intelligence industry.”
The company also posts recruitment ads, seemingly aimed at veterans.
“Bureau 99: we specialize in researching and deploying open-source intelligence to serve the great rejuvenation of the Chinese people,” reads a Sept. 10 ad for positions in Beijing. “We only need your passion and expertise!”
Chinese firm harvests social media posts, data of prominent Americans and military
By Gerry ShihcloseGerry ShihChina correspondentEmailEmailBioBioFollowFollow
11-14 minutes
The cache, called the Overseas Key Information Database, or OKIDB, purports to offer insights into foreign political, military and business figures, details about countries’ infrastructure and military deployments, and public opinion analysis. The database contains information on more than 2 million people, including at least 50,000 Americans and tens of thousands of people who hold prominent public positions, according to Zhenhua’s marketing documents and a review of a portion of the database.
Although there is no evidence showing that the OKIDB software is currently being used by the Chinese government, Zhenhua’s marketing and recruiting documents characterize the company as a patriotic firm, with the military as its primary target customer.
U.S. experts who have reviewed the database offer conflicting assessments of its value. Swaths of the database appear to be raw information copied wholesale from U.S. providers such as Factiva, LexisNexis and LinkedIn and contain little human analysis or finished intelligence products. Much of the social media trove appears to be scraped from public accounts accessible to anyone.
“There might be gold in there, but this is not something that’s useful enough for military or intelligence targeting,” said one cybersecurity contractor for the U.S. government who has reviewed the data and spoke on the condition of anonymity to avoid being publicly associated with a sensitive cache. Zhenhua’s claims, the contractor said, are “totally aspirational.”
But the database, combined with Zhenhua’s digital trail — marketing materials, patents and employees’ résumés — provides a small window into the firm’s ambitions, if not actual capabilities, to glean insights by aggregating and analyzing publicly available, or open-source, data. The potential power of big data has been a long-standing concern for privacy advocates and governments alike, and its use is not exclusive to China. Large-scale open-source collection is undertaken by U.S. government agencies and American companies — the source of much of Zhenhua’s data.
Robert Potter, founder of the Australia-based Internet 2.0 cybersecurity company, and Christopher Balding, an independent researcher, provided an incomplete copy of the underlying database that feeds into the OKIDB software to several news organizations, including The Washington Post. Potter and Balding said they downloaded and reconstructed about 10 percent of the full database, which is estimated to be about 1 terabyte of text. (Potter worked for The Post as a cybersecurity consultant in 2019.)
“Open liberal democracies must consider how best to deal with the very real threats presented by Chinese monitoring of foreign individuals and institutions outside established legal limits,” Balding said.
Zhenhua declined requests for comment. An employee at the company said speaking to reporters would reveal trade secrets. China’s Ministry of Defense did not respond to faxed questions seeking comment.
Researchers and current and former U.S. officials say OKIDB appears consistent with a years-long push by the Chinese government to expand the country’s ability to harvest vast amounts of data for strategic purposes, even if that data is not immediately revelatory.
The Nimitz-class aircraft carrier USS Ronald Reagan sailing in the Philippine Sea on July 19. (U.S. Navy/Reuters)
In 2018, Pentagon officials were alarmed when a fitness-tracking app revealed the locations of overseas U.S. bases.
“We know the Chinese Communist Party seeks to promote bulk data collection now, with the intent that the ability to process and use it will follow in the future,” said Samantha Hoffman, a researcher at the Australian Strategic Policy Institute’s Cyber Center. “This data set proves that they’re targeting individuals and that social media is an important tool.”
Little is known about Zhenhua, which operates out of a technology incubator in Shenzhen and an office park in northwest Beijing. Corporate records show the company was founded in 2017 and is majority-owned by a former IBM engineer named Wang Xuefeng, who could not be reached for comment.
The records do not offer any indication that Zhenhua is controlled by the government, but the company positions itself among a constellation of data and security firms in the government’s close orbit.
One of the corporate partners listed on Zhenhua’s website, a big-data firm called TRS, prominently advertises clients such as the Chinese military and the Ministry of Public Security, for which it claims to offer big-data analysis tools that can connect “biographies, vehicles and telecommunications” — and visualize them — with “one click.”
Another partner is Huarong. The big-data and security hardware firm’s website includes references to Palantir, the Silicon Valley-based U.S. military contractor, but advertises itself as a party-linked, “Red-blooded” company spun off from an unnamed People’s Liberation Army enterprise. Huarong co-hosted a “military-civil fusion” trade conference last year in Beijing, where companies seeking business opportunities mingle with military officials.
