Return to

July 7, 2022
Notes from the Pentagon

‘ChinaDan’ hacks Shanghai police files on 1 billion people

By Bill Gertz
An unidentified computer hacker successfully obtained a massive database from a police network in Shanghai, a database that includes records held by the security organization on an estimated 1 billion Chinese citizens.

The hacker, identified only by the handle “ChinaDan,” appeared on a hacker forum called BreachForums last week seeking to sell the police files. The information, about 23 terabytes of data, would be valuable to U.S. and Western intelligence agencies and was offered for sale by the hacker for 10 Bitcoin, or about $200,000.

ChinaDan stated that the database was gathered by the Shanghai police, and included sensitive information such as the addresses, mobile numbers, national ID numbers, ages and birthplaces of those on the list.

“In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many [terabytes] of data and information on billions of Chinese citizens,” the hacker stated on the forum.

The records also included billions of logs of phone calls to police from people reporting civil disputes and crimes.

According to CNN, more than two dozen entries from a sampling of 750,000 data entries from the database were verified as authentic.

The leak, which would rank as one of the largest data breaches in the world, triggered social media discussion inside China. Censors, however, quickly cracked down on any public mention of the apparent security breach.

The hacker who offered the information for sale stated that the database had been placed on a cloud server hosted by Alibaba Cloud, a subsidiary of the Chinese e-commerce giant Alibaba.

“As it stands today, I believe this would be the largest leak of public information yet — certainly in terms of the breadth of the impact in China. We’re talking about most of the population here,” Troy Hunt, a Microsoft regional director in Australia, told CNN. “It’s a little bit of a case where the genie is not going to be able to go back in the bottle. Once the data is out there in the form it appears to be now, there’s no going back.”

The records included cases from 2001 to 2019 ranging from civil to criminal cases, including fraud and rape, and is likely to provide Western cybersecurity and intelligence analysts valuable insights on how Chinese police and security services operate. The information was said to have come from the Shanghai government National Police Database.

It is not clear whether the leaked information belongs to the Ministry of Public Security, the national political police agency, or the Ministry of State Security (MSS), the civilian intelligence service.

Shanghai’s MSS bureau is focused on conducting operations against the United States and thus the information contained in the database would be useful for FBI and CIA counterspies engaged in tracking Chinese intelligence operations.

China steps up naval provocations near Japan
Chinese state media on Wednesday confirmed reports by the Japan Defense Ministry of increased Chinese military activity near Japan that appears aimed at pressuring a key U.S. ally in the region.

The Chinese Communist Party-affiliated outlet Global Times reported Japan’s ministry identified more than a dozen reports of People’s Liberation Army naval activities over the past month, including warships circumnavigating the main island of Japan and disputed territory between the two East Asian powers.

“The growing capabilities of the PLA navy will mean that such activities become routine, and their significance goes beyond just sending Japan warnings amid its right-wing provocations,” Global Times stated, noting the PLA navy is seeking to expand its operating range.

The Chinese warships in the most recent naval action were identified as a Type 815 electronic surveillance ship; the Type 055 large destroyer Lhasa; a Type 052D destroyer Chengdu; and a Type 903A replenishment ship Dongpinghu. A joint Chinese-Russian naval group also sailed around Japan in mid-June.

Global Times stated that waters around Japan are not considered far seas because of their proximity to China. The outlet said Tokyo has been “provoking China” through its support for Taiwan. The naval operations are meant to deter Japan, the outlet said.

Naval analysts note the provocative transits come amid increasing Chinese military pressure on other regional states, including Taiwan, Australia and nations bordering the South China Sea.

Prior to 2007, the PLA navy did not send any naval surface action groups outside the so-called “first island chain,” stretching from Japan south through the South China Sea. Each year after 2007, the PLA began sending warships regularly to the Philippine Sea and then returning them through the Miyako Strait to the East China Sea and back to Chinese ports.

By 2017, the warship action groups had been expanded into the western Pacific and Indian Ocean, and even to European waters.

One of the more provocative missions took place in 2015 when a four- or five-warship PLA naval group was sent into the Bering Sea inside the U.S. economic zone.

The dispatch of PLA warships near Japan since October 2021, including the recent circumnavigation, represents another major escalation of military pressure against Japan.

The Chinese naval activities are likely to speed up Tokyo’s military buildup, beginning as officials in Tokyo perceive a growing military threat from Beijing. Analysts say the Pentagon and the Hawaii-based U.S. Indo-Pacific command should also be taking note of the new Chinese military assertiveness.

State Department aims to counter China disinformation
A senior State Department official recently called out Chinese disinformation as a concern in the Indo-Pacific region.

“We are obviously all confronted by the PRC actively working to constrict, suppress and contort the free flow of information,” said Elizabeth Allen, undersecretary of state for public diplomacy, using the acronym for People’s Republic of China.

Ms. Allen, speaking at a conference in Hawaii, said technology and social media are allowing malign actors like China to precisely target people and spread disinformation on a global scale.

The State Department, through its public diplomacy officials at embassies and consulates, and at State headquarters in Washington, is working to combat both threats.

The key to countering disinformation is for the government to “tell the truth,” Ms. Allen said, noting that the tactic was used to expose Russian President Vladimir Putin’s pretext for the invasion of Ukraine and what the U.S. says is China’s genocide of the ethnic Uyghurs in China’s western Xinjiang region.

The U.S. government is seeking to shape the information environment around the world by promoting free media and free internet access, she said. The State Department also is trying to block China’s efforts to increase its influence in Southeast Asia and the Pacific islands.

“We know that the PRC has made gains, particularly in buying media and exercising exclusivity contracts with PRC media in those islands. And that we are at a disadvantage right now that we are certainly looking to make up,” Ms. Allen said.

Beijing has denied repressing the Uyghurs and has claimed its efforts to place more than 1 million Uyghurs in detention camps is for re-education.

The Biden administration recently imposed new restrictions on imports of goods from Xinjiang aimed at preventing the sale of any products made with forced labor.

Ms. Allen, who served in the Obama White House, made no mention of China’s disinformation regarding the origin of the pandemic.

China’s Foreign Ministry for the past two years has been promoting disinformation about the origins of COVID-19. Foreign Ministry spokesman Zhao Lijian, in particular, repeatedly accused the U.S. Army of developing and spreading the coronavirus behind the pandemic.

U.S. officials have denied the spokesman’s allegations and pointed to the Wuhan Institute of Virology as one possible origin of the virus behind COVID-19.

  • Contact Bill Gertz on Twitter via @BillGertz.

  • Return to