Since 2017, a small Chinese company called Shenzhen Zhenhua Data Technology has been mass gathering snippets of internet data from prominent military and political leaders, including U.S. leaders, according to a new report by the Washington Post.
The Post reported the Chinese computer data firm has stored information gleaned from more than 2 million people, including at least 50,000 Americans and tens of thousands of people who hold public positions, including military leaders. According to the company’s marketing material, obtained by the Post, Zhenhua stores that information in Overseas Key Information Database (OKIDB), which it purports to use to offer clients insights into foreign political, military and business figures as well as details about a countries’ infrastructure and its military deployments and public opinion analysis.
The Guardian reported Internet 2.0, a cybersecurity consultancy based in Canberra, Australia, was also able to catalog the records of about 250,000 people from the OKIDB database after a leak of the Zhenhua data.
According to the Post, the OKIDB database includes, “Biographies and service records of aircraft carrier captains and up-and-coming officers in the U.S. Navy. Real-time tweets originating from overseas U.S. military installations. Profiles and family maps of foreign leaders, including their relatives and children. Records of social media chatter among China watchers in Washington.”
The information collected in the OKIDB is, however, pulled from publicly available accounts.
Robert Potter, the co-founder of the Canberra-based firm Internet 2.0, said Zhenhua’s collection of publicly available information was particularly “ambitious” and the information could prove “hugely valuable” to an intelligence organization.
According to an image of the OKIDB software, obtained by Potter, the user interface for the database shows tweets posted from U.S. military installations laid over a map with time stamps. A database search of former acting secretary of the Navy Thomas Modly displayed the names of his wife and four children, his educational and private-sector background and had a field next to his name for a psychological profile, which in this example was filled with a generic placeholder.
While Zhenhua does not specifically say its OKIDB database is used by the Chinese government, its marketing materials describe the firm as a patriotic company with the military as its primary target customer. Among its corporate partners, Zhenhua lists big-data firms TRS, Huarong, and the state-owned enterprise subsidiary Global Tone Communication Technology.
It is unclear what value Zhenhua’s clients may be able to glean from the data, scraped from publicly available information.
“There might be gold in there, but this is not something that’s useful enough for military or intelligence targeting,” said one U.S. government cybersecurity contractor, who spoke to the Post on condition of anonymity.
Vast data harvesting methods have, in the past, prompted concerns about the ability of foreign powers to glean useful information from seemingly harmless data. In 2018, the GPS-enabled fitness apps raised concerns foreign powers could analyze the fitness apps to map the locations of government spies and military personnel working in sensitive locations.
“We know the Chinese Communist Party seeks to promote bulk data collection now, with the intent that the ability to process and use it will follow in the future,” Samantha Hoffman, a researcher at the Australian Strategic Policy Institute’s Cyber Center, told the Post. “This data set proves that they’re targeting individuals and that social media is an important tool.”
Christopher Balding, an independent researcher, warned the Post that, “Open liberal democracies must consider how best to deal with the very real threats presented by Chinese monitoring of foreign individuals and institutions outside established legal limits.”
Responding to a request for comment by the Guardian, a representative for Zhenhua said the reporting about the company is “seriously untrue.”
The Zhenhua representative said, “Our data are all public data on the internet. We do not collect data. This is just a data integration. Our business model and partners are our trade secrets. There is no database of 2 million people.”
The data firm’s representative also denied any direct ties to the Chinese government and said, “We are a private company. Our customers are research organizations and business groups.”