Miscellaneous News

Aniah

Senior Member
Registered Member
Sounds like utter bullshit to me.

As I mentioned previously, for 1 billion citizen records, we're realistically talking about petabytes of data. No bloody way they'd all be stored with the same access credential, and there's no way a simple programmer is going to have access to such credentials in any case.
I suggest we wait for further confirmation from the Chinese side but if this does come to be true, heads are gonna roll.
 

tygyg1111

Captain
Registered Member
1 billion?

1 billion bytes is 1 gigabyte.

If the average citizen's entire record was 1kb, the total file size would be 1 terabyte. Since each Chinese Unicode character is 3 bytes, that's only enough for about 300 words per record.

The Chinese comment mentions that there are photos. This would mean at least 10 mb per average record, and that's using low resolution images. That would amount to 10 petabytes of data.
it is bekoz seeseepee corruption means low quality 300 word records for all freedomless citizens prisoners, using seeseepee evil chyna low quality photos.
so 1 billion records is absolutely true, trust me
 

Abominable

Major
Registered Member
Please, Log in or Register to view URLs content!

I have to say this is genius from the UK. They got punished by the EU for Brexit, so they've used the Russian-Ukrainian war to whip Europe into a warmongering frenzy, accusing anyone who doesn't support Zelensky unconditionally of being a Putin puppet.

Then when the gas is cut off, instead of rationing out what gas supplies are produced in Europe to keep essential services functioning in all countries as you would expect with NATO solidarity, they announce they will be keeping all gas they produce for themselves.
 

solarz

Brigadier
Some dummy wrote a blog post and decided it was good idea to copy n paste from some code from his employment. Commented out in that code (which makes it easy not to visually check since everything is the same color from an editor) was the access credentials to the police system. The system isn't publicly accessible so someone either cracked into the network or someone within accessed it.

BTW, think about what it means to have access credentials visible in the source code. It means every developer who worked on that project would have the credentials that lets someone access the personal records of a billion people.

Developers don't need access credentials to production data, and they certainly don't need to put any such credentials in the source code.

Maybe something was indeed leaked, but the story and the scale is utterly fictional.
 

Coalescence

Senior Member
Registered Member
Well, some heads are gonna roll regardless. Even if it's not a billion, a lot of people's personal information were exposed. Hopefully China handles this situation better than in the West.
I'm thinking of one of the damage that might come out from this, other than many people being doxxed, is these personal information would be used to forge accounts with fake identities or to access into bank accounts. One solution I can think of that can be employed is to have like a two-factor authentication that would send a code to the user, when they're trying to make or access an account, and the use of facial recognition/capture at establishments that deals with sensitive info like banks and government kiosk to prevent identity forgery.
 

coolgod

Colonel
Registered Member
BTW, think about what it means to have access credentials visible in the source code. It means every developer who worked on that project would have the credentials that lets someone access the personal records of a billion people.

Developers don't need access credentials to production data, and they certainly don't need to put any such credentials in the source code.

Maybe something was indeed leaked, but the story and the scale is utterly fictional.
People found that blog today (check the archive record), probably someone google searched the hostname provided in the breached selling forum and happened to find this credential floating on the web. It is entirely possible the hackers used another method or credentials to access the data. Regardless even with the credentials someone had to have internal network access to dump the entire database.

The data allegedly contains the ID number/name and basic info on every person in China (1.4 billion) which is entirely possible for Shanghai police dept to have. The ID/name/addresses were also confirmed by cross-referencing other leaked chinese databases.
The data allegedly also contains the police records of all the cases in Shanghai from 1949-2021? The sample leaks shows some and this is really embarrassing stuff.

There are no photos in the leak, but the json files gave the internal links to the photos. The hackers know transferring all the photos is way too much, just the text data is 23 TB.

Like many others on the internet, I think it is real but the seller has a political motive. 10 BTC for a 23TB leak of that sensitive info is way too less, China will hunt this guy for life. It was also released on Jun 30th (right before July 1st CPC birthday), even though the data was dumped in 2021 (nothing from 2022 showed up in the sample data). Historically nasty things have a habit of showing up before CPC party congresses.
 
Last edited:

Coalescence

Senior Member
Registered Member
BTW, think about what it means to have access credentials visible in the source code. It means every developer who worked on that project would have the credentials that lets someone access the personal records of a billion people.

Developers don't need access credentials to production data, and they certainly don't need to put any such credentials in the source code.

Maybe something was indeed leaked, but the story and the scale is utterly fictional.
Either way, posting private source code from your company is an extremely dumb and dangerous action. It would give hackers insight into your code, and possibly find vulnerabilities they can exploit to gain access to the system.
 

FriedButter

Colonel
Registered Member
Please, Log in or Register to view URLs content!
Scottish and Welsh ministers have said the British government took their budget funds for military aid to Ukraine, voicing concerns that it could set a precedent. The Treasury has told Scotland and Wales to contribute to a £1 billion ($1.2 billion) weapons package or have their budgets reduced.

Scottish Finance Secretary Kate Forbes said on Wednesday that Scotland agreed to provide the £65 million ($78.7 million) funding but only “on this occasion”. She cautioned that “this must not be seen as any kind of precedent,” while Welsh Finance Minister Rebecca Evans said she had been forced to set aside £30 million ($36.3 million) intended for “devolved areas like health and education”.

Turns out. The Brits aren’t just raiding the climate fund to send to Ukraine. They are also threatening the Welsh and Scottish government to hand over a portion of their budget to Ukraine willingly or the Brits will take it themselves. So now the Welsh and Scottish are gutting their eduction and health care budget for the sake of Ukraine. Lol.
 
Last edited:

solarz

Brigadier
The data allegedly also contains the police records of all the cases in Shanghai from 1949-2021? The sample leaks shows some and this is really embarrassing stuff.

There are no photos in the leak, but the json files gave the internal links to the photos. The hackers know transferring all the photos

23 TB for a billion people allows for 20 kb per person. For individual case files that ranges from 1949 to 2021.

What's more, somehow this supposedly massive data is stored in clear text json format. Guess they never needed to do any queries on it?
 
Top