Shanghai police breach awakens Chinese underground

The record-breaking leak from the Shanghai National Police (SHGA) spurred Chinese-language activity and China-based data leaks.

The 23 terabyte-strong data leak with information on 1 billion Chinese nationals and several billion case records from the Shanghai police could be the largest on record.

The dataset, which includes names, addresses, birthplaces, national ID, mobile numbers, and criminal case details, was first shared on Breach Forums, marketplace hackers and threat actors use to buy and sell data.

Four weeks after the breach, researchers noted that the scale of the leak had echoed through the cyber underworld. According to Naomi Yusupov, a Chinese intelligence analyst at cybersecurity firm Cybersixgill, the English-speaking forum was flooded with Chinese users.

The observed uptick in Chinese was so great that some veteran forum users complained the platform would be overwhelmed by the newcomers, asking to ban the newbies. Instead, the forums’ administrator posted a message, saying that the Shanghai police leak was no longer sold on Breach Forums.

The post on an online marketplace, announcing the data breach.

More Chinese data leaks

Cybersixgill researchers note that the SHGA leak was followed by a ‘sudden spike’ in uploads with alleged data leaks from China-based companies. While in the first half of the year, there were 14 China-based leaks on average, there were 25 leaks in the first two weeks of July.

“The massive size of the breach and the high asking price for the data may have indicated that Chinese databases are highly valued, so other actors jumped on the bandwagon and shared data, hoping to gain both a reputation boost and money,” Yusupov writes.

Another reason for the uptick may be that Chinese members just discovered Breach Forums after the Shanghai police leak and started using the platform to share domestic leaks.

Yusupov stipulates that the growing volume of breaches may even be linked to some users already exploiting data from the SHGA to perform further attacks.

Long term damage

The availability of personal information on a large chunk of China’s population – estimated at more than 1.4 billion in total – could cause long-term problems such as identity theft and targeted phishing attacks, affecting hundreds of millions of people.

Moreover, leaked case records covering periods of over 20 years could provide threat actors with the means to seek retribution over criminal cases that resulted in, for example, conviction.

The worst part with data leaks, of all shapes and sizes, is that once the genie is out, there is no way to put it back in the bottle. If the hackers really have managed to grab data on a billion people, Beijing could even be faced with national security concerns.

Adversaries could dig into the data to form sophisticated victim-targeting models, with nation-states employing it to identify high-ranking officials, their familial relationships, and location. This could permit them to zero in on specific people through their connected mobile devices and numbers.