Another of Zhenhua’s partners is Global Tone Communication Technology, the subsidiary of a state-owned enterprise owned by the central propaganda department that claims to analyze 10 terabytes of social media and Web content a day for government and business clients.
In a 2017 speech, an executive of the company said 90 percent of military-grade intelligence could be derived from open sources, according to a photo retrieved by Hoffman.
Anna Puglisi, a former U.S. national counterintelligence officer for East Asia who is now at Georgetown University’s Center for Security and Emerging Technology, said vast, meticulous open-source collection was a hallmark of Chinese information gathering.
U.S. counterintelligence vis-a-vis China is “traditionally focused on what’s illegal, what’s directly tied to what military or intelligence officer, the spy-on-spy stuff like what we had with the Soviet Union,” Puglisi said. But in reality, massive open-source collection “fits into the much more holistic way that China goes about acquiring information,” she added. “Things like LinkedIn, social media — this seems like an evolution of that methodology.”
In 2015, China’s government issued its first high-level strategy paper on big data and made it a pillar of an industrial development plan called Made in China 2025. Also in 2015, an essay in the Communist Party’s International Liaison Department’s influential world affairs journal suggested that China could conduct automated Web scraping or legally purchase proprietary databases as its governmental and commercial dealings expand.
In 2017, China passed an inaugural national intelligence law that required Chinese organizations and citizens to assist with state intelligence work in accordance with the law.
A U.S. official said it was “not a surprise” that a Chinese company was scraping information for strategic gain. Law enforcement and intelligence officials have been warning various agencies for years about digital hygiene, and Congress has also been reviewing social media best practices to minimize espionage risk from China in particular, the official said.
Facebook CEO Mark Zuckerberg speaks in San Jose, Calif., in 2018. Facebook said it has banned Zhenhua from its platform. (Josh Edelson/AFP/Getty Images)
Rep. Jim Himes (D-Conn.), a member of the House Intelligence Committee, said the present-day ubiquity of individual data is such a significant concern that it is now difficult, for example, to recruit and protect intelligence officers. But open-source data is universally used for spying, he added.
“If there’s a silver lining here, it’s we can do to China what they do to us,” Himes said.
Facebook spokeswoman Liz Bourgeois said the company has banned Zhenhua from its platform and sent it a cease-and-desist letter.
“Scraping public data, as this company appears to have done to a number of services including Facebook, is against our policies,” Bourgeois said.
A Twitter spokesman said the company had no data-sharing agreements with Zhenhua. A LinkedIn spokeswoman said the company does not permit the use of “software that scrapes or copies information” under its user agreement and that the company is constantly working to improve its defenses to prevent such collection.
Although The Post did not have access to the OKIDB software interface, and much of the OKIDB’s underlying data retrieved by Potter and Balding was in raw form, a review of data entries offers clues about the company’s interests.
Navy vessels such as the USS Dwight Eisenhower and Nimitz carriers are tagged with ID numbers, against which relevant social media posts and websites are catalogued. The database assigned hashes and collated information on officers including former chief of naval operations John M. Richardson. There were cursory markups in Chinese about Navy officers’ service history or whether they completed training for prospective commanding officers.
Entries on former acting secretary of the Navy Thomas Modly, for example, named his wife and four children, and educational and private-sector background. The entry included a field for a psychological profile, which was filled with a generic placeholder.
Images of the OKIDB software taken by Potter, who accessed it through an open server, show a user interface that displays tweets posted from U.S. military installations laid over a map with time stamps. One Facebook post sucked into the OKIDB was from the USS George Washington urging sailors’ families to refrain from posting publicly about where the aircraft carrier was going.
On LinkedIn, one of Zhenhua’s engineers, Zhou Peng, describes building a “demonstration system for military deployment simulation.”
Twitter said it had no data-sharing agreements with Zhenhua. (Chris Ratcliffe/Bloomberg News)
Aside from military figures, the database seemed to scoop up tweets from influential China watchers in Washington. Tweets from Scott Kennedy, a China trade expert at the Center for Strategic and International Studies, frequently surface in the database, as do missives from Bill Bishop, publisher of the Sinocism newsletter, and Lyle Morris, who studies the PLA at the Rand Corp.
Part of the company’s ambitions appear to be offensive.
