Hundreds of Millions of Chinese Chat Logs Leak Online (ft.com)

← Back to Stories (view on slashdot.org)

Hundreds of Millions of Chinese Chat Logs Leak Online (ft.com)

Posted by msmash on Monday March 4, 2019 @04:00AM from the privacy-woes dept.

Hundreds of millions of private chat logs from Chinese users have been left exposed on the internet, a researcher has found, in another worrying case of weak data protection in China. Financial Times reports: Victor Gevers, a security researcher at the cyber-security organisation GDI Foundation, said that he had found a database of 364m records [Editor's note: the link may be paywalled; alternative source.], containing social media profiles and chat logs linked to names and identity card numbers.

The database was freely accessible online to anyone who searched for its IP address, and user profiles were stored together with photographs, addresses and locations, said Mr Gevers. The main database was piping data to 17 other servers depending on which area the data came from, Mr Gevers said. [...] A large number of the records had the names and addresses of web cafes on them. Chinese cyber-security experts have long warned that web cafes collect vast amounts of customer data.

41 comments

Min score:

Reason:

Sort:

May be paywalled? by Anonymous Coward · 2019-03-04 04:06 · Score: 0

C'mon. It IS paywalled. Just because you pay to get through the paywall doesn't mean it isn't paywalled. It just means that you have paid to get through the wall.
This is true of every. single. article. you link that is also paywalled.
1. Re: May be paywalled? by Anonymous Coward · 2019-03-04 04:08 · Score: 0
  
  Its slashdot. Would you expect anything less?
2. Re:May be paywalled? by nospam007 · 2019-03-04 04:16 · Score: 0
  
  "This is true of every. single. article. you link that is also paywalled."
  He works in the subscription department of the Financial Times, it's an ad.
3. Re:May be paywalled? by msmash · 2019-03-04 04:21 · Score: 5, Insightful
  
  Hi, Financial Times, The Wall Street Journal, The New York Times, The Washington Post, and The New Yorker maintain a metered paywall, allowing users to read a certain number of articles at no cost. Once you have read the "free/sample" articles, you are required to pay for the subscription. The reason why we mention a link might be paywalled is because there is a chance that some readers won't be asked to pay for it when they click on the source link. [More context: Some outlets let you read an article for free if you visit their links in incognito mode, or if you tapped their link on Twitter or other platform. Disclaimer: Like other news aggregators that rely on news from a number of sources, we don't condone breaking paywall of a news outlet. We use an excerpt or two from their stories, and in return, send them some traffic.] This is in contrast to some other news outlets like say The Information, which has a hard paywall, that requires you to absolutely pay for content if you want to read an article there. If we link to The Information, we will 100 percent mention that the link is paywalled. And if you look at some of the stories we have covered that The Information broke, you will see that we have instead linked to other news outlets that rewrote The Information's stories. We try not to link to any paywalled outlet unless there is no alternative source available, in which case we have limited choice. Sometimes an alternative source is available but the story might be riddled with factual errors or too many grammatical mistakes, in which case, we again resort to the paywalled outlet. In any case, we try to link to an alternative source as well, which would not charge readers whenever that is possible.
4. Re:May be paywalled? by Oswald+McWeany · 2019-03-04 04:36 · Score: 3, Funny
  
  C'mon. It IS paywalled. Just because you pay to get through the paywall doesn't mean it isn't paywalled. It just means that you have paid to get through the wall.
  This is true of every. single. article. you link that is also paywalled.
  This is Slashdot.
  You're not supposed to actually read the article.
  
  --
  "That's the way to do it" - Punch
5. Re:May be paywalled? by Rosco+P.+Coltrane · 2019-03-04 04:39 · Score: 1
  
  That's the difference between the crypto-dictatorial regimes in communist China and in capitalist America: in the former, sites are police-firewalled. In the latter, they're paywalled. In both cases, there's a fucking wall.
  
