Spam calls and texts are rampant in China. According to a survey from the China Internet Association from 2016, internet users receive spam messages 20.6 times per week and harassing phone calls 21.3 per week.
Many netizens have complained of situations where they would search for something online and have a company call them to offer them the service or product they were searching for. In 2016, one of these cases has lead to the death of a young student. A college-bound student Xu Yuyu died of a cardiac arrest after funds her family had raised for her tuition fees were swindled in a telephone scam.
A new report from People’s Daily has shed light on the practice (in Chinese). Local police in Beijing’s Haidian district announced on December 5th that a large chain of hackers has been busted holding over 1 million pieces of information on Chinese citizens, including mobile phone numbers.
According to the police, some sites were implanted with special scripts, codes and hacker tools. Hackers took advantage of network operators’ vulnerabilities to access phone numbers, IP addresses, access time, search keywords and other information from users accessing mobile internet. The information was then sold to marketers, fraudsters, loan firms and even health and education companies.
The seemingly simple code hid a whole chain of personal information resellers divided into three layers, according to the Haidian Police Network Security Department statement to People’s Daily. The first layer was coders, the second was the website and the third layer was the middlemen bridging the two. Middlemen would buy codes for RMB 600 and resell it for RMB 1000 to websites. But websites couldn’t access the personal information themselves. The information was bought by the middlemen for RMB 0.8 to RMB 0.1 a piece and then sold for RMB 0.5 to RMB 1 a pop.
According to the Baidu’s Security Lab, such behavior is present at more than 40 000 websites while 27 service platforms have unauthorized access to more than 5000 mobile phone numbers. More than 5 million people daily are in danger of giving up information without consent.
However, personal information is not just in danger of hackers. In June, Chinese authorities uncovered that Apple employees were selling personal information from iPhone users. China’s new cybersecurity law that came into effect on June 1st has brought more stringent punishments for private information hacking.