Public corporate records show the company filed patents between late 2018 and April related to scraping news and information, managing data and processing video, but also social media manipulation. The company in September 2019 patented a tool that “simulates social media interaction.”
“Social media can manipulate reality and weaken a country’s administrative, social, military or economic forces, and may also lead to internal conflicts, social polarization and radicalism in a country,” Zhenhua said on its recently deactivated page, china-revival.com.
Zhenhua maintains a company blog on WeChat with a possibly tongue-in-cheek name — “Bureau 99” — that is reminiscent of the numbered divisions within the Chinese military.
On the blog, an unnamed author posts takes on intelligence, U.S.-China relations and how social media influences U.S. presidential campaigns. In one post in August, the author said Chinese open-source intelligence was historically “minimally effective” and relegated to institutions such as the Academy of Military Sciences.
That changed with the passage of China’s national intelligence law in 2017, the author wrote: The law “promoted the healthy development of the intelligence industry.”
The company also posts recruitment ads, seemingly aimed at veterans.
“Bureau 99: we specialize in researching and deploying open-source intelligence to serve the great rejuvenation of the Chinese people,” reads a Sept. 10 ad for positions in Beijing. “We only need your passion and expertise!”
U.S. Charges Chinese Nationals in Cyberattacks on More Than 100 Companies
wsj.com
U.S. Charges Chinese Nationals in Cyberattacks on More Than 100 Companies
Dustin Volz, Aruna Viswanatha and Kate O’Keeffe
9-12 minutes
WASHINGTON—Federal prosecutors unsealed charges on Wednesday against five Chinese citizens that officials say appear linked to Chinese intelligence, accusing them of hacking more than 100 companies in the U.S. and overseas, including social-media firms, universities and telecommunications providers.
Two Malaysian businessmen were arrested Monday in Malaysia and accused of conspiring with some of the Chinese hackers to profit from intrusions into the videogame industry, Justice Department officials said.
The charges, laid out in three separate indictments, build on several other cases brought against accused Chinese hackers during the Trump administration, which has characterized Beijing’s cyber-enabled theft of intellectual property as a grave national and economic security threat.
U.S. law-enforcement agencies rarely succeed in arresting foreign hackers, and officials called the arrests in Malaysia a victory for international cooperation.
“The Department of Justice has used every tool available to disrupt the illegal computer intrusions and cyberattacks by these Chinese citizens,” Deputy Attorney General Jeffrey Rosen said. “Regrettably, the Chinese Communist Party has chosen a different path of making China safe for cybercriminals so long as they attack computers outside China and steal intellectual property helpful to China.”
Tech Decoupling: China's Race to End Its Reliance on the U.S.
0:00 / 7:09
7:09
Tech Decoupling: China's Race to End Its Reliance on the U.S.
The tech battle between the U.S. and China has battered TikTok and Huawei and startled American companies that produce and sell in China. WSJ explains how Beijing is pouring money into high-tech chips as it wants to become self-sufficient. Video/Illustration: George Downs/The Wall Street Journal
The indictments don’t state that the alleged hackers worked directly for China’s intelligence service. But Justice Department officials said the nature of some of the attacks, including the targeting of pro-democracy politicians and activists in Hong Kong, and other circumstantial evidence bore the hallmarks of state espionage. One of the Chinese nationals allegedly boasted of having connections to the Ministry of State Security, according to one of the indictments.
The Chinese Embassy in Washington didn’t immediately respond to a request for comment. China has previously denied U.S. accusations of malicious cyber activity.
The alleged hacking campaign was described by Justice Department officials as the handiwork of Advanced Persistent Threat 41, or APT 41, a Chinese cyber squad that U.S.-based cyber firm FireEye has identified and linked to a range of malicious cyber activity against targets in sectors including finance, health care, real estate and the U.S. defense industrial base. FireEye on Wednesday said that APT 41 was currently the most prolific Chinese hacking group it tracked.
Microsoft Corp., Facebook Inc., Alphabet Inc.’s Google and Verizon Communications Inc., among other technology companies, assisted in the investigation and helped neutralize some of the computer infrastructure used by China, which aided in the protection of some victims, Justice Department officials said. Officials declined to state whether the companies were among those targeted.
A Microsoft spokeswoman said the company “developed and implemented technical measures to block this threat actor from accessing victims’ computer systems.” The company declined to say if it had been targeted. Representatives from the other companies didn’t immediately comment.
