As further evidence of government surveillance insiders moonlighting in the data consumer market, SpyCloud researchers point to leaks earlier this year of communications and documents from I-Soon, a cyberespionage contractor for the Department of Public Safety and the Department of Homeland Security. In a leaked interview, one company employee suggests to another that “I hear I’m going to sell qb,” and “sell yourself qb.” SpyCloud researchers interpret “qb” to mean “qíngbào,” or “intelligence.”
Given that the average annual salary in China, even at a state-owned IT company, is only about $30,000, the promise—whether credible or dubious—to make nearly a third of that day to sell access to surveillance data represents a strong force. experiment, SpyCloud researchers argue. “These are not really geniuses,” said Johnson. “They are people who have the opportunity and purpose to make a little money on the side.”
That some government insiders are cashing in on their access to surveillance data is to be expected amid China’s ongoing fight against corruption, said Dakota Cary, a China-focused policy and cybersecurity researcher at cybersecurity firm SentinelOne, which reviewed the SpyCloud findings. Transparency International, for example, ranks China 76th in the world out of 180 countries in its Corruption Index, below all EU countries except Hungary—joined with them—including Bulgaria and Romania. Corruption is “rampant in the security services, in the military, in all parts of the government,” Cary said. “It’s a top-down cultural attitude in the current political climate. It’s no surprise that people with this kind of data are successfully employing the access they have as part of their work.”
In their research, SpyCloud analysts even tried to use Telegram-based data brokers to search for personal information on certain high-ranking officials of the Chinese Communist Party and the People’s Liberation Army, Chinese government-sponsored criminals who have also tried to obtain personal information. was named in the US lawsuits, along with the CEO of the cybersecurity company I-Soon, Wu Haibo. The results of those queries include a cache of phone numbers, email addresses, bank card numbers, vehicle registration records, and “hot” passwords—passwords that may have been obtained through a data breach that are protected by encryption but are sometimes vulnerable to cracking. – to those government officials and contractors.
In some cases, data brokers do at least say they limit searches to exclude celebrities or government officials. But the researchers said they were often able to find a workaround. “You can find another service that’s willing to do a search and find documents on it,” said SpyCloud researcher Kyla Cardona.
The result, as Cardona explains, is an even more unexpected consequence of a system that collects such massive and centralized data on every citizen in the country: Not only is that surveillance data leaking out of private hands, it’s also getting into their own hands. those who watch do not wait.
“It’s a double-edged sword,” Cardona said. “This data is collected by them and them. But it can be used against them.”
Source link
/cdn.vox-cdn.com/uploads/chorus_asset/file/25728924/STK133_BLUESKY__B.jpg?w=390&resize=390,220&ssl=1 "Bluesky now has a chat tab in your notification area")