Growing Awareness of the Darknet in China following Huge Domestic Database Breaches
In recent weeks, we have identified a growing awareness on Chinese security blogs and mainstream media, to the existence of the Darknet, and the activities of Chinese users on its platforms. The focus is mostly on the sale of leaked data, mainly of Chinese citizens. One of these leaks pertained to the Huazhu hotel group and was one of two major data breaches which occurred simultaneously in China, raising awareness to this issue. The second breach was the database of SF Express, a delivery service company based in Shenzhen, Guangdong Province. The whole database, containing 300 million pieces of personal data, such as full names, addresses and telephone numbers, was offered for 2 BTC (~ US$ 4,000), while a test sample of 100,000 lines was charged 0.01 BTC (~ US$ 40).
A Chinese Darknet forum user offers the SF Express database for sale
These two incidents received much attention on official Chinese media, as well as in web security blogs, and coverage has sparked unprecedented discussions regarding the Darknet and its perils in general. For example, the web security blog Security Geek, dedicated its quarterly report, published in late October, to the Darknet, offering various measures of protection.
Activities on a prominent Chinese Darknet forum that we monitor, which functions as a black online marketplace, have indeed intensified in recent months, facilitating the sale of personal data in a designated section dedicated to “leaks and databases.” All types of personal information found in breached, leaked or stolen databases from different sectors can be found in that section, including, but not limited to, banking (accounts and loans), education (student lists at schools and universities, including parents’ lists), health (personal data of patients and doctors), government (personal information of officials) and property related data (houses and vehicles.)
“Big customers” of the four largest Chinese banks, containing 212,000 lines of data
Personal data of government officials
The fact that the overwhelming majority of these databases contain domestic data, namely personal information of citizens of the People’s Republic of China, and only a fraction of those is personal data of non-Chinese nationalities, could explain the wide attention the subject is currently receiving in China. Judging from previous government reactions to online trends, and based on the growth in public attention to the topic, and criminal activities on the forums, the authorities are more than likely to take measures and halt activities on these forums.
Furthermore, online chatter about the Darknet outside of the Darknet, whether it be in mainstream media, social networks, clear web forums or designated QQ or Telegram groups, is also on the rise. The term 暗网 (a shortened abbreviation for the term “Darknet”) has also become an idiomatic word in modern Chinese, used more and more by people not directly involved in Chinese Darknet forums.
The increase of both media and public attention to the Darknet is a relatively new phenomenon in China. State control over the Internet is probably the strictest in the world, which results in relative inaccessibility to non-Chinese networks in general and to the TOR network in particular. This results in a noticeably small amount of online activity in the Chinese language over the Darknet, especially when considering the huge size of China’s Internet market and Chinese, as one of the most commonly-used languages on the Internet.
Furthermore, many users who write in Chinese on Darknet platforms and/or are active on Chinese-language Darknet platforms are not citizens of the People’s Republic of China. They are members of other Chinese communities around the world (Hong Kong, Taiwan and more), which makes the current change even more striking.
Author: Verint CTI (powered by SenseCy)
In 2017 SenseCy, a global leader of Cyber Threat Intelligence (CTI), proudly became part of the Verint family and now serves as the specialized CTI unit within Verint’s Web Intelligence group.
SenseCy nurtured and developed what has become a large team of carefully chosen CTI experts. Verint’s CTI research group is comprised of SenseCy specialists who have many years of training and experience in cyber threat identification and analysis on social networks, mobile applications, Deep Web sites, Dark Web marketplaces, hacker forums and IRC channels amongst others. This provides the research group with the ability to address a critical challenge on behalf of organizations without a dedicated team of analysts.