KEY POINTS

  • A Chinese company was found to be profiling millions of individuals mostly using publicly available information
  • The database paid special attention to military targets and "politically exposed" individuals
  • The firm had aspirations of creating military-grade intelligence using public information, but experts are divided on how much of a threat they pose

A leaked database from a Chinese company revealed a massive effort to collect digital information profiling over 2 million people, including over 50,000 Americans. While it cast a wide net, the firm paid special attention to military targets and people who were of “special interest” or “politically exposed.”

The database was leaked from an unsecured online server owned by Shenzhen Zhenhua Data Technology to Christopher Balding, a professor on the Chinese economy who left Peking University citing personal security concerns. It appears to have been primarily created using public information from social media, supplemented with confidential data compiled into a "mosaic" of relevant facts. It scraped data from Twitter, Facebook, Linkedin, TikTok, criminal records, and news stories to compile profiles that included birthdays, relatives, addresses, political connections, and photographs.

Anna Puglisi, a former U.S. national counterintelligence officer for East Asia, characterized the database as an expansion of China’s already existing non-targeted data collection efforts. These tactics “fit into the much more holistic way that China goes about acquiring information. … Things like LinkedIn, social media - this seems like an evolution of that methodology.”

The database wasn’t entirely without focus, with some individuals branded as “special interest” or “politically exposed.” The term isn’t defined inside the database but includes former prime ministers, business leaders and journalists.

A Chinese policeman stands outside the US Embassy in Beijing on September 12, 2020, as Washington called new Chinese restrictions on its diplomats an 'escalation'
A Chinese policeman stands outside the US Embassy in Beijing on September 12, 2020, as Washington called new Chinese restrictions on its diplomats an 'escalation' AFP / GREG BAKER

It also paid extra attention to military targets, compiling information on naval ships such as the USS Dwight Eisenhower under their own tag for easy cataloging.

One post collected was a Facebook message from the USS George Washington pleading with military families not to post publicly about the ship’s destinations. Zhenhua was explicit about their military aspirations, with an executive of one of their partners saying in a speech that 90% of military-grade intelligence could be derived from open sources.

Many cybersecurity analysts remain unconvinced that the data is actually useful for military purposes. One who spoke to the Washington Post said Zhenhua’s claims were “totally aspirational. … There might be gold in there, but this is not something that’s useful enough for military or intelligence targeting.”

Balding remains worried. A post on his personal blog reads, “Reviewing the raw data, even Chinese 'experts' continue to radically underestimate the investment in monitoring and surveillance tools dedicated to controlling and influencing, not just its domestic citizens and institutions, but assets outside of China. … I am motivated by the concern that the scope of the authoritarian threat from Communist China remains poorly understood, by even many China experts. Hopefully, this provides some small evidence to their objectives and that we in open liberal democracies begin taking them seriously.”