By Staff Writer.
A cybersecurity firm has said a 23-terabyte package of personal data stolen from a Shanghai Police database has been spotted in an online cybercrime forum. The confirmation by Check Point Software Technologies firms up reports of the massive cyberattack.
Check Point says an anonymous hacker, known as “ChinaDan,” posted on an online cybercrime forum called Breach Forums last week asking for a ransom of ten bitcoins (worth around US$220,00 at the time of publication) for what is likely the biggest ever domestic cyberattack in China.
But with no firm word from Chinese authorities on the veracity of the claimed cyberattack, speculation intensified over the weekend that the claimed attack was a hoax.
However, on Monday, Zhao Changpeng, Chief Executive Officer of cryptocurrency exchange Binance tweeted that his firm’s threat intelligence had detected one billion resident records from “an Asian country” for sale on the dark web.
On Tuesday, a Bloomberg report gave the still largely unreported cyberattack some colour, saying the hackers had accessed the police database in China’s most populous city and stole sensitive personal information on up to one billion people, including national ID numbers, mobile phone numbers, addresses, medical records, and criminal histories.
Binance’s Zhao Changpeng later followed up and said the attack happened because the Chinese Government developer of the police database wrote a tech blog for the Chinese Software Developer Network (CSDN) and accidentally included the credentials.
In a subsequent Twitter post, Mr Changpeng published a screenshot of the credentials published on the blog. Included in the code were Chinese characters and a reference to Shanghai.
Until now, a 2020 cyberattack on Weibo, which accessed the personal account information of 539 million users, was considered the biggest cyberattack in China.
Sergey Shykevich, Threat Intelligence Group Manager at Check Point, says they saw ChinaDan’s data package for sale on the dark web. On the same online forum, Check Point discovered a variety of other China-related databases offered for sale, including a China courier database with 66 million records, allegedly stolen from ShunFeng Express in 2020, as well as other databases from Chinese driving schools.
“Cybercriminals are frequently looking for opportunities to steal databases from different organisations, in some cases using sophisticated malware families. In other cases, these hackers are scanning IP ranges of different organisations to identify unprotected assets and databases, from which to steal,” said Mr Skykevich.
“In this particular case, as such a large database of personal information was leaked, there is a high chance that cybercriminals may use this data for phishing and spear-phishing attacks. As this database also includes mobile numbers, we recommend organisations in China to be prepared for a possible wave of smishing attacks.”
Yi Fu-Xian, a senior scientist at the University of Wisconsin-Madison, told The Guardian newspaper he had successfully downloaded a sample of the stolen data from the dark web.
“The data contained information about almost all the counties in China,” he said. “I have even discovered data related to a remote county in Tibet, where there are only a few thousand residents.”
Amid privacy and security concerns, Chinese authorities have been moving to better protect online user data privacy for its 1.4 billion citizens.