China's huge state surveillance system has developed into a double-edged sword. Designed to track more than one billion citizens with unprecedented precision, it has inadvertently fueled a thriving black market.
Insiders working within government agencies and state contractors are selling access to sensitive citizen data to the highest bidders, exposing cracks in the country's security system.
The Underground Market in Data Leaks
SpyCloud, a cyber security firm, reported that the services running their operations on Telegram openly sell the private information collected from government agencies. According to WIRED's report, operations hire insiders within surveillance agencies and other private contractors who offer huge financial rewards.
For a few dollars in cryptocurrency, buyers can fetch phone numbers, banking records, traveling details, and even location data. Premium search operations costing hundreds of dollars promise sensitive information including passport scans and real-time location data.
"China has created this massive surveillance apparatus," SpyCloud researcher Aurora Johnson tracked how surveillance data reaches the black market.
"And ordinary individuals find themselves working in a system where there's not much economic and social mobility and where they have unfettered access to these databases of information based on their jobs in government or at technology companies. So they're abusing that access, in many cases by stealing data and selling it in criminal marketplaces."
The 'Social Engineering Libraries'
Some vendors call themselves "social engineering libraries." Those, which include Carllnet, DogeSGK, and X-Ray, operate on a credit points system where users pay using cryptocurrencies or at-home solutions like Alipay. Those paid credits grant searches by phone number and username on QQ, WeChat, and Weibo Chinese Social Media.
These services not only make use of already compromised databases but actively recruit insiders with access to restricted information. Posts on Telegram even explicitly seek employees from public security, civil affairs, and state telecom companies with daily payments as high as $10,000.
Corruption and Economic Temptation
The rampant sale of surveillance data highlights systemic corruption in China's public sector. With average annual salaries hovering around $30,000, the promise of earning a third of that amount in a single day is a strong lure for insiders.
Implications of Insider Breaches
SpyCloud's research laid bare the scale of the problem. Researchers even sought data on Chinese leaders and cybersecurity vendors. The researchers were able to recover contact information such as phone numbers, emails, and even car registration records.
Some services boast that they avoid data from government officials and celebrities. However, researchers discovered ways around it to access such information.
The Surveillance Dilemma
China's centralized surveillance system has been a tool to maintain control. However, it was meant to be used against the very agencies that created it. As those with access monetize it, the boundaries between watcher and watched blur.
"It's a double-edged sword," SpyCloud researcher Kyla Cardona said. "This data is collected for them and by them. But it can also be used against them."
The unperturbed proliferation of surveillance systems leaves China in a paradox: a government that is looking to secure data and fight against corruption within its ranks.
We have no control over these insider leaks, but it's concerning enough for us to take care of our online data. There's a need for transparency as to how government agencies utilize them in China.
