China is increasingly becoming a "global epicenter" for big data analytics - but the country's lack of regulation is also cultivating a thriving underground economy centralized around the illegal sale of big data.
A Monday report from Intel 471 shed light on how cybercriminals are illegally monetizing big data, by selling it to scammers, threat groups or even marketers. The cybercriminals, which consist of either individuals or organized cybercrime groups, siphon or access big data streams from service providers, which they then repackage and sell on Chinese-language underground forums.
The booming underground trade comes during a revolution of the Chinese economy due to big data, or data sets that expand beyond traditional databases to capture, manage and process data with low latency. China’s big data sector is worth hundreds of billions of dollars and is well integrated into various industries, including finance, energy and transportation, said researchers.
With the emergence of data-heavy technologies like the Internet of Things (IoT) and artificial intelligence, the investment opportunities of big data technology in China are expected to register a compound annual growth rate of 30 percent over the next five years, according to a report by Mordor Intelligence. At the same time, researchers warn of a lack of oversight for this explosive data growth. There is no clear definition of private versus public data, for instance, and few overarching guidelines for how companies collect, utilize and share data.
“With China injecting big data into every economic sector, the environment has become ripe for criminals to create and execute schemes that hide in the noise brought on by the amount of data at hand,” said researchers.
Brandon Hoffman, CISO at Intel 471, said the bulk of this data is obtained via "insiders" collecting the information. For instance, in February researchers observed a cybercriminal offering website and application crawler data collection services on a Chinese-language underground marketplace, claiming to have access to “insider channels” of Chinese mobile operators for data collection.
“This is generally worked through a series of intermediaries," said Hoffman. "The other source is legitimate data brokers. While this is not something we have analyzed enough to make a statement on, there is an assumption that cybercriminals could pose as legitimate companies to buy data from other companies who have a legal reason to be selling the data and then use it for nefarious purposes.”
Highly-organized cybercrime groups drive the illegal sale of these big data streams. These groups are typically spearheaded by a boss, or “requester,” who engages with an “insider” or a cybercriminal and gives them instructions for gaining illegal access to the raw data.
“The prevalence of these schemes show the importance of securing the data businesses generate on the same levels as the services that keep business running on a day-to-day basis."
The data could range in sensitivity from something basic, like browsing or shopping habits, to full personal identifiable information like birth dates, addresses and more, said Hoffman. For instance, in January cybercriminals offered real-time data for casino gaming, lottery and stocks on a popular Chinese-linked underground forum, with the data allegedly originating from two popular mobile network operators in China, said researchers. And in late March, cybercriminals offered up big data streams from commercial databases of Canada and U.S. businesses and investors as well as a hacked Twitter database.
The data is sorted out and repackaged, and then sold via middlemen, who act as intermediaries between the boss and the individuals who are requesting to purchase the data. These middlemen, who take a cut of the commission from the product sales, turn to underground platforms to advertise the data to those who would like to purchase it. The purchasers can be scammers, threat actors or even direct marketers, who purchase the data to target victims in various ways.
“This information is used to fuel scams across a variety of methods,” said Hoffman. “Mostly it is used to trick users into browsing to a certain site or app that will perform some malicious activity, generally taking money in an apparently legitimate way.”
Hoffman noted, in the set of data analyzed by researchers it is difficult to estimate how much money big data sets are worth, and how much revenue this drives downstream. This is partly because China is a fairly closed loop ecosystem, and partly because the data is used for many different types of cyberattacks, each with their own different set of revenue ranges, he said.
Chinese law enforcement has attempted in recent years to hold companies accountable for how they handle data. A slew of law enforcement crackdowns in 2019 targeted seemingly legitimate Chinese companies, which allegedly provided third-party data crawling services and sold collected data. In addition, China has also in recent years introduced various regulatory efforts aiming to amp up data privacy protection. In March, for example, the Cyberspace Administration of China announced a new regulation curbing the collection of excessive personal data by apps in China.
Hoffman said, researchers are seeing data brokers taking a more prominent role in cybercrime activity - and they expect to see this becoming more significant to cybercriminals globally. As big data practices become further integrated across other countries’ economies, law enforcement will “face an uphill battle in stopping data trading schemes” - despite regulation like the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA).
“The prevalence of these schemes show the importance of securing the data businesses generate on the same levels as the services that keep business running on a day-to-day basis,” said researchers.