Articles Career

Zhenhua Data Leak: China’s efforts to rule the global digital world

Matthew Henry, Unsplash

Huge volumes of data get analysed and tracked on the Internet every day; that is the reality of our times. Every social media user accepts the risk of being spied on, often unwittingly.

As soon as they register, their data becomes a commodity. Surveillance practices are commonplace for technological giants such as Facebook or TikTok. Even Google is no different: In the last twenty years, the company has completely revised its data processing procedures and massively scaled up its predictive algorithms. It now uses mass data collection to create your profile and decide what to show you and what to hide.

If you want clear proof that we need better protection of personal data, you need only look at the last scandal of the Chinese-owned company Zhenhua.

According to data from an internal database leak, this rather inconspicuous company has been aggregating gigantic volumes of information on users from all around the world. In total, their database is supposed to contain the personal data of 2.4 million people. The analysts and experts in charge of processing the database have so far managed to recover and verify the data of 250,000 users. The case is a crystal-clear example of personal data abuse. And let’s not forget that this data, once collected en masse, is handed right over to the Chinese government, which openly admits to engaging in “hybrid and psychological warfare”. That’s the kind of actor that really shouldn’t have all of your personal details at their fingertips.

Zhenhua’s actions have clearly crossed a line: over 20% of its data was downloaded from sites that were not officially publicly accessible. In short, the company acted like an aggressive agent of a foreign power.

There is no doubt that a strong reaction is called for, but we have to get our own house in order as well. A whistleblower supplied the leaked OKIDB (Overseas Key Information Database) to Christopher Balding. Balding, in collaboration with Internet 2.0, an Australian security company, analysed the data and made it available to a consortium of global media outlets. In his report on the findings of the leaked data analysis, Balding points out that Western states failed in protecting their citizens’ privacy and maintaining security. I would just add one personal comment: taking care of our privacy and security is also up to every one of us.

When you realize the extent of the information Zhenhua collected on the citizens of other states, you can see the risks of misuse of personal data are truly grave. The monitored subjects included current and past politicians, businessmen, celebrities, diplomats, members of the security forces, and public and politically active figures, but also activists and rank-and-file employees of state organizations and private companies, as well as people with a criminal past and people currently serving a criminal sentence. Zhenhua also tracked the subjects’ relations and contacts, for example with family members, colleagues, or friends. In many cases, the database contained data on children, confirming that the Chinese surveillance machine will truly stop at nothing to accomplish its goals. I have already warned of this in my article on TikTok. 

Zhenhua (full name: Shenzhen Zhenhua Data Information Technology) has been collecting data since 2017. In most cases, processors handling such large volumes of data have to meet a number of demands to be in compliance with the relevant regulations. However, Zhenhua was no more concerned with these regulations than it was with the terms and conditions of the social networks it used to harvest its data. Its website (which has since been deleted) used to advertise the company’s services, which included using the analysis of the obtained data, as well as AI tools and other services for the purposes of hybrid warfare. It is likely that Zhenhua was involved in a number of hacker attacks and unauthorised access cases. Its database consisted not only of entries on natural persons, but also on organizations.

So far, the leaked database sample has been found to contain approximately 700 entries on Czech natural persons and legal entities. The list of Czech citizens under surveillance brings together such strange partners as President Miloš Zeman, the director of the Czech Security Information Service Michal Koudelka, Defence Minister Lubomír Metnar, and Senate Vice-President Milan Štěch, as well as lobbyist Ivo Rittig, the former director of the Czech oil company Čepro Tomáš Kadlec, and many other important figures and their children. Czech organizations that interested Zhenhua include foreign embassies, the Czech Police Academy, the Ministry of Health, the Czech Technical University in Prague, or the telecom operator O2.

China is clearly dead serious about exporting its digital totality beyond its borders, whether it be through Chinese security agencies or the services of its companies. We are facing an unrelenting information and cybernetic conflict, and unlike China, we are not prepared for it by far. It is therefore high time to open a serious debate on a shared cybersecurity strategy for the EU.

It is also equally important to start talking about how social media giants use our data.

Last but not least, we must all take a good look at our own habits. Do you really need to share every detail of your life and pictures of your children?

0 comments on “Zhenhua Data Leak: China’s efforts to rule the global digital world

Leave a Reply