Big data boom in China spurs thriving underground economy
China is increasingly becoming a “global epicenter” for big data analysis – but the country’s lack of regulation is also cultivating a thriving underground economy, centralized around the illegal sale of big data.
A monday intel report 471 shed light on how cybercriminals illegally monetize big data, selling it to crooks, threat groups or even marketers. Cybercriminals, which are either individuals or organized cybercrime groups, siphon or access large data streams from service providers, which they repackage and then sell on underground Chinese language forums.
The booming underground trade comes during a revolution in the Chinese economy due to big data, or datasets that extend beyond traditional databases to capture, manage and process data with low latency. China’s big data industry is worth hundreds of billions of dollars and is well integrated with various industries, including finance, energy and transportation, the researchers said.
With the emergence of data-intensive technologies such as the Internet of Things (IoT) and artificial intelligence, big data technology investment opportunities in China are expected to register a compound annual growth rate of 30% over the course of the next five years, according to a report by Mordor Intelligence. At the same time, the researchers warn of a lack of oversight for this explosive growth in data. There is no clear definition of private data versus public data, for example, and little general guidance on how companies collect, use, and share data.
“With China injecting big data into all economic sectors, the environment has become ripe for criminals to create and execute schemes that hide in the noise caused by the amount of data available,” the researchers said.
Brandon Hoffman, RSSI at Intel 471, said most of this data is obtained through “insiders” collecting the information. For example, in February, researchers observed a cybercriminal offering website and application bot data collection services in an underground market in Chinese, claiming to have access to Chinese mobile operators’ “insider channels” to data collection.
“This is typically worked out through a series of middlemen,” Hoffman said. “The other source is legitimate data brokers. While this is not something we have analyzed enough to make a statement, there is a hypothesis that cybercriminals could masquerade as legitimate businesses to buy data to other companies who have a legal reason to sell the data and then use it for nefarious purposes. “
Highly organized cybercrime groups are behind the illegal sale of these large data streams. These groups are typically headed by a boss, or “requester,” who engages with an “insider” or cybercriminal and instructs them to illegally access raw data.
“The prevalence of these patterns shows the importance of securing the data that companies generate at the same level as the services that keep the business running on a daily basis. “
Data sensitivity can range from anything basic, like browsing or shopping habits, to fully identifiable personal information like dates of birth, addresses, and more, Hoffman said. For example, in January, cybercriminals offered real-time data for casino games, lotteries and stocks on a popular underground forum linked to China, the data allegedly coming from two popular mobile network operators in China, researchers said. And in late March, cybercriminals offered massive data feeds from commercial databases of Canadian and US companies and investors, as well as a hacked Twitter database.
The data is sorted and repackaged, then sold through intermediaries, who act as intermediaries between the boss and the people who ask to buy the data. These middlemen, who take part of the commission on product sales, turn to underground platforms to make the data known to those who want to buy it. Buyers can be crooks, threat makers, or even direct marketers, who buy the data to target victims in a variety of ways.
“This information is used to fuel scams through a variety of methods,” Hoffman said. “It is primarily used to trick users into navigating to a certain site or application that will perform malicious activity, usually taking money in a seemingly legitimate way.”
Hoffman noted that in the dataset analyzed by the researchers, it is difficult to estimate how much money large datasets are worth and how much revenue it generates downstream. This is partly because China is a fairly closed loop ecosystem, and partly because data is used for many types of cyber attacks, each with its own set of income brackets, he said.
Chinese law enforcement has attempted in recent years to hold companies accountable for how they handle data. A series of crackdowns in 2019 targeted seemingly legitimate Chinese companies, which allegedly provided third-party data mining services and sold the collected data. In addition, China has also introduced various regulatory efforts in recent years to strengthen data privacy protection. In March, for example, the Cyberspace Administration of China announced a new regulation curb the excessive collection of personal data by applications in China.
Hoffman said researchers see data brokers playing a bigger role in cybercrime activities – and they expect it to become more important to cybercriminals around the world. As big data practices become more integrated into the economies of other countries, law enforcement will “face an uphill battle to shut down data exchange systems” – despite regulations such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA).
“The prevalence of these patterns shows the importance of securing the data that businesses generate at the same level as the services that run the business on a daily basis,” the researchers said.