Ministry of State Security revealed three data security breaches

A foreign spy agency hacked multiple Chinese airlines.

China’s Counter-Espionage Law 《中华人民共和国反间谍法》 was adopted on November 1, 2014. On the eve of its seventh anniversary, the Ministry of State Security 国家安全部 revealed three cases that it described as having "jeopardized the security of important data, aiming to further raise the society's awareness on non-traditional security, thus the public can jointly maintain national security."

Several days have passed but that has yet to make it into English-language news.

Whereas the U.S. and other western security sources are not infrequent contributors to Western media reports on China, usually detailing what’s described as Chinese influence, threats, espionage, or hacking, the same simply can’t be said of this side. Also, press content with those intelligence sources is almost always quite prominent in the news. With that in mind, your Pekingnologist believes the information on specific cases from the Chinese Ministry of State Security should be interesting as well.

Also, the three cases are about data, one of the hottest topics in the discourse revolving around intelligence these days. Plus, they are described with quite some details, though key information such as the specific foreign government is not available. That, alas, would have instantly launched breaking news.

Without further ado, below are translated from a Xinhua report in Chinese entitled 国家安全部公布三起危害重要数据安全案例 Ministry of State Security disclosed three cases where data security was jeopardized, released on Oct. 31, 2021.

案件一:某航空公司数据被境外间谍情报机关网络攻击窃取案

  2020年1月,某航空公司向国家安全机关报告,该公司信息系统出现异常,怀疑遭到网络攻击。国家安全机关立即进行技术检查,确认相关信息系统遭到网络武器攻击,多台重要服务器和网络设备被植入特种木马程序,部分乘客出行记录等数据被窃取。

  国家安全机关经过进一步排查发现,另有多家航空公司信息系统遭到同一类型的网络攻击和数据窃取。经深入调查,确认相关攻击活动是由某境外间谍情报机关精心谋划、秘密实施,攻击中利用了多个技术漏洞,并利用多个网络设备进行跳转,以隐匿踪迹。

  针对这一情况,国家安全机关及时协助有关航空公司全面清除被植入的特种木马程序,调整技术安全防范策略、强化防范措施,制止了危害的进一步扩大。

Case 1: An airline’s data was stolen by a foreign spy agency via cyberattacks

In January 2020, an airline reported to State Security organs that the company’s information system had seen an anomaly and they suspected a cyberattack. The State Security organs immediately conducted a technical inspection and confirmed that relevant information systems had been attacked by cyber weapons. Multiple important servers and network equipment were implanted with special Trojan horse programs. Some passengers’ travel records and other data were stolen.

After further investigation, the State Security organs found that many other airlines’ information systems were subjected to the same type of cyber attack and data theft. After thorough investigation, it was confirmed that the relevant attack activities were carefully planned and secretly carried out by a foreign spy agency, which took advantage of multiple technical loopholes and used multiple network devices to hide its trace.

In response to this situation, the State Security organs promptly assisted relevant airlines in removing the implanted special Trojan horse programs, adjusted technologies and strategies to safeguard security, strengthened prevention measures, and ultimately prevented further expansion of the damage.

案件二:某境外咨询调查公司秘密搜集窃取航运数据案

  2021年5月,国家安全机关工作发现,某境外咨询调查公司通过网络、电话等方式,频繁联系我大型航运企业、代理服务公司的管理人员,以高额报酬聘请行业咨询专家之名,与我境内数十名人员建立“合作”,指使其广泛搜集提供我航运基础数据、特定船只载物信息等。办案人员进一步调查掌握,相关境外咨询调查公司与所在国家间谍情报机关关系密切,承接了大量情报搜集和分析业务,通过我境内人员所获的航运数据,都提供给该国间谍情报机关。

  为防范相关危害持续发生,国家安全机关及时对有关境内人员进行警示教育,并责令所在公司加强内部人员管理和数据安全保护措施。同时,依法对该境外咨询调查公司有关活动进行了查处。

Case 2: An overseas company that provides consulting and investigative services secretly collected and stole shipping data

In May 2021, the State Security organs discovered that an overseas consulting and investigative company frequently contacted the managers of China’s major shipping companies and those of agency service companies via the Internet, phone, and other means. This company also established “cooperation” with dozens of personnel in China, in the name of hiring industry consultants with high remuneration, and instructed them to extensively collect and provide basic data on China's shipping and cargo information on specific ships, among other information. 

The personnel handling this case from the State Security organs further investigated the case and discovered that the relevant overseas consulting and investigative company has a close relationship with its home country's spy agency, from which it has contracted a large number of intelligence collection and analysis tasks. All the shipping data obtained via the personnel in our country was provided to the country's spy intelligence agency.

In order to prevent further relevant damages, the State Security organs promptly warned and educated relevant personnel in China, and ordered their employers to strengthen internal personnel management and data security protection measures. At the same time, the relevant activities of the foreign consulting and investigative company were investigated and dealt with in accordance with the law.

案件三:李某等人私自架设气象观测设备,采集并向境外传送敏感气象数据案

  2021年3月,国家安全机关工作发现,国家某重要军事基地周边建有一可疑气象观测设备,具备采集精确位置信息和多类型气象数据的功能,所采集数据直接传送至境外。

  国家安全机关调查掌握,有关气象观测设备由李某网上购买并私自架设,类似设备已向全国多地售出100余套,部分被架设在我重要区域周边,有关设备所采集数据被传送到境外某气象观测组织的网站。该境外气象观测组织实际上由某国政府部门以科研之名发起成立,而该部门的一项重要任务就是搜集分析全球气象数据信息,为其军方提供服务。

  国家安全机关会同有关部门联合开展执法,责令有关人员立即拆除设备,消除了风险隐患。

  数据安全关乎国家安全和公共利益,是非传统安全的重要方面。国家安全机关提醒社会公众,如发现危害国家安全的可疑情况,请立即拨打国家安全机关举报受理电话12339,或登录国家安全机关举报受理平台进行举报。

Case 3: Li and others set up meteorological observation equipment without authorization to collect and transmit sensitive meteorological data overseas.

In March 2021, the State Security organs discovered a suspicious meteorological observation device built around an important military base in the country, which has the function of collecting accurate location information and various types of meteorological data. The collected data was directly transmitted overseas.

The State Security organs investigated it and found out that the relevant meteorological observation equipment was purchased online and set up by Li on his own (without notice to or permission from the authorities). More than 100 sets of similar equipment have been sold to many places across the country, some of which set up around important areas of our country, and the data collected through the relevant equipment have been transmitted overseas to the website of a meteorological observing organization. 

The foreign meteorological observation organization was actually initiated by a government department of a certain country in the name of scientific research, and an important task of this department is to collect and analyze global meteorological data to provide services for its military.

The State Security organs and relevant government departments jointly carried out law enforcement and ordered relevant people to dismantle the equipment immediately, eliminating potential risks.

In the end, the Ministry of State Security encourages people with tips to call the number 12339 or log on to the Ministry’s online reporting platform (there’s an English option, by the way:)

A guest post by
Journalism student at Tsinghua University. Ex intern at Bloomberg, China Central Television, and the UN. I write about China’s society, culture, and ordinary people in between.
Subscribe to Zhixin