The indictments were handed down last month and in August 2019. One of the two indictments brought last month charged Chinese nationals Jiang Lizhi, Qian Chuan and Fu Qiang with a computer-intrusion racketeering conspiracy affecting over 100 companies, organizations and people in the U.S. and around the world, including in Australia, Brazil, Chile, Hong Kong, India, Indonesia, Japan, Malaysia, Pakistan, Singapore, South Korea, Taiwan, Thailand and Vietnam.
The defendants, while working at the Chinese firm Chengdu 404 Network Technology, also compromised government computer networks in India and Vietnam, and targeted but didn’t successfully breach U.K. government networks, according to the indictment. Chengdu 404 and its indicted employees couldn’t immediately be reached for comment.
Between about May 2014 and August 2020, the Chengdu 404 defendants targeted hospitality, videogame, technology and telecommunications companies, research universities and nongovernmental organizations in pursuit of their own financial gain, the indictment alleges. They used sophisticated techniques to conduct operations such as supply-chain attacks, in which they compromised software providers and modified their code to hack their customers, it says.
Chengdu 404’s website touted the firm’s “patriotic spirit” and said its customers include public security, military, and military enterprises, according to prosecutors. One of the defendants, Mr. Jiang, and an unidentified associate at one point discussed how the defendant’s working relationship with a Chinese intelligence organization—the Ministry of State Security—provided him protection, the indictment said, citing alleged communications between the two.
The accused Chengdu 404 employees also developed a product, SonarX, to serve as a searchable repository for social-media data they collected. In November 2018, one of the defendants, Mr. Qian, saved records of a SonarX query for people linked to Hong Kong democracy movements including current and former members of the Hong Kong Legislative Council, a founding member of the Hong Kong Civic Party and a pro-democracy activist currently wanted by the Hong Kong police under a new national-security law, the indictment alleges, without identifying the individuals. Leaders in the U.S. and other countries have said the law in Hong Kong, a Chinese territory that Beijing had promised special freedoms, is repressive, which Beijing denies.
In December 2018, Mr. Qian saved records from a SonarX query for a U.S. phone number linked to a U.S. government-funded nonprofit broadcasting corporation that has documented news about the predominantly Muslim Uighur minority living in China’s Xinjiang region, according to the indictment. Human-rights groups have accused Beijing of committing widespread abuses in the area, which Chinese officials deny.
The two arrested Malaysian citizens, Wong Ong Hua and Ling Yang Ching, who operated a website that sold videogame currencies and other products used in the games, were charged in another August 2020 indictment in Washington with racketeering and computer crimes.
The pair worked from 2014 through 2018 with two of the other alleged hackers from China to breach the networks of nine videogame companies based in the U.S., South Korea and elsewhere, through malware, spear phishing emails and other methods, the indictment said. They would create their own videogame accounts and illegally access the credentials of administrators to fraudulently increase the in-game currency and other digital goods in their own accounts, the indictment said. The pair would then sell those products themselves and pocket the proceeds, it said.
In 2014, for example, one of the videogame company victims received an email that appeared to be from a former employee of the company with a résumé attached, but which really contained malware, the indictment said. That malware gave the Malaysians access to the network of that company, according to the indictment, which didn’t identify the company by name.
In February 2018, Mr. Wong discussed with an unnamed computer hacker the possibility of traveling internationally to obtain a private bank account for their proceeds. The hacker responded that American authorities “have stuff on us,” the indictment alleged. Messrs. Wong and Ling couldn’t be reached for comment.
The men were arrested on U.S. charges and will face extradition proceedings that could last months, Justice Department officials said.
Sumon Dantiki, a former senior FBI and Justice Department official who worked on cyber investigations, said that the hacking campaign revealed Wednesday was almost without precedent in terms of its overall size.
“The sheer breadth of this action and the scope of victims is just stunning,” he said, likening its vastness to China’s so-called Cloudhopper attacks on managed-service providers, which a Wall Street Journal investigation in December found was far bigger than previously known.
Mr. Dantiki, now a partner at the King & Spalding law firm, said the case would accelerate a trend in the government and private sector to focus on supply-chain software security, given the success hackers have found exploiting that ecosystem. “The larger digital infrastructure of the United States and the global economy is really under siege,” he said.
Write to Dustin Volz at dustin.volz@wsj.com, Aruna Viswanatha at Aruna.Viswanatha@wsj.com and Kate O’Keeffe at kathryn.okeeffe@wsj.com
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
