Chinese database details 2.4 million influential people, their kids, addresses, and how to press their buttons

Compiled using mostly open-source intel, shines a light on extent of China’s surveillance activities

A US academic has revealed the existence of 2.4-million-person database he says was compiled by a Chinese company known to supply intelligence, military, and security agencies. The researcher alleges the purpose of the database is enabling influence operations to be conducted against prominent and influential people outside China.

The academic is Chris Balding, an associate professor at the Fulbright University Vietnam.

And he says the company is company is named "Shenzhen Zhenhua".

Security researcher Robert Potter and Balding co-authored a paper [PDF] claiming the trove is known as the “Overseas Key Information Database” (OKIDB) and that while most of it could have been scraped from social media or other publicly-accessible sources, 10 to 20 per cent of it appears not to have come from any public source of information. The co-authors do not rule out hacking as the source of that data, but also say they can find no evidence of such activity.

“A fundamental purpose appears to be information warfare,” the pair stated.

Balding wrote on his blog that the database contains the following:

The information specifically targets influential individuals and institutions across a variety of industries. From politics to organized crime or technology and academia just to name a few, the database flows from sectors the Chinese state and linked enterprises are known to target.

The breadth of data is also staggering. It compiles information on everyone from key public individuals to low level individuals in an institution to better monitor and understand how to exert influence when needed.

The database includes details of politicians, diplomats, activists, academics, media figures, entrepreneurs, military officers and government employees. Subjects’ close relatives are also listed, along with contact details and affiliations with political and other organisations.

In the paper, the pair said all that data allows Chinese analysts “to track key influencers and how news and opinion moves through social media platforms.”

“The data collected about individuals and institutions and the overlaid analytic tools from social media platforms provide China enormous benefit in opinion formation, targeting, and messaging.”

It gets worse: “From the assembled data, it is also possible for China even in individualized meetings be able to craft messaging or target the individuals they deem necessary to target.”

Balding said the database is “technically complex using very advanced language, targeting, and classification tools.”

But it was also hard to investigate, as parts were reportedly corrupt.

Balding therefore shared the data trove with Potter - of Australian security firm Internet 2.0 - to help make it accessible. The results were shared with select, non-Reg media outlets.

The Register has sought comment from Balding and Internet 2.0 but had not received a reply at the time of writing.

thumbs down facebook

FTC kicks feet through ash pile that once was Cambridge Analytica with belated verdict


In their written output, Balding and Potter suggest that the open source intelligence used to create much of the database is a breach of many local laws as users of social networks do not expect or consent to the data they share being compiled into dossiers. Others have ranked news of the database'e existence alongside infamous data collection incidents such as the Cambridge Analytica scandal.

The academic thinks the database is worrying because “Chinese intelligence, military, and security agencies use the open information environment we in open liberal democracies take for granted to target individuals and institutions.”

In a second post Balding said the database matters because “what cannot be underestimated is the breadth and depth of the Chinese surveillance state and its extension around the world.

“The world is only at the beginning stages of understand how much China invests in intelligence and influence operations using the type of raw data we have to understand their targets.”


Your humble hack and every other Register journalist is listed in various databases compiled using a combination of the stories we write on this site, our social media output, records of telephone conversations, and observed behaviour at real world events. Those databases are used to attempt to influence what we write. When the data is held by a public relations firm, it is proprietary. When it is collected by media database companies, they sell access to the data as-a-service.

Some of our production and back office team are listed in databases based on the likelihood they will sign off on purchases of myriad goods and services The Register needs to operate. The Register’s owners are listed in databases based on publicly available financial data and subsequently targeted with products and services that someone thinks are suitable for business owners.

A lot of these databases produce not much more than poorly targeted sales pitches or, for the editorial team, near-daily press releases about new Bitcoin startups that will overturn the global financial system by next Tuesday.

Happily none of those startups, PR firms, database companies or vendors possess a world-spanning security and intelligence apparatus or attempt to influence foreign nations.

Sign outside the National Security Agency HQ

Snowden was right: US court deems NSA bulk phone-call snooping illegal, possibly unconstitutional, and probably pointless anyway


China does. And China uses them to conduct operations ranging from protesting against media coverage of its affairs, attempting to influence university curricula, suborning elected representatives and more. With a list that details targets’ relatives, who knows what other tactics a determined foe could employ to have someone influential dance to their tune?

Which is why this database is important, because it shows that China has a well-organised effort to give its influence operations the information they need to be efficient. Or ruthless.

Having said that, it would be more of a surprise if China did not have such a database and ignored the chance to compile it using the data so many of us carelessly scatter across the internet each day, or which is published in the public interest.

“Open liberal democracies must consider how best to deal with the very real threats presented by Chinese monitoring of foreign individuals and institutions outside established legal limits,” Balding wrote, before suggesting: “Increased data protections and privacy limits should be considered.”

“The threat of surveillance and monitoring of foreign individuals by an authoritarian China is very real,” he concluded. “Open liberal democratic states can no longer pretend these threats do not exist. Today’s database is compiled primarily from open sources, other databases China holds present much greater risks to Chinese and foreign citizens." ®

If you have information that no one else has, you can tip us off securely using this form, or contact us here.

Similar topics

Broader topics

Other stories you might like

  • Meet Wizard Spider, the multimillion-dollar gang behind Conti, Ryuk malware
    Russia-linked crime-as-a-service crew is rich, professional – and investing in R&D

    Analysis Wizard Spider, the Russia-linked crew behind high-profile malware Conti, Ryuk and Trickbot, has grown over the past five years into a multimillion-dollar organization that has built a corporate-like operating model, a year-long study has found.

    In a technical report this week, the folks at Prodaft, which has been tracking the cybercrime gang since 2021, outlined its own findings on Wizard Spider, supplemented by info that leaked about the Conti operation in February after the crooks publicly sided with Russia during the illegal invasion of Ukraine.

    What Prodaft found was a gang sitting on assets worth hundreds of millions of dollars funneled from multiple sophisticated malware variants. Wizard Spider, we're told, runs as a business with a complex network of subgroups and teams that target specific types of software, and has associations with other well-known miscreants, including those behind REvil and Qbot (also known as Qakbot or Pinkslipbot).

    Continue reading
  • Supreme Court urged to halt 'unconstitutional' Texas content-no-moderation law
    Everyone's entitled to a viewpoint but what's your viewpoint on what exactly is and isn't a viewpoint?

    A coalition of advocacy groups on Tuesday asked the US Supreme Court to block Texas' social media law HB 20 after the US Fifth Circuit Court of Appeals last week lifted a preliminary injunction that had kept it from taking effect.

    The Lone Star State law, which forbids large social media platforms from moderating content that's "lawful-but-awful," as advocacy group the Center for Democracy and Technology puts it, was approved last September by Governor Greg Abbott (R). It was immediately challenged in court and the judge hearing the case imposed a preliminary injunction, preventing the legislation from being enforced, on the basis that the trade groups opposing it – NetChoice and CCIA – were likely to prevail.

    But that injunction was lifted on appeal. That case continues to be litigated, but thanks to the Fifth Circuit, HB 20 can be enforced even as its constitutionality remains in dispute, hence the coalition's application [PDF] this month to the Supreme Court.

    Continue reading
  • How these crooks backdoor online shops and siphon victims' credit card info
    FBI and co blow lid off latest PHP tampering scam

    The FBI and its friends have warned businesses of crooks scraping people's credit-card details from tampered payment pages on compromised websites.

    It's an age-old problem: someone breaks into your online store and alters the code so that as your customers enter their info, copies of their data is siphoned to fraudsters to exploit. The Feds this week have detailed one such effort that reared its head lately.

    As early as September 2020, we're told, miscreants compromised at least one American company's vulnerable website from three IP addresses: 80[.]249.207.19, 80[.]82.64.211 and 80[.]249.206.197. The intruders modified the web script TempOrders.php in an attempt to inject malicious code into the checkout.php page.

    Continue reading

Biting the hand that feeds IT © 1998–2022