The long-rumoured espionage project of the Chinese government set up to collate masses of sensitive data from nation-state cyberattacks into a searchable database has been exposed by an insider who claims to have helped build the system.
According to the source, who spoke to The Epoch Times on condition of anonymity for fear of reprisal from the Chinese Communist Party (CCP), the government brought in a small group of 'independent software developers' from the US to work alongside China's security services to build and implement the project – reportedly finished in July 2013.
Additionally, the contact revealed that one of the main functions of the system is to gather information from people both inside and outside of China for use in criminal trials. However, it is reportedly now being used to store massive amounts of data acquired from data dumps and cyberattacks. The US government, for example, has been hit with a slew of attacks within the last year resulting in the loss of millions of federal and civilian credentials. In many of these incidents, US officials have pointed towards China as the culprit.
What could the secret database be used for?
Yet concern is growing that such a database system has far-reaching implications for the capabilities of Chinese espionage. As the source outlined, information in the database could be used for a slew of malicious purposes including the blackmail of government employees, recruiting insider spies and the creation of a mass surveillance tool to monitor targets from around the globe.
The system is said to be used against targeted suspects both inside and outside of Chinese borders and, according to the insider, one of the main organisations involved in the project is the notorious '61 Unit' which has previously been linked to the hacking division of the People's Liberation Army (PLA).
Yet the creation of such as database will come as no surprise to global security services which have long hinted that such a system was in place. Indeed, following the massive breach at the US Office of Personnel Management (OPM) last year, a US official told The Washington Times: "This is part of [the Chinese government's] strategic goal — to increase their intelligence collection via big-data theft and big-data aggregation. It's part of a strategic plan."
For its part, the Chinese government has consistently refuted allegations that it conducts invasive cyber-espionage activities. "We wish the United States would not be full of suspicions, catching wind and shadows, but rather have a larger measure of trust and cooperation," said Chinese Foreign Ministry spokesman Hong Lei after his country was accused of hacking US targets.
The rising tension was temporarily quelled last year following high-profile cybersecurity talks between the Chinese and US governments, however many security experts believe this will do little to properly address the scope of online espionage and theft of intellectual property in the future – from both sides.
And indeed, it will be difficult for any major government to properly condemn Chinese dataset collection as every country conducts the same activity – especially those in the Five Eyes cyber partnership agreement which boast the most sophisticated technology and intelligence sharing apparatus. The UK's major spy agency GCHQ, for example, was recently caught up in controversy amid claims that it routinely collects so-called 'bulk personal datasets'. These lists, which hit the headlines during the Parliamentary scrutiny into the draft Investigatory Powers Bill, are said to include sensitive information like NHS hospital records, credit card information, passport records and election data of UK citizens not suspected of committing any crime.