Connect with us

China Digital

Cybersecurity Researcher Discovers Unsecured Database with Millions of Chinese Social Media Chat Logs

Victor Gevers says it is his mission to “report vulnerable systems.”

Avatar

Published

on

Image by iFeng Games (games.ifeng.com)

First published

Victor Gevers, a Dutch researcher at the cyber-security NGO GDI Foundation, has discovered that a Chinese database containing 364 million records including personal identity data, images, and chat conversations of PRC citizens, was left open for anyone to see who searched for its IP address.

Some of the information records allegedly come from apps developed by Chinese tech giant Tencent, including WeChat (Weixin), WeChat Wallet and QQ, but also from Alibaba’s Wangwang Message (阿里旺旺), which is the main chat program used on China’s most popular e-commerce site Taobao.

Gevers tweeted about his findings earlier this week (@0xDUDE). Journalist Yuan Yang reported about the issue in the Financial Times on March 4, writing that a large number of the records had the names and addresses of Chinese internet cafes on them.

Chinese internet cafes are legally required to install monitoring software on their computers (Wǎngbā guǎnlǐ ruǎnjiàn 网吧管理软件 “Internet cafe management software”). Well-known examples of this software are PubWin, Sicent (万象), Zuolun (左轮), or Fangzhu (方竹).

Gevers extensively tweeted about the open database over the past few days. On March 2nd, Gevers wrote on Twitter:

So this social media surveillance program is retrieving (private) messages per province from 6 social platforms and extracts names, ID numbers, ID photos, GPS locations, network information, and all the conversations and file transfers get imported into a large online database.”

On Tuesday, March 5th, Gevers also spoke to the Dutch ‘Foreign Desk’ (Bureau Buitenland) Radio 1 program, saying:

We assume that these messenger services are being screened by Chinese authorities, and of which [the information] is collected in one place. What we saw is that the profiles connected to GPS locations, device use, which wifi networks were used, Chinese ID numbers, ID photos – basically the full profile relating to the conversations. And then these conversations were sent out to various provinces across seventeen servers.”

On Twitter, he further stated:

Around 364 million online profiles and their chats & file transfers get processed daily. Then these accounts get linked to a real ID/person. The data is then distributed over police stations per city/province to separate operators databases with the same surveillance network name.”

On March 4th, Gevers also wrote that “[Chinese internet] is a space filled with open databases,” later tweeting that the same holds true for other countries, including the US.

News of the online leak was also picked up by various Chinese media outlets, including tech news site Driver China (驱动中国). Chinese news sites Sina, Sohu, Phoenix News, Techcrunch.cn, IThome.com, and Q Daily also reported about the issue, but these news articles were all pulled offline at time of writing, coming up with a ‘404’ error message.

One Chinese blog reporting on the issue did not only highlight that the database discovered by Gevers was accessible for people who knew of its IP address, but, noteworthy enough, also reported that it was available for viewing “free of cost.”

The issue was discussed on Weibo, where hashtags such as “360 million records leaked” (#中国3.6亿份聊天记录被泄露#) popped up with hundreds of views, but comments were soon taken offline.

As the annual Two Sessions (两会), China’s most important political event of the year, are currently taking place, Chinese social media is seeing increased censorship and control.

One of the comments that did get through on Weibo noted that as long as news reports were being ‘harmonized,’ it would be difficult for people to tell if this is “fake news” or not.

The fact that Chinese authorities screen digital data is no secret. In 2016, China’s Ministry of Public Security announced that messages posted on social media platforms such as Weibo, Baidu Tieba, or WeChat, could be identified as legal evidence and that China’s public security organs have the right to access electronic information and collect user data.

As a hacker and researcher, Gevers says his mission is to “report vulnerable systems” and sometimes “share what we learn.”

By now, the internet service provider behind the server has been warned about the open database, and within two hours after receiving the warning, the database was no longer accessible.

But how is such a leak possible in the first place? According to Gevers, the answer is quite straightforward: “The problem here is a knowledge gap. And that [knowledge] problem is not just an issue in China, it’s a worldwide problem (…) among people who build these kinds of systems,” he said on Dutch Radio 1.

Gevers’ research also made headlines in February of this year, when the Dutch hacker revealed that millions of personal record information data stored by the Chinese AI-based security software company Sensenets were openly accessible.

For more about the Sensenets leak, check here. To follow Victor Gevers on Twitter see twitter.com/0xDUDE.

By Manya Koetse

Spotted a mistake or want to add something? Please email us.

©2019 Whatsonweibo. All rights reserved. Do not reproduce our content without permission – you can contact us at info@whatsonweibo.com.

image_print

Manya Koetse is the editor-in-chief of www.whatsonweibo.com. She is a writer and consultant (Sinologist, MPhil) on social trends in China, with a focus on social media and digital developments, popular culture, and gender issues. Contact at manya@whatsonweibo.com, or follow on Twitter.

Advertisement
1 Comment

1 Comment

  1. Avatar

    Joey

    March 5, 2019 at 10:45 pm

    Lovely, Dutch researcher working to improve the security of China’s surveillance systems. Too young, too simple, sometimes naive…

Leave a Reply

Your email address will not be published. Required fields are marked *

China Digital

In China’s “Kua Kua” Chat Groups, People Pay to Be Praised [Updated]

Money can’t buy you love, but in these ‘kua kua’ groups, they can buy you praise.

Avatar

Published

on

Image via hexun.com.

First published

Social media is often called a battlefield, but in these Chinese WeChat ‘Kua kua’ groups (夸夸群), people will praise you no matter what you do or say.

A new phenomenon has become a hot topic on Chinese social media these days. ‘Kua kua’ groups (夸夸群) are chat groups where people share some things about themselves – even if they are negative things – and where other people will always tell them how great they are, no matter what.

Kua kua groups (夸 ‘kuā‘ literally means ‘praise’) have become all the rage in China. People seem to love them for the mere fact that it makes them feel good about themselves.

The format is clear. Person A tells about something that is on their minds, and asks people for positive feedback. Person B, C, and D will then come forward and tell them how good or pretty they are, sometimes based on their profile photo.

One could say: “Hi everyone, I’ve just turned down a job offer, but now my future is full of uncertainty, please compliment me.” Then people in the chat group will respond and say things such as: “You look like the type of person who knows exactly what they want.”

The Kua kua praise group phenomenon allegedly began within the online community of Xi’an Jiaotong University – although some claim it was Shanghai’s Fudan University – when one person asked others in a chat group to compliment them. The idea started to compliment and praise others, and so a trend was born; first, in university (BBS) chat groups, and now on WeChat and beyond the realm of universities.

The phenomenon has been around for at least six years, but only recently started gaining widespread attention on Chinese social media. According to China’s Toutiao News, virtually every college now has its own ‘praise group.’

But the praise does not always come for free. Although many (college-based) chat groups are free to join, people who want to be complimented and are not yet a member of an existing group can join Kua kua groups when they pay for it. On Chinese e-commerce platform Taobao, there are various online shops that sell a ‘Praise group’ membership starting from 50 yuan ($7,5) per person, going up to 188 yuan ($28).

The time of praise is limited to five minutes unless you pay more. The quality of the compliments you’ll be getting also depends on how much you pay. Some groups allegedly consist of “students of great talent,” and the number of people complimenting one person could reach up to 500 people.

The contents of the praise could literally be anything. A simple “I want to be praised” comment could get a variety of reactions from “your hat looks nice” to “the fact that you’re so honest and straightforward about what you want is something that is hard to come across in this day and age,” to “you used a period mark [at the end of your sentence], you must be someone who is very persistent in reaching your goals.”

The fact that the “Kua kua” phenomenon is such a success in China might relate to its culture, where humility and modesty are considered ideal in day-to-day communications. When given a compliment, it is common in China to deny it or to suggest that the person giving the compliment is much better than they are (also see Cheng 2003, 30).

These chat groups, however, break away from the dominant cultural interactions: people don’t have to be polite in responding to the compliments and can wallow in the praise they paid for.

Although not as big as the “Kua Kua” group phenomenon, these kinds of groups also exist in the English-language social media sphere. On Reddit’s “Toast Me” page, for example, there are some 92,000 subscribers participating in asking and giving positive feedback to others, albeit unpaid.

The people giving compliments in the Chinese Kua kua groups are random people, some students, some staff of Taobao stores, who get hongbao, red envelopes with digital money gifts, for contributing to the group. According to some reports, some ‘customers’ end up staying the group and become a part of the team themselves.

We will follow up on this later: we booked a ‘five-minute praise session’ ourselves, but are still awaiting admission to the group…

 

Update: Our Kua Kua Experience

 

So what is the Kua kua experience like? We decided to try out for ourselves and purchased a 5-minute praise session through Taobao for 50 yuan ($7,5) from a seller that had a good rating.

After the purchase is completed, the seller will contact you with details asking for your WeChat ID. After adding, they will ask you what your ‘problem’ or issue is, and you will be put in a virtual queue until your turn comes up to be praised.

You’ll then be added to a WeChat group that has your name in the headline (ours was something like “Manya you can do it”) and that has around 200 participants.

The message posted by us was:

Hello, I’m Manya (Dutch). I’ve been studying Chinese for more than ten years. In fact, I’m afraid to say it may even be more than 13 years, but I still often don’t understand what Beijing taxi drivers are saying. Even studying every day won’t help. I’ve been learning for so many years, yet I often still don’t understand what the old people in Beijing are saying. It’s a bit embarrassing. I think my Chinese is still not good enough. I can’t understand the ‘crosstalk’ [comedy sketches] during the Spring Festival Gala at all. It makes me feel a little dispirited.

Within a matter of seconds, the screen then just fills up with positive feedback and emoji. There are dozens of comments, and they almost go too fast to read them all.

Some of the responses:

You’re great, and even I don’t understand Beijing taxi drivers.

Stay confident in yourself!

You’re so cool.”

You can type so many Chinese characters, who’d say your Chinese is not good enough?!

Manya, you’re so fantastic.”

None of us understand what old people in Beijing are saying.

Chinese is just not easy to study, the fact that you’ve been doing it for so long already shows how great you are.”

It’s incredible that you’ve already come this far.”

A woman who is so motivated about studying really moves me, you’re my role model, you make me want to study more English.”

During the praise session, the group leader will occasionally post a hongbao [envelope with money] for the participants to receive in return for their compliments.

After five minutes, the session ends, and the people will send out some last words of encouragement. The group leader will personally thank you for being part of the group, and later, you’ll be removed from the group as the people will move on to the next person who is waiting in line to be praised.

How does it feel to be praised by some 200 people, receiving hundreds of compliments? It’s overwhelming, and even though you know it’s all just an online mechanism, and that it doesn’t matter who you are or what you say, it still makes you glow a little bit inside.

Although some experts quoted by Chinese state media warn people not to rely on these praise groups too much, there does not seem to be much harm in allowing yourself to be complimented for some minutes from time to time.

Other people reviewing the same Kua kua group apparently feel the same: “I’m super satisfied, the result is amazing.”

By Manya Koetse  and Miranda Barnes

Featured image via hexun.com.

References

Cheng, Winnie. 2003. Intercultural Communication. Amsterdam, John Benjamins Publishing.

Spotted a mistake or want to add something? Please email us.

©2019 Whatsonweibo. All rights reserved. Do not reproduce our content without permission – you can contact us at info@whatsonweibo.com.

image_print
Continue Reading

China Digital

China Youth Federation: Ban Minors from Live Streaming Platforms

If implemented, this would mean a big blow to China’s live streaming market.

Avatar

Published

on

First published

More than 45% of Chinese live stream users are minors. A new proposal by the China Youth Federation wants to ban those under the age of 18 from broadcasting in China’s booming live streaming environment.

Chinese minors will no longer be able to do live streaming if it is up to the All-China Youth Federation (ACYF, 中国青联). The China Youth Federation submitted the proposal during the Two Sessions (Lianghui), China’s largest annual legislative meetings.

The China Youth Federation is an organization to represent China’s youth groups founded in 1949, that has the Communist Youth League of China as its core.

China’s live streaming market is booming. Sina News reports that some 425 million netizens used live streaming platforms in 2018. According to the Online Information Center of the Communist Youth League, Chinese minors are particularly active live streamers: 6.4% of live stream users are primary school students, 18.3% of them are junior high school students and 20.3% are senior high schoolers.

There are dozens of live streaming platforms in China, with this list of apps, including the short video & live stream platforms Douyin and Kuaishou, being among the most popular ones. If the law would be implemented, China’s thriving live streaming market would certainly suffer a big blow.

Earlier this week, Sixth Tone already reported that “protecting minors online” would be among one of the important themes discussed by tech leaders at the Two Sessions.

On Saturday, March 9, the hashtag “Proposal to Ban Minors from Engaging in Livestreaming” (#建议禁止未成年人担任网络主播#) [basically meaning “prohibiting minors from being online hosts”] became top trending on Weibo, attracting more than 180 million views. Various Chinese state media sources state that the live streaming industry is in “a state of chaos” and needs stricter control to protect minors, who could easily come into contact with “vulgar” and “inappropriate” content through live streaming platforms.

The ban could be realized by implementing stricter controls on the registration process of China’s various live-streaming networks. This could suggest that the measures would go beyond minors just being banned from live streaming themselves.

“I support this proposal, live streaming platforms are not appropriate for minors,” a popular comment said, with many Weibo users agreeing: “Young people should focus on their schoolwork instead.”

But not everyone agrees with stricter controls on China’s online platforms. One commenter wrote: “Officials can have multiple wives, rich people have multiple women, yet if common people watch live streams where some vulgar language or sensitive content occasionally pops up, then it’s not allowed.”

“What should be banned is vulgar content, not minor users,” others write.

Earlier this week, Beijing News reported that Yan Xiaohong (阎晓宏), director of the Chinese Copyright Association, also submitted a proposal relating to minors using the internet. Yan’s proposal goes much further than that of the ACYF: he suggests that special online platforms should be developed for minors, and argues that it is not good for China’s youth to be able to access the same online content as adults.

By Manya Koetse 

Spotted a mistake or want to add something? Please email us.

©2019 Whatsonweibo. All rights reserved. Do not reproduce our content without permission – you can contact us at info@whatsonweibo.com.

image_print
Continue Reading
Advertisement

Facebook

Advertisement

Follow on Twitter

Advertisement

About

What’s on Weibo provides social, cultural & historical insights into an ever-changing China. What’s on Weibo sheds light on China’s digital media landscape and brings the story behind the hashtag. This independent news site is managed by sinologist Manya Koetse. Contact info@whatsonweibo.com. ©2014-2018

Contribute

Got any tips? Or want to become a contributor? Email us as at info@whatsonweibo.com.
Advertisement

Popular Reads