by Max Metzger | 14 March 2017
Nearly 100 suspects have been arrested by Chinese police in a nationwide crackdown on data theft.
Insiders were placed inside organisations to steal information.
Chinese police have arrested nearly 100 data thieves and hackers in the culmination of a large operation spanning all over the one of the largest countries in the world. Chinese State broadcaster, CCTV, reported the bust.
Police arrested 96 people suspected of stealing and misusing data. The country-spanning network is meant to have stolen data from gaming, video and social media sites. The group then took that data, which included passwords, ID card numbers and addresses, and sold it on online forums.
Several of the suspects arrested were noted for not specifically being hackers, but employees of companies from which the data was stolen.
Chinese security forces detained over 4000 people last year for misuse of personal data according to Xinhua News, another state outlet. Of these, less than one hundred were hackers and almost 400 were employees of businesses that exploited personal information held by their employers.
Insider threats rest heavily on the minds of many IT professionals. They tend to sit in the ideal place to steal information for criminal use. While most that are deemed insider threats exploit their employers by accident, circumventing cumbersome security policies to do their job more efficiently, malicious insiders still emerge. The threat is a notoriously hard one to overcome and such adversaries have been behind a number of famous breaches including Morrisons, the 2016 Sage breach and even Chelsea Manning’s disclosures to Wikileaks. Partitioning access and ensuring that employees are restricted to getting at only the information critical to their jobs is often proposed as a remedy to such adversaries.
While Chinese security services are meant to be aggressively pursuing data theft, The South China Morning Post reported, Chen Zhimin, deputy minister of public security, admitted that such cases remained “prominent”.
The Raven Group is a Corporate Counterintelligence consulting firm that helps companies protect their trade secrets, intellectual property (IP), employees, and reputation. Raven’s consultants have spent a lifetime protecting our nation from threats of every kind and are second to none. Let us bring that expertise to your company.