An extraordinary data leak has revealed the names of 779 Finns on a watch list compiled by a technology firm said to have close ties to the Chinese government.
Data leaked from Shenzhen city-based technology firm Zhenhua Data revealed a database that originally contained the personal information of 2.4 million influential persons, private citizens and institutions in the west.
The data dump was first passed on to US professor Christopher Balding, who in turn handed it over to Australian cyber security firm Internet 2.0 for analysis.
According to the Australian Broadcasting Corporation, ABC, the Chinese Army and the Chinese Communist Party are among Zhenhua Data’s most important clients.
Daily Helsingin Sanomat first reported the story in Finland.
Three categories of individuals
Yle has seen the list of Finns named in the database, which divides the individuals into three categories: influencers, influencers’ inner circles and individuals of special interest.
The data trove lists 250 Finnish influencers (Politically Exposed Persons), including leading politicians such as present-day ministers. It also names socially influential people, such as Finnish security police employees.
The largest category of Finns includes people who are close to political influencers (Relative or Close Associate) and numbers 523.
The third group, Special Interest Person, has just 26 names and includes many individuals involved in organised crime.
The leaked database originally contained a total of 2.4 million names. Internet 2.0 was able to restore 250,000 or just about 10 percent of the original content. It is therefore possible that there are more than the 799 Finnish names already revealed.
Data harvested from social media
Personal data of the persons featuring in the database appear to have been culled from open sources such as social media. The sources include Twitter, Facebook, Instagram and LinkedIn. News articles were also used as sources.
The database likely represents the largest known data leak from China. Cyber security firm F-Secure’s data security expert Mikko Hyppönen described the leak as extraordinary.
"The fact that Chinese powers are collecting this kind of data is not surprising. However, the fact that it was leaked is extraordinary," Hyppönen said.
"Usually, intelligence data is largely based on public information and combining sources. This also seems to be the case here," he added.
The bulk of the database is devoted to Americans, Australians and British individuals. Internet 2.0 was able to restore 52,000 American names, while the corresponding number for Australians and Britons was 35,000 and 10,000 respectively. Meanwhile 752 Danes and 712 Norwegians appear on the list.
Others on the list include nationals of Indonesia, Malaysia, New Zealand and Papua-New Guinea.
Personal data, psych profiles, criminal records
The database gathers individuals’ personal information, such as date of birth, address, marital status, photographs, political affiliation, and names of relatives. Much of it was sourced from social media channels.
According to ABC, analysts also found confidential information such as bank data, job applications, psychological profiles and criminal records. ABC reported that some of the information was believed to have been sourced on the dark web.
Meanwhile Balding described the database as an international "mass surveillance operation" that combined public information with profiles for private individuals and organisations. Balding previously worked in China but reportedly left over security concerns and returned to the United States via Vietnam.
He described the data leak as "astonishing" and said that international analysts have long downplayed the efficiency of China’s intelligence machinery. He added that the world is only now beginning to understand how much China invests in intelligence and influence campaigns.
Chinese tech firm denies database
UK daily The Guardian obtained a comment from a representative of the alleged owner of the database, Zhenhua Data.
A representative said to be a commercial manager by the name of Sun denied that the firm had a database containing more than two million names.
Sun said that all of the information that the firm owns is publicly available online and that the firm does not collect data.
The woman also denied that the company had any ties to the Chinese administration. However, she admitted that the firm has some kind of database of foreign individuals.