  --
  "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
6. Re:May be paywalled? by Anonymous Coward · 2019-03-04 04:59 · Score: 0
  
  I think you responded to a guy that just came here to empty his piss pot. I would mod you informative if I could.
7. Re:May be paywalled? by Anonymous Coward · 2019-03-04 12:26 · Score: 0
  
  C'mon. It IS paywalled. Just because you pay to get through the paywall doesn't mean it isn't paywalled. It just means that you have paid to get through the wall.
  This is true of every. single. article. you link that is also paywalled.
  Weirdly enough, they also don't mention that you need an internet connection.
8. Re:May be paywalled? by tepples · 2019-03-04 14:41 · Score: 1
  
  Once you have read the "free/sample" articles, you are required to pay for the subscription.
  I think AC's point is that WSJ has zero "'free/sample' articles".
9. Re:May be paywalled? by Anonymous Coward · 2019-03-04 22:27 · Score: 0
  
  you have paid to get through the wall
  Not necessarily. Sometimes you just have to use the right browser extensions. On some paywalled sites enabling browser privacy has the effect that they can't limit the number of free articles you get. Other techniques are proxies, google cache, web archives, sci-hub. I'm for citing the original source even if access to it may be restricted, unless there's an equivalent replacement.
Not us! by guygo · 2019-03-04 04:13 · Score: 0

And Huawei wants the world to believe they'd NEVER collect data for the government. Yeah, sure.
1. Re:Not us! by Freischutz · 2019-03-04 04:31 · Score: 0
  
  And Huawei wants the world to believe they'd NEVER collect data for the government. Yeah, sure.
  Where did Huawei ever come into this discussion? Huawei was never mentioned here or in TFA until you brought it up. This looks like some kind of social media rig-up that streams data to local police for manual inspection. Whatever Huawei is doing, it had no part in this that I can see. Basically this operation is a similar but somewhat less advanced version of what the USA's very own NAS is doing in the US, and everywhere else they can get away with it, i.e. the wholesale warehousing of online data in order to spy on the citizenry in a way that even George Orwell was unable to conceive of.
2. Re: Not us! by guygo · 2019-03-04 04:46 · Score: 3, Informative
  
  Every Chinese corporation (Huawei being a big one) with an internationally-facing department - most especially those that handle information transfer - are part of the government's data-collection system. It's the law there. To think they're not collecting and reporting is the height of naivete.
3. Re: Not us! by Freischutz · 2019-03-04 05:19 · Score: 0
  
  Every Chinese corporation (Huawei being a big one) with an internationally-facing department - most especially those that handle information transfer - are part of the government's data-collection system. It's the law there. To think they're not collecting and reporting is the height of naivete.
  Maybe they are but the onus is on you to prove it, so where is the proof that Huawei is responsible for this or that is guilty of your accusation that they are fuelling international customer data to the Chinese government? ... and please try to do better than a link to some right-wing blog where some blowhard is expressing an opinion. People keep telling me things like:
  
  "To think they're not collecting and reporting is the height of naivete.
  ... but when one asks for the proof all one gets is this: https://youtu.be/hsPtqjwcMxc. It seems that if you are going to accuse somebody of something it is not unreasonable for you to provide hard proof.
4. Re: Not us! by houghi · 2019-03-04 05:40 · Score: 1
  
  This is not limited to Chinese companies. All companies pperating in Chine falls under Chinese laws that require access to the data.
  Huawei is not an exception. Naming them does not add anything.
  
  --
  Don't fight for your country, if your country does not fight for you.
5. Re: Not us! by Anonymous Coward · 2019-03-04 06:06 · Score: 0
  
  No, China apologist faggot, the ONUS is on your faggot ANUS to prove it isn't so. Huawei has been caught half a dozen times publicly and you're a retard for pretending otherwise. Google it or don't.
  You have no proof that they didn't and there's plenty on the record saying they did. Stop being a moron.
6. Re: Not us! by gtall · 2019-03-04 06:06 · Score: 1
  
  Freishutz: Hello, Chinese Government/Communist Party?
  CG/CP: Yes.
  Freishutz: We here on Slashdot would like hard proof that Huawei either is or is not providing you with information. Please post it here.
  CG/CP: Sure thing, Boss, we gonna get right on that...errrmm...just as soon as we have another Party Congress and can establish its place in a new 5 year plan. The new 5 year plan should be available in around 15 years. Can you wait?
  Freishutz: Yup, sure, we trust you.
7. Re: Not us! by guygo · 2019-03-04 06:08 · Score: 1
  
  It may not be unreasonable to you, but I really don't care about what you find reasonable or not. Really, I don't give a whit. I am not at trial, I am expressing an opinion and therefore am under no obligation to prove or disprove anything, all of which is still legal in the US at this time. I provide no link to any "right-wing blog" yet you make a point of accusing me of such; sounds like you're the one with a prejudice/censorship problem. So perhaps you can absorb that the opinions expressed by the posters are theirs and do not indicate anything other than their opinions; perhaps not. One thing I know for sure, I don't have to "prove" anything to you.
8. Re: Not us! by Spamalope · 2019-03-04 06:38 · Score: 1
  
