• Hacker Selling 1B Chinese Citizens’ Data for 10 Bitcoin On Dark Web Forum

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Hacker Selling 1B Chinese Citizens’ Data for 10 Bitcoin On Dark Web Forum

    Author
    Topic
    #2458480

    https://www.spiceworks.com/it-security/data-breaches/news/biggest-data-breach-one-billion-chinese-citizens/

    The database, containing the names, addresses, national IDs, mobile numbers, and police/criminal and medical records, was stolen from the Shanghai National Police.

    In possibly the biggest data breach ever, the personal information of about one billion Chinese citizens has been leaked online. According to Changpeng Zhao, the CEO of Binance, this data is put up for sale on a popular dark web forum. The information breached is the resident record that includes the names, addresses, national IDs, mobile numbers, and police/criminal and medical records of people from an Asian country. The seller, who goes by the name ChinaDan, claims to have stolen the enormous dataset from the Shanghai National Police (SHGA) database. “In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on billions of Chinese citizens,” posted ChinaDan. “Databases contain information on 1 billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details.”..

    Viewing 9 reply threads
    Author
    Replies
    • #2458525

      And just how would the hacker transfer the data to anyone stupid enough to give him 10 Bit-Coins over the internet? You better have one heck of a speedy internet connection…

      Inquiring minds want to know!

      May the Forces of good computing be with you!

      RG

      PowerShell & VBA Rule!
      Computer Specs

      1 user thanked author for this post.
      • #2458562

        RetiredGeek: “And just how would the hacker transfer the data

        How about with a zillion DVDs sent by Post Office mail in umpteen packets, via airmail for faster delivery?

        Some people should stop and think before asking questions with such obvious answers, really!

        (This is a joke.)

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

    • #2458576

      And just how would the hacker transfer the data to anyone stupid enough to give him 10 Bit-Coins over the internet?

      A $5 cheap USB stick will do.

      • #2458582

        A $5 USB would do? How big is a 1-billion people set of personally identifiable information (PII), assuming it is all in Roman characters and Arabic numerals, not in Chinese ideograms and numerals?

        If, perhaps optimistically, a Tweet-long text would be enough for including each person’s PII data, then 240 characters = 240 bytes x 1 Billion PIIs = 240 GB of data (*), isn’t it so?

        While I am not interested in buying the personal info of all those Chinese people (what for? I couldn’t handle it anyways), I would certainly be most interested in buying a 240 GB USB thumb drive for US$5 (or for a bit more in Canadian, New Zealand or Australian dollars), as I couldn’t possibly resist such a bargain.

        It is not an unreasonable bargain, though, given current prices (just checked in Amazon) but probably a few times more than $5 would be a more likely find.

        (*) Or close to 1/4 of a Terabyte.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      • #2458736

        Alex,

        Who’s your supplier? I’d love to get a Multi-TeraByte drive for $5!

        May the Forces of good computing be with you!

        RG

        PowerShell & VBA Rule!
        Computer Specs

        1 user thanked author for this post.
    • #2458601

      A $5 USB would do? How big is a 1-billion people set of personally identifiable information (PII), assuming it is all in Roman characters and Arabic numerals, not in Chinese ideograms and numerals?

      The hacker says 23TB 🙂 so a pack of $5 USB sticks or 16TB+8TB SSD drives will be enough.

      I am sure the data is in Chinese.

    • #2458639

      ~$200k for 1 billion names, life must be pretty cheap there.  Having all that data behind one set of credentials that are hosted in plaintext on a blog, what did they expect to happen?

       

      This site I used to read and love mangadex was destroyed by this same sort of mistake.  One of the admins sold an old server without wiping the hard drive and it had a mysql password on it and hackers took over and destroyed the site, first trying extortion then just vandalizing and destroying it.  It’s the admin’s fault at mangadex and in the shanghai police.  I bet the IT guy at that precinct is being re-educated or dissapeared as we speak.

       

      A lot of other hacks seem worse look at Solarwinds.

      • #2458770

        Alex is sure that the data, the text part at least (maybe also the numbers?) is all in Chinese.

        So how about 23 TB of Chinese text (and maybe Chinese numbers?).

        The likely buyers would be in China, or else would be ones who may know Chinese because they, or their  families are part of the Diaspora, and some non-Chinese people who also can read this language … especially if this is a kind of Chinese language that many can read, such as Mandarin.

        Anyone else, better keep your 20 Bitcoin for another occasion.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

    • #2458773

      The likely buyers would be in China, or else would be ones who may know Chinese because they, or their  families are part of the Diaspora, and some non-Chinese people who also can read this language …

      I am sure the FBI, NSA.. and such, will be more then glad to put their hands on the data.

    • #2459149

      It’s a nasty business outthere

      KelvinSecurity Hacking Group Dumps 8GB Database from US Govt CMS.gov – Millions of Records Exposed

      https://restoreprivacy.com/kelvinsecurity-cms-database-center-for-medicare-medicaid-services/

      * Is this a fact: "foreignpolicy.com/2022/04/25/the-real-threat-to-social-media-is-europe", Really? * get out of the poisonous Metaverse *
      • #2459158

        If think that if this is correct, then I would imagine that, just as the USA government can collect metadata on our phone calls, etc. without our permission, it’s NSA (for example) can also reach for and destroy the released cache, or caches of medical professional’s data, as their existence is contrary to the interest of the nation … Hmm.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

        • #2459192

          Good morning. Suppose that only a mini-part of your assumptions are correct: All that collecting of data and meta-data how is it done? What companies and techniques are involved?
          “Well, I have no secrets so I do not care”.

          * Is this a fact: "foreignpolicy.com/2022/04/25/the-real-threat-to-social-media-is-europe", Really? * get out of the poisonous Metaverse *
        • #2459199

          Fred, Actually I am agreeing with you.

          As to which organizations might be involved? Well, I mentioned one, a big one, already.

          Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

          MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
          Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
          macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

        • #2459228

          Oscar: as a matter of fact I do believe you. Your original message has disappeared, so that must have been written in alienlanguage, or so off topic.
          Well over here the governmentagencies have been summond to obey the law, by all means, and they have to wipe a tremendous large amount of date.
          So who is killing the messenger this time?
          Slangevar

          * Is this a fact: "foreignpolicy.com/2022/04/25/the-real-threat-to-social-media-is-europe", Really? * get out of the poisonous Metaverse *
    • #2459198

      “Well, I have no secrets so I do not care”

      I suppose these are the good-guys now? Right?

      https://www.engadget.com/meta-sues-data-scraping-company-octopus-213001115.html

      * Is this a fact: "foreignpolicy.com/2022/04/25/the-real-threat-to-social-media-is-europe", Really? * get out of the poisonous Metaverse *
    • #2459278

      Just a kind reminder: Conversations that are deemed to be going too far will be moderated.

      We weren’t bought by Elon and thus we still moderate as we see fit.

      Thank you for your understanding.

      Susan Bradley Patch Lady

      • #2459307

        I see all the messages I’ve posted in this thread are still here. I have not received anything from WorldPress to the contrary.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

        • #2459317

          As I said, if we feel that the conversation is drifting, moderation will be made accordingly.

          Susan Bradley Patch Lady

    • #2459309

      I see all the messages I’ve posted in this thread are still here. I have not received anything from WorldPress to the contrary.

      Oscar :
      An interesting look in the Bloomberg Press on these matters is in te link below. Perhaps this can meet the very high moderation and moral standards of Elon Musk.
      quote: One Billion Chinese Files Were Likely Leaked by Sloppiness, Not Hacking
      Poor security practices may have led to one of the largest breaches of personal data in history.

      https://www.bloomberg.com/opinion/articles/2022-07-05/china-hack-data-on-more-than-1-billion-people-likely-leaked-due-to-sloppiness?cmpid==socialflow-twitter-view

      * Is this a fact: "foreignpolicy.com/2022/04/25/the-real-threat-to-social-media-is-europe", Really? * get out of the poisonous Metaverse *
    • #2459312

      As Fred has quoted: “Poor security practices may have led to one of the largest breaches of personal data in history.”

      That tends to be the reason for these huge personal data thefts.

      I wonder what the not-very-nice Chinese government might do to these robbers — and to those that let themselves be robbed. As it has been mentioned earlier here ( #2458773 ) by Alex, government security agencies of countries unfriendly to China might be lining up to buy the purloined data.

      Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      1 user thanked author for this post.
    Viewing 9 reply threads
    Reply To: Hacker Selling 1B Chinese Citizens’ Data for 10 Bitcoin On Dark Web Forum

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: