A Chinese technology company with links to Beijing's military and intelligence agencies has been compiling personal information on millions of people from the US, UK, Australia, Canada, India and Japan.
The database, which is understood to have been stolen and leaked to the Five Eyes Intelligence network by an anti-China activist, was put together by the private firm Zhenhua Data: a Shenzhen-based company that lists the People's Liberation Army and Chinese Communist Party among its main clients.
Contained therein were the names and personal details of some 2.4 million people, including 35,000 Australians, 40,000 Britons, and a vast number of high-profile figures such as senior politicians, members of the royal family, religious leaders and military officers.
Those details included dates of birth, addresses, marital status, relatives, political associations and social media IDs. And while a lot of the data has been "scraped" from social media and other open-source material—that is, information that is publicly available on the internet—some also appears to have been sourced from confidential bank records, job applications and psychological profiles, and is believed to have been acquired via the dark web.
One intelligence analyst described the giant global database as "Cambridge Analytica on steroids", according to the ABC, while the Telegraph reported that intelligence sources described the scale of information as "frightening". Both publications were among the international consortium of media outlets that the database was shared with, including others in Australia, the UK, US, Canada, Italy and Germany.
Professor Christopher Balding, the US academic and cybersecurity expert to whom the database was originally leaked, described the revelation as “something akin to discovering the Holy Grail.”
“What cannot be underestimated is the breadth and depth of the Chinese surveillance state and its extension around the world,” Balding wrote in a statement on Monday. “The world is only at the beginning stages of [understanding] how much China invests in intelligence and influence operations using the type of raw data we have to understand their targets.”
The intended use of the information contained in the database is not entirely clear, but Zhenhua Data—whose official website has since been taken down—claims it provides "services for military, security and foreign propaganda", and describes its mission as influencing the "great rejuvenation of the Chinese nation".
The company's chief executive Wang Xuefeng has also previously used Chinese social media app WeChat to endorse waging “hybrid warfare”, a term that refers to the use of unconventional methods such as cyber attacks, fake news and electoral intervention to disrupt and disable an opponent without engaging in open hostilities.
In an official report on the Zhenhua leak, Balding, along with fellow cybersecurity analyst Robert Potter, points out that “the data appears [to be] used to support Chinese intelligence, military, security, and state operations in information warfare and influence targeting.”
Balding and Potter further note that “open liberal societies fail to grasp the threats embodied in Chinese authoritarian communism by ignoring non-traditional warfare and influence operations.”
“The information warfare being touted by Zhenhua targets key institutions in democracies such as the children of politicians, universities, and key industrial sectors. These flow into information transmission and policy formation,” they write. “Open liberal democracies would be wise to improve data privacy and security and understand the threats.”
Professor Balding has since returned to the US after being advised that it was no longer safe for him to be in Vietnam.
Follow Gavin on Twitter