  How about find all of the Huawei employees logged and add a few things. Like chatting about the Tienanmen square massacre and that they're organizing a protest about it. In fact, with all the other breaches it'd be fun to add things like that for a random selection of party members. Free Tibet, party takeover plans etc.
9. Re: Not us! by guygo · 2019-03-04 06:48 · Score: 1
  
  be sure to liberally spread "Winnie the Pooh" throughout the logs...
10. Re: Not us! by Anonymous Coward · 2019-03-04 07:20 · Score: 0
  
  Huawei is additionally owned by the Chinese Communist Party and run by a former military propaganda faggot.
11. Re: Not us! by Freischutz · 2019-03-04 09:14 · Score: 1
  
  It may not be unreasonable to you, but I really don't care about what you find reasonable or not. Really, I don't give a whit. I am not at trial, I am expressing an opinion and therefore am under no obligation to prove or disprove anything, all of which is still legal in the US at this time. I provide no link to any "right-wing blog" yet you make a point of accusing me of such; sounds like you're the one with a prejudice/censorship problem. So perhaps you can absorb that the opinions expressed by the posters are theirs and do not indicate anything other than their opinions; perhaps not. One thing I know for sure, I don't have to "prove" anything to you.
  So, where is your proof? Having trouble finding any? Because your entire post contained only this: https://youtu.be/hsPtqjwcMx
  
  I really don't care what accusations you pull out of your rectum and hurl around like an angry chimp until you can prove them ... so pony yup or shut up.
12. Re: Not us! by Freischutz · 2019-03-04 09:17 · Score: 1
  
  Freishutz: Hello, Chinese Government/Communist Party?
  CG/CP: Yes.
  Freishutz: We here on Slashdot would like hard proof that Huawei either is or is not providing you with information. Please post it here.
  CG/CP: Sure thing, Boss, we gonna get right on that...errrmm...just as soon as we have another Party Congress and can establish its place in a new 5 year plan. The new 5 year plan should be available in around 15 years. Can you wait?
  Freishutz: Yup, sure, we trust you.
  Oh, my, you accused me of being a communist ... *thud* ... *thud* ... *thud* ... your words, given weight by your awesome wit and oratory skill, pierce my should like arrows.
13. Re: Not us! by Anonymous Coward · 2019-03-04 09:28 · Score: 0
  
  You are ... not really playing with a full deck of cards, are you?
  https://www.wsj.com/articles/two-china-tech-titans-wrestle-over-user-data-1501757738
  It's not even a question anymore that Huawei is trying to do whatever it can to become the top cellphone maker in the world (the above is just an example of its practices in China).
  If you think western companies are bad at tricking people into giving up their data, it is nothing compared to what Huawei does.
14. Re: Not us! by guygo · 2019-03-04 09:32 · Score: 1
  
  HAHAHAHA. You REALLY don't understand how this stuff works, do you? I will say again, I don't have to prove anything to you. And I'll be damned if I'll click a malware link presented to me by a troglodyte. Go suck your thumb and pound sand, little man. You and your "My way or the highway" attitude gets you nowhere around here.
15. Re: Not us! by Freischutz · 2019-03-04 10:20 · Score: 1
  
  You are ... not really playing with a full deck of cards, are you?
  https://www.wsj.com/articles/two-china-tech-titans-wrestle-over-user-data-1501757738
  It's not even a question anymore that Huawei is trying to do whatever it can to become the top cellphone maker in the world (the above is just an example of its practices in China).
  If you think western companies are bad at tricking people into giving up their data, it is nothing compared to what Huawei does.
  Firstly that site is paywalled and linking to it is downright rude. Secondly what little the paywall didn't hide is:
  
  To build its AI capability—so that its phones can, say, make restaurant suggestions based on a user’s text messages—Huawei Technologies Co. is collecting user-activity information on its advanced Honor Magic smartphone. Among the information captured: text messages sent using the popular WeChat social-media app.
  
