Recent arrests show increased sophistication of illegal data brokers in China

Oct 11, 2018

Police from Wuxi, Jiangsu Province have uncovered a sophisticated network of underground data brokers trading personal information to the tune of RMB 1 million a day.

According to local media, police have arrested 113 individuals that form part of the network. The group shows how criminals are building complex operating structures to avoid being caught.

The sources of personal data include hackers and others who use deception to encourage individuals to expose their personal details. Most worryingly, the sources are also corporate personnel who steal the data. These corporate players have access to vast amounts of data that would otherwise be unattainable, including that of consumption and insurance.

However, it is the organizational structure of the network that is of most interest. The group is distributed across China and abroad—the investigation led police to Guanxi, Hunan, Shanxi, Anhui, and Myanmar.

There is also a complex web of middlemen. Customers contact the lower tier middlemen and provide them with an individual’s basic information, including names and phone numbers. After payment is made, these details are passed up a chain of other intermediary parties, landing up at those close to the source of the information. Sources can then provide location data, bank balances, credit information, property details, and familial information.

Information that has been obtained is used for activities including communication network fraud, taking out microloans, and violent debt collection.

According to a representative at Wuxi’s Public Security Bureau, the network trades hundreds of thousands of pieces of personal information, and the number of people and the complexity of their distribution and organization is rare. The middlemen, which form the backbone of the operation, are also moving overseas—particularly to countries in Southeast Asia—to avoid capture and punishment.

Despite increasingly strict regulations and standards to protect personal information, it is still widely available. In the past year alone, numerous high-profile data breaches have made headlines. From Apple employees stealing iPhone user data to hackers taking advantage of mobile network vulnerabilities, personal data is chronically being targeted.

This information has also become extremely cheap. Earlier this year, an investigation found that personal data from food delivery platforms was up for sale for as little as RMB 0.1o. Suppliers got the information by using software to siphon off the data from the delivery systems.