18 MongoDB databases with accounts generated from multiple online social services in China were placed on the web ready to be plucked by anyone who knows where to look.
They appear to be part of a country-wide surveillance program that collects data related to profiles (names, ID numbers, and photos) along with GPS locations, network information, public and private conversations, and file exchanges.
Huge amounts of profile data processed daily According to Victor Gevers, a non-profit security researcher at the GDI Foundation, the program vacuums account information from six social platforms in China into one large database and links it to a real person or ID.
The researcher was unable to identify all messaging services by their commercial name, but published a list of identifiers. The researcher says the details of about 364 million profiles are processed daily and then synchronized with insecure operator MongoDBs at 18 locations. Police stations in cities or provinces are the parties at the end of the distribution chain.
Can anyone (from China) identify these Messaging services?
imsg <–…
qg <–…
qqmesg. <– https://t.co/AnxlLDLztf
wwmsg <–…
wxmsg <–…
yymsg <–…In China, they have a surveillance program on social networks which looks like a jerry-rigged PRISM clone of the NSA.
— Victor Gevers (@0xDUDE) 2 March 2019
Local law enforcement manually examines between 2,600 and 2,900 messages and profiles organized in tables named by the day they were created to make progress easier to check.
From one of the intelligence streams, it is clear that the data triggered by specific events is aimed at police stations identified by numerical codes In the weekend’s Twitter thread, Gevers says that most of the conversations monitored are typical of teenagers. It’s unclear at the moment what words trigger the authorities ‘ attention.
For an unspecified period of time, the databases remained accessible online and their operators could not be identified. However, Gevers reported the exposure to ChinaNet Online Internet Service Provider, hoping they could pass the word to the handlers. Only one server remained open after the disclosure.
Although monitoring conversations with Internet users is common practice in China, It seems they don’t know what they’re doing, “the researcher told us. Chinese surveillance is a common media topic, and the country has made remarkable progress in the field, but the way they have implemented technology shows that securing information at all levels of access is an area that requires special attention.
Cyber criminals from any country gaining access to the type of information collected through the monitoring program could use it easily for anything on their agenda.