  That is a pretty accurate description of what Google, Facebook, Twitter, Pinterest, and a whole legion of US sites are doing as well. We all know this and have known for a long time, it is standard practice in the US so why should it not be standard practice in China. However, this still does not constitute proof that Huawei is spying on its customers on behalf of the Chinese Government. In fact a number of European countries just sent their intelligence services off to investigate whether Huawei is spying for the Chinese government and they came up with **ZIP**, but do try again if you think you can out do them. Again, I am perfectly open to the eventuality that Huawei is spying on behalf of the Chinese Govt. and thereby risking complete ruin and bankruptcy that fact gets out but please provide us with more proof of this than just an opinion you pulled out of your ass.
Doesn't matter by nospam007 · 2019-03-04 04:17 · Score: 1

6 billion people can't read it, it's in Chinese.
1. Re:Doesn't matter by Oswald+McWeany · 2019-03-04 04:38 · Score: 1
  
  6 billion people can't read it, it's in Chinese.
  I'm sure most of it is mundane chatter anyway with out anything interesting to most people. Just millions of people saying "I'm hungry, but I just ate lunch."
  
  --
  "That's the way to do it" - Punch
2. Re:Doesn't matter by Anonymous Coward · 2019-03-04 05:59 · Score: 0
  
  I was going to say that.
no data - no cry! by kiviQr · 2019-03-04 04:18 · Score: 2

You are worrying about "weak data protection" but not about fact that data is collected!? Stop collecting then you will not have to worry!
1. Re:no data - no cry! by epine · 2019-03-04 10:09 · Score: 1
  
  Stop collecting then you will not have to worry!
  There goes the entire birth control industry in a giant, ugly puff of logic.
Who Cares by Anonymous Coward · 2019-03-04 04:18 · Score: 0

They don't believe in privacy or human rights, why should this matter? Don't chinese assume the government reads everything they say?
1. Re: Who Cares by Anonymous Coward · 2019-03-04 06:08 · Score: 0
  
  "They don't believe in privacy or human rights, why should this matter? Don't chinese [sic] assume the government reads everything they say?"
  It matters to those who have a beef with the Chinese government, and there are plenty of those in a country of 1.4 billion people. Why do they call their leader Winnie The Pooh? Because they like him? Hardly. They have to talk in code over public media.
  Why does privacy matter in China? Because they don't want to be incarcerated for what they say online, and have their organs harvested while they are still alive, and their hearts are still beating. It is very difficult for an opposition party to get organized in China because of the government's oppressive control over their citizens.
  This article gives us a taste of the kind of surveillance that the Chinese government carries out over citizens of other countries, like the United States. They want to identify who supports Winnie The Pooh overseas as well as domestically.
  The researcher who reported to the Chinese government in this case should be tried for treason for helping out a foreign government, the Peoples Republic of China.
Reconcile this for me... by Anonymous Coward · 2019-03-04 04:21 · Score: 0

In a country known to monitor as much as possible about their citizens, it can be reasonable to expect chats are monitored.
If you expect chats are monitored, is there any longer an expectation of privacy?
If there is no expectation of privacy, are release of chat logs really a breach, or even surprising?
"searched for its IP address" by Anonymous Coward · 2019-03-04 05:01 · Score: 0

IOW, if you happened to know the IP address you could use it to contact the database. No need to "go search for it", just feed it to the right database software.
So that sentence really doesn't tell you anything other than "unsecured database connected to the 'net", and so we're back to the usual case where "security researchers" tell you diddly squat but do their level best to scare you with as little actual information as possible. (And msmash lapping it up as if it was Reallly Important News.)
But let's be real now. This is not a problem, since these are Chinese chatlogs. That means they've been vetted by the government and were not deleted. Therefore they're not objectionable, and so their leaking cannot be a problem. Right?
Official Obligatory Anti-PC Troll Response: by Tablizer · 2019-03-04 05:54 · Score: 1

A million lines of, "Oh Wei, I love you long time!"

--
Table-ized A.I.
no problem by bill.pev · 2019-03-04 06:54 · Score: 0

... not a single one of those people should be concerned, unless of course he or she has broken the law!
1. Re:no problem by Anonymous Coward · 2019-03-04 13:55 · Score: 0
  
  And more and more laws will keep being passed.
Why do they monitor gamers? by Mojo66 · 2019-03-04 09:27 · Score: 1

From Gevers Twitter:

It is most likely that this system is only for tracking gamers as most of the sample dialogs appears to be about this subject.
Can someone, maybe from China, come up with a good explanation why they seem to have such a particular interest in gamers?
1. Re:Why do they monitor gamers? by guygo · 2019-03-04 12:54 · Score: 1
  
  Perhaps there is a correlation with how much time they spend online vs other demographics.
Taking a dim(sum) view by Anonymous Coward · 2019-03-04 10:33 · Score: 0

Are there any subtitles?