中国3.64 亿社交媒体监视数据库外泄，包括 QQ 微信 YY 苹果云上贵州服务器 淘宝旺旺

如何避免朝廷监控，请点击关注【安全上网 注意事项】频道 @anquanshangwang

在人脸识别数据库之后，中国3.64 亿社交媒体监视数据库外泄，包括 QQ 微信 YY 苹果云上贵州服务器 淘宝旺旺 QQ群，这些账户还被关联到用户的真实身份。

在人脸识别数据库之后，安全研究人员 Victor Gevers 报告了一个外泄的社交媒体监视数据库，包括了 3.64 亿用户的资料和聊天记录，这些账户还被关联到用户的真实身份。这并不令人感到意外，中国的社交网络已经全面推行后台实名制，通常是关联手机号码，而手机号码已完成了实名制推广工作。这个数据库监视的平台包括了腾讯旗下的 QQ 和微信，这两个服务在中国都有数以亿计的用户。

https://twitter.com/0xDUDE/status/1101909112131080192

Can anyone (from China) identify these Messaging services?

qg <-- QQ_group

qqmesg. <-- https://www.imqq.com/

wwmsg <--. WangwangAlibaban~Taobao

imsg – iMessage

qqmesg – Tencent QQ

wxmsg – Weixin, aka WeChat

yymsg – YY (China’s twitch)

In China, they have a surveillance program on social networks which looks like a jerry-rigged PRISM clone of the NSA.

So this social media surveillance program is retrieving (private) messages per province from 6 social platforms and extracts named, ID numbers, ID photos, GPS locations, network information, and all the conversations and file transfers get imported into a large online database.

Around 364 million online profiles and their chats & file transfers get processed daily. Then these accounts get linked to a real ID/person. The data is then distributed over police stations per city/province to separate operators databases with the same surveillance network name

With these "operator databases" the local law enforcement investigate 2600 to 2900 messages and profiles. The name new table per day to keep track of the progress. So they manually review the social media communication (public/private messages).

And the most remarkable part is that this network syncs all this data to open MongoDBs in 18 locations. "r_Capture_Time" : "2019-03-03 02:58:08.0", "r_QQMsg" : "2019-03-03 02:58:08 \"ζ°? 、XXX丶ζ说:!收【【【46--48道士号】】】卖的微信XXXXXXXXXXXぁ"

https://pbs.twimg.com/media/D0woGfKWsAEEDbM.jpg

Victor,in China ISP use this software

https://pbs.twimg.com/media/D0ve-qPV4AA0Tl-.jpg

Massive Database Leak Gives Us a Window into China’s Digital Surveillance State

https://www.eff.org/deeplinks/2019/03/massive-database-leak-gives-us-window-chinas-digital-surveillance-state

Earlier this month, security researcher Victor Gevers found and disclosed an exposed database live-tracking the locations of about 2.6 million residents of Xinjiang, China, offering a window into what a digital surveillance state looks like in the 21st century.

Xinjiang is China’s largest province, and home to China’s Uighurs, a Turkic minority group. Here, the Chinese government has implemented a testbed police state where an estimated 1 million individuals from these minority groups have been arbitrarily detained. Among the detainees are academics, writers, engineers, and relatives of Uighurs in exile. Many Uighurs abroad worry for their missing family members, who they haven’t heard from for several months and, in some cases, over a year.

Although relatively little news gets out of Xinjiang to the rest of the world, we’ve known for over a year that China has been testing facial-recognition tracking and alert systems across Xinjiang and mandating the collection of biometric data—including DNA samples, voice samples, fingerprints, and iris scans—from all residents between the ages of 12 and 65. Reports from the province in 2016 indicated that Xinjiang residents can be questioned over the use of mobile and Internet tools; just having WhatsApp or Skype installed on your phone is classified as “subversive behavior.” Since 2017, the authorities have instructed all Xinjiang mobile phone users to install a spyware app in order to “prevent [them] from accessing terrorist information.”

The prevailing evidence of mass detention centers and newly-erected surveillance systems shows that China has been pouring billions of dollars into physical and digital means of pervasive surveillance in Xinjiang and other regions. But it’s often unclear to what extent these projects operate as real, functional high-tech surveillance, and how much they are primarily intended as a sort of “security theater”: a public display of oppression and control to intimidate and silence dissent.

Now, this security leak shows just how extensively China is tracking its Xinjiang residents: how parts of that system work, and what parts don’t. It demonstrates that the surveillance is real, even as it raises questions about the competence of its operators. 

A Brief Window into China’s Digital Police State

Earlier this month, Gevers discovered an insecure MongoDB database filled with records tracking the location and personal information of 2.6 million people located in the Xinjiang Uyghur Autonomous Region. The records include individuals’ national ID number, ethnicity, nationality, phone number, date of birth, home address, employer, and photos.

Over a period of 24 hours, 6.7 million individual GPS coordinates were streamed to and collected by the database, linking individuals to various public camera streams and identification checkpoints associated with location tags such as “hotel,” “mosque,” and “police station.” The GPS coordinates were all located within Xinjiang.

This database is owned by the company SenseNets, a private AI company advertising facial recognition and crowd analysis technologies.

A couple of days later, Gevers reported a second open database tracking the movement of millions of cars and pedestrians. Violations like jaywalking, speeding, and going through a red-light are detected, trigger the camera to take a photo, and ping a WeChat API, presumably to try and tie the event to an identity.

Database Exposed to Anyone with an Internet Connection for Half a Year

China may have a working surveillance program in Xinjiang, but it’s a shockingly insecure security state. Anyone with an Internet connection had access to this massive honeypot of information.

Gevers also found evidence that these servers were previously accessed by other known global entities such as a Bitcoin ransomware actor, who had left behind entries in the database. To top it off, this server was also vulnerable to several known exploits.

In addition to this particular surveillance database, a Chinese cybersecurity firm revealed that at least 468 MongoDB servers had been exposed to the public Internet after Gevers and other security researchers started reporting them. Among these instances: databases containing detailed information about remote access consoles owned by China General Nuclear Power Group, and GPS coordinates of bike rentals.

A Model Surveillance State for China

China, like many other state actors, may simply be willing to tolerate sloppy engineering if its private contractors can reasonably claim to be delivering the goods. Last year, the government spent an extra $3 billion on security-related constructionin Xinjiang, and the New York Times reported that China’s police planned to spend an additional $30 billion on surveillance in the future. Even poorly-executed surveillance is massively expensive, and Beijing is no doubt telling the people of Xinjiang that these investments are being made in the name of their own security. But the truth, revealed only through security failures and careful security research, