Stories of Chinese Intelligence Firms leveraging Big Data Analysis, Social Media Platforms, LinkedIn, Mobile Devices, SIGINT, etc are all over the internet. However the recent stories about the Zhenhua Data Leak in the Indian Express caught our attention and we decided to leverage our ShadowMap platform to get some more insight on the Zhenhua Data operation.
After spending several days deep into this rabbit hole of vague corporations, a wide range of collection systems, some really interesting correlation use-cases – we’ve been able to put together a fairly comprehensive image of the Zhenhua Data operation.
While on the surface Zhenhua Data seems to be “just another” firm capturing, processing and selling publicly available information, the story changes rapidly once you look beyond the surface.
This blog post covers four key sections: Data Collection, Data Correlation, Identified Targets, Conclusion.
Zhenhua Data & Affiliates
According to the Zhenhua Data website (which has been taken offline, but is still accessible via ShadowMap) – “Zhenhua Data focuses on integrating overseas data and information to provide services for domestic institutions”. In-addition to Shenzhen Zhenhua Data Information Technology Co., Ltd. (china-revival.com) that has already received wide-spread coverage, we also found the involvement of Weiju (aggso.com) & SocialDataMax (socialdatamax.com).
Weiju, started out as a “location-based, instant messaging application that enables users to chat with nearby strangers.”, however the last update on its website (in 2015) mentions “Public opinion monitoring and early warning”, “Communication analysis statistics”, etc.
There are also several mentions of the underlying platforms being developed by “Beijing Juwei Hezhi Information Technology Co., Ltd.”, which has a very limited public presence but is listed online as “Juwei Hezhi is a company that analyzes social media big data”.
Zhenhua Data has a large number of platforms that are used for data collection. These include platforms monitoring your standard social media platforms such as Twitter, LinkedIn, Facebook, TikTok, VK, Instagram etc. They also monitor a wide range of media outlets, news websites, news aggregators such as Reddit, etc.
In-addition to this, they also seem to have private sources of data such as near real-time movement of warships, satellite tracking, troop movements, etc. More so we were able to find references to private feeds that have access to data from “affiliate apps & websites”, but have not been able to discover or access these portals directly.
Some examples of the public data collection systems that are publicly accessible:
LinkedIn – This particular system is configured to continuously search LinkedIn for a range of keywords and then downloads the matching profiles, photos, etc.
TikTok – This particular system is configured to monitor specific target accounts and download all videos, comments, user relationships, etc in near real time. Another interesting note here, a lot of the accounts being monitored are related to US Army recruitment and active duty forces.
Reddit – This particular system is configured to monitor specific subreddits such as /r/politics to continuously track news stories, upvotes, users, etc.
Forum Discussions – This particular system is configured to monitor a wide range of internet forum discussions, actively scraping all posts being made, data about users along with the sentiment of the post.
Databases of Key Individuals & Organisations – This particular system maintains a real-time list of key Mobile Applications, Media Organisations, Think Tanks, Social Media accounts, etc.
Tracking Global Risk Events – This particular system is configured to track a number of global risk events such as Weapons of Mass Destruction, Extreme weather events, Climate change mitigation and response, Network Attack, etc.
While some of the Data Collection systems may seem like they would be part of the scope of any average social media big data company, the use-cases and correlations that we have been able to discover are where it really gets interesting.
Internet Big Data Military Intelligence System
One of the early systems that our platform discovered that is directly linked to Zhenhua Data. This platform certainly tells a different story from the “social media monitoring” cover that has been used. The platform seems to have 4 modules: Internet Information Collection System, Big Data Cleaning & Processing System, Foreign Army Internet Intelligence System & Key Group Monitoring and Analysis System.
On digging further, we discovered another platform that leverages several of the private and public data collection systems to create actionable military intelligence.
Real-time War Ship Monitoring & Correlation Platform
This platform allows for tracking near real-time movements of both commercial and military naval ships. In-addition, it can correlate a wide range of information such as Social Media information of the crew on-board each vessel, photos and videos from individuals and official social media accounts, news stories, weapons manifests, historical location data, etc.
The strike chain functionality tracks key personnel as well, which are in-turn related with the much talked about OKIDB (Overseas Key Information Database), which allows you to get more relevant and correlated data about each individual target.
Correlating Social Media Data with OKIDB
Zenhua Data also has Social Media Relationship Query tools available to analyse target social media accounts, their relationships with other individuals and further allows you to access additional data stored about each individual in the OKIDB.
Each of the millions of members (a sample shown in the excel), have a “Character ID” and have a page in the OKIDB that contains more details about themselves, their social media accounts, their families, their businesses, their relationships, etc. The OKIDB contains data about politicians, royalty, business leaders, journalists, members of think tanks, research scientists, etc.
In-addition to these systems, there are hundreds of other such systems online that are secured behind login pages or have been taken offline since the media attention started and as such have not been accessed by ShadowMap.
Some of the other systems which are online but not accessible since they are behind login pages:
The OKIDB has been covered in-depth by several media organisations that have dissected the list of targets in detail. Generally speaking the OKIDB seems to contain information about anybody that has any level of influence or is affiliated with any such person. The influence is determined on the basis of social media relationships, news mentions, face recognition in public photographs, etc.
We also found several target keyword lists that are actively being used as part of the data collection platforms and seem to be focusing on a wide range of keywords related to Hong Kong. These include key events such as “2019 Prince Edward station attack”, famous protestors such as “Black super brother”, phrases such as “Trying to decrypt” and hundreds of political individuals on both sides.
Conclusion to the Zhenhua Data Story
After studying the ShadowMap reports for Zhenhua Data, we are reasonably certain that everything we have seen so far is only scratching the surface of the Data Collection and Internet Intelligence Systems in place.
While most folks brush off concerns around social media monitoring, as the “price of admission”, privacy and security professionals understand the true risks and have been raising warnings for years. From something as simple as when Fitbit tracking app Strava disclosed the location of secret US army bases, to modernising and automating the process of gaining “kompromat” on a target.
The technology and capabilities we have seen with Zhenhua Data show us that the dystopian future that George Orwell’s 1984 warned us about, is here to stay. From silencing political opponents, quashing protests, spreading misinformation to influence elections or attacking enemy militaries – Big Data Surveillance systems will continue to have a significant role to play in geo-politics.