Cybersecurity Researcher Discovers Unsecured Database with Millions of Chinese Social Media Chat Logs

First published

Victor Gevers, a Dutch researcher at the cyber-security NGO GDI Foundation, has discovered that a Chinese database containing 364 million records including personal identity data, images, and chat conversations of PRC citizens, was left open for anyone to see who searched for its IP address.

Some of the information records allegedly come from apps developed by Chinese tech giant Tencent, including WeChat (Weixin), WeChat Wallet and QQ, but also from Alibaba’s Wangwang Message (阿里旺旺), which is the main chat program used on China’s most popular e-commerce site Taobao.

Gevers tweeted about his findings earlier this week (@0xDUDE). Journalist Yuan Yang reported about the issue in the Financial Times on March 4, writing that a large number of the records had the names and addresses of Chinese internet cafes on them.

Chinese internet cafes are legally required to install monitoring software on their computers (Wǎngbā guǎnlǐ ruǎnjiàn 网吧管理软件 “Internet cafe management software”). Well-known examples of this software are PubWin, Sicent (万象), Zuolun (左轮), or Fangzhu (方竹).

Gevers extensively tweeted about the open database over the past few days. On March 2nd, Gevers wrote on Twitter:

So this social media surveillance program is retrieving (private) messages per province from 6 social platforms and extracts names, ID numbers, ID photos, GPS locations, network information, and all the conversations and file transfers get imported into a large online database.”

On Tuesday, March 5th, Gevers also spoke to the Dutch ‘Foreign Desk’ (Bureau Buitenland) Radio 1 program, saying:

We assume that these messenger services are being screened by Chinese authorities, and of which [the information] is collected in one place. What we saw is that the profiles connected to GPS locations, device use, which wifi networks were used, Chinese ID numbers, ID photos – basically the full profile relating to the conversations. And then these conversations were sent out to various provinces across seventeen servers.”

On Twitter, he further stated:

Around 364 million online profiles and their chats & file transfers get processed daily. Then these accounts get linked to a real ID/person. The data is then distributed over police stations per city/province to separate operators databases with the same surveillance network name.”

On March 4th, Gevers also wrote that “[Chinese internet] is a space filled with open databases,” later tweeting that the same holds true for other countries, including the US.

News of the online leak was also picked up by various Chinese media outlets, including tech news site Driver China (驱动中国). Chinese news sites Sina, Sohu, Phoenix News, Techcrunch.cn, IThome.com, and Q Daily also reported about the issue, but these news articles were all pulled offline at time of writing, coming up with a ‘404’ error message.

One Chinese blog reporting on the issue did not only highlight that the database discovered by Gevers was accessible for people who knew of its IP address, but, noteworthy enough, also reported that it was available for viewing “free of cost.”

The issue was discussed on Weibo, where hashtags such as “360 million records leaked” (#中国3.6亿份聊天记录被泄露#) popped up with hundreds of views, but comments were soon taken offline.

As the annual Two Sessions (两会), China’s most important political event of the year, are currently taking place, Chinese social media is seeing increased censorship and control.

One of the comments that did get through on Weibo noted that as long as news reports were being ‘harmonized,’ it would be difficult for people to tell if this is “fake news” or not.

The fact that Chinese authorities screen digital data is no secret. In 2016, China’s Ministry of Public Security announced that messages posted on social media platforms such as Weibo, Baidu Tieba, or WeChat, could be identified as legal evidence and that China’s public security organs have the right to access electronic information and collect user data.

As a hacker and researcher, Gevers says his mission is to “report vulnerable systems” and sometimes “share what we learn.”

By now, the internet service provider behind the server has been warned about the open database, and within two hours after receiving the warning, the database was no longer accessible.

But how is such a leak possible in the first place? According to Gevers, the answer is quite straightforward: “The problem here is a knowledge gap. And that [knowledge] problem is not just an issue in China, it’s a worldwide problem (…) among people who build these kinds of systems,” he said on Dutch Radio 1.

Gevers’ research also made headlines in February of this year, when the Dutch hacker revealed that millions of personal record information data stored by the Chinese AI-based security software company Sensenets were openly accessible.

For more about the Sensenets leak, check here. To follow Victor Gevers on Twitter see twitter.com/0xDUDE.

By Manya Koetse

Spotted a mistake or want to add something? Please email us.

©2019 Whatsonweibo. All rights reserved. Do not reproduce our content without permission – you can contact us at info@whatsonweibo.com.