- 2.4 million names and profiles are on the database, including more than 35,000 Australians
- The company which created the database has links to China's government and military
- The leak raises further questions about the spread and scope of China's intelligence gathering operations
Information collected includes dates of birth, addresses, marital status, along with photographs, political associations, relatives and social media IDs.It collates Twitter, Facebook, LinkedIn, Instagram and even TikTok accounts, as well as news stories, criminal records and corporate misdemeanours.
While much of the information has been "scraped" from open-source material, some profiles have information which appears to have been sourced from confidential bank records, job applications and psychological profiles.
The company is believed to have sourced some of its information from the so-called "dark web".One intelligence analyst said the database was "Cambridge Analytica on steroids", referring to the trove of personal information sourced from Facebook profiles in the lead up to the 2016 US election campaign.
But this data dump goes much further, suggesting a complex global operation using artificial intelligence to trawl publicly available data to create intricate profiles of individuals and organisations, potentially probing for compromise opportunities.The database has been shared with an international consortium of media outlets in the US, Canada, United Kingdom, Italy, Germany and Australia, comprising the Australian Financial Review and the ABC.The media consortium sought comment from Zhenhua, but received no reply.The company's chief executive Wang Xuefeng, a former IBM employee, has used Chinese social media app WeChat to endorse waging "hybrid warfare" through manipulation of public opinion and "psychological warfare".Of the 35,558 Australians on the database, there are state and federal politicians, military officers, diplomats, academics, civil servants, business executives, engineers, journalists, lawyers and accountants.They range from the current and former prime ministers, to Atlassian billionaires Mike Cannon-Brookes and Scott Farquhar, and business figures David Gonski and Jennifer Westacott.But there are 656 of the Australians featured on the list as being of "special interest" or "politically exposed". Exactly what the company means by either of these terms is unexplained, but the people on the list are disparate in occupation and background, and there seems little to no explanation in who has made the list.
The list includes current Victorian Supreme Court Judge Anthony Cavanough, retired Navy Admiral and former Lockheed Martin chief executive Raydon Gates, former ambassador to China Geoff Raby, ex Tasmanian Premier Tony Rundle and former foreign minister Bob Carr.Singer Natalie Imbruglia features in this list, along with One Nation co-founder David Oldfield, National Party President Larry Anthony, former treasurer Peter Costello's son Sebastian, ex-Labor MP Emma Husar, News Corp journalist Ellen Whinnett and rural businesswoman and ABC director Georgie Somerset. But it also has some Australians with a criminal past, including self-proclaimed Perth sheikh Junaid Thorne, Geelong accountant and fraudster Robert Andrew Kirsopp and ex-TEAC boss Gavin Muir who died in 2007 just weeks before he faced court for dishonesty offences.The database was leaked to a US academic based in Vietnam, Professor Chris Balding, who until 2018 had worked at the elite Peking University before leaving China citing fears for his physical safety. "China is absolutely building out a massive surveillance state both domestically and internationally," Professor Balding told the ABC.
"They're using a wide variety of tools — this one is taken primarily from public sources, there is non-public data in here, but it is taken primarily from public sources.Professor Balding has returned to the United States, leaving Vietnam after being advised it was no longer safe for him to be there.
It was also a grave risk taken by the person who leaked the database to him, who contacted him as he started publishing articles about Chinese tech giant Huawei.
The Spycraft Revolution
"We've worked very hard to make sure that there are no links between me and that person, once I realised what had been given to me," he said.
"They are still in China. But hopefully I think they will be safe."
'Collection nodes' scattered around the world, one likely in AustraliaProfessor Balding gave the database to Canberra cyber security company Internet 2.0 which was able to restore 10 per cent of the 2.4 million records for individuals.Internet 2.0's chief executive Robert Potter said Zhenhua had built the capacity to track naval vessels and defence assets, to assess the careers of military officers and catalogue the intellectual property of China's competitors."This mass collection of data is taking place in China's private sector, in the same way Beijing outsources its cyber attack capability to private subcontractors," Mr Potter told the ABC.Of the 250,000 records recovered, there are 52,000 on Americans, 35,000 Australians, 10,000 Indian, 9,700 British, 5,000 Canadians, 2,100 Indonesians, 1,400 Malaysia and 138 from Papua New Guinea.
There are 793 New Zealanders profiled in the database, of whom 734 are tagged of special interest or politically exposed.
Zhenhua boasts it has about 20 "collection nodes" scattered around the world to vacuum enormous amounts of data and send back to China. Two of the nodes have been identified as being in Kansas in the United States and the South Korean capital Seoul. The Australian node has not been detected.
Last week, security researchers Bob Diachenko and Vinny Troia discovered an unprotected, publicly accessible MongoDB database containing 150 gigabytes-worth of detailed, plaintext marketing data—including 763 million unique email addresses. The database, owned by the "email validation" firm Verifications.io, was taken offline the same day Diachenko reported it to the company.
The military sector appears to be of particular interest to the company. The database tracks promotion prospects of officers and political networks.
In one instance, the career progression of a US naval officer was closely monitored and he was flagged as a future commander of a nuclear aircraft carrier."The company… boasts that it has 20 information collection centres spread around the world," Clive Hamilton from Charles Sturt University said.
"This suggests that there's almost certainly one in Australia. So that means somewhere in Australia, there is a Chinese state-owned company that is sucking up data from across Australia and feeding it into China's intelligence service.
"Well, where is that centre? And if we can find it, shouldn't we close it down? It would appear to be violating all kinds of laws."Professor Hamilton said the wide range of people named in this database provided serious cause for concern.
"If you're a 14-year-old daughter of a politician, then we now know that China's intelligence service is monitoring your social media commentary, and recording pieces of information that are of interest or may be of interest in the future," he said.
"So it really is quite sinister in the way that China is targeting so many aspects of society in a country like Australia for sucking up and storing this intelligence, and using artificial intelligence in a exceptionally sophisticated way."
Concerns of aggressive intelligence gathering operationsA Five Eyes intelligence officer, who uses the pseudonym Aeneas, has pored over the data, and described the technique as "mosaic intelligence gathering" — sourcing vast tracts of information from a wide variety of sources.
He argued it was a different way to collect information than how many western agencies went about their work.
"For example, we had a long-running penetration operation inside a Chinese diplomatic post," Aeneas said.
"You'd think we would have collected on everyone, but we didn't.
"Not everyone inside the post was an intelligence operator for the other side.
"We collected thoroughly on their spooks and stringers, but unless someone in the post was a possible source for us, we left them alone."
Australia's fledgling space industry is also of some interest to Zhenhua.Queensland's Gilmour Space Technology, founded by banker Adam Gilmour, has been closely profiled by the company — so much so that every board member of the company has been profiled in the database. Zhenhua went looking for everyone in Australia with the surname Gilmour to probe the company.The discovery of Zhenhua's core business, known as the Overseas Key Information Database, or OKIDB, will fuel concern about China's aggressive intelligence gathering operations.
It also presents a challenge to domestic cyber defence, given the likely presence of other hostile computer servers in Australia trawling public source data.Zhenhua Data, established in 2018, is believed to be owned by China Zhenhua Electronics Group which in turn is owned by state-owned China Electronic Information Industry Group (CETC), a military research company which had an association with the University of Technology Sydney until 2019.