As further evidence of government surveillance officials working in the data broker market, SpyCloud researchers point to a leak earlier this year of communications and documents from I-Soon, a cyberespionage contractor for the Department of Public Security and the Department of State Security . In one leaked chat conversation, one company employee suggests to another that “I’m here to sell qb” and “sell some qb yourself.” SpyCloud researchers interpret “qb” as “qíngbào” or “intelligence”.
Given that the average annual salary in China, even at a state-owned IT company, is only about $30,000, the promise – however credible or dubious – to make almost a third of that daily in exchange for selling access to surveillance data presents a strong temptation, SpyCloud researchers say. “They’re not necessarily executives,” Johnson says. “They are people with the opportunity and motive to make a little money on the side.”
That some government officials actually profit from their access to surveillance data is to be expected amid China’s ongoing fight against corruption, said Dakota Carey, a China-focused policy and cybersecurity researcher at cybersecurity firm SentinelOne, which reviewed SpyCloud’s findings. Transparency International, for example, ranked China 76th in the world out of 180 countries in its corruption index, well below every EU country except Hungary, with which it tied, including Bulgaria and Romania. Corruption is “pervasive in the security services, in the military, in all parts of government,” Kerry says. “It’s a top-down cultural attitude in the current political climate. It’s not at all surprising that people with this kind of data are effectively renting out the access they have as part of their job.
In their research, SpyCloud analysts went so far as to try to use Telegram-based data brokers to look for personal information about some high-ranking officials of the Chinese Communist Party and the People’s Liberation Army, separate Chinese state-sponsored hackers who are identified in the US indictments, and the CEO of cybersecurity company I-Soon, Wu Haibo. The results of these queries included a range of phone numbers, email addresses, bank card numbers, car registration records and “hashed” passwords – passwords likely obtained through a data breach that are protected by a form of encryption but sometimes vulnerable to cracking — for those government officials and contractors.
In some cases, data brokers at least claim to limit searches to exclude celebrities or government officials. But researchers say they’ve usually been able to find a workaround. “You can always find another service that’s willing to do the search and get some documents for them,” says SpyCloud researcher Kayla Cardona.
The result, as Cardona describes it, is an even more unexpected consequence of a system that collects such vast and centralized data on every citizen in the country: not only is this surveillance data leaking into private hands, it’s also leaking into the hands of those who monitor the monitors. .
“It’s a double-edged sword,” says Cardona. “This data is collected for them and by them. But it can also be used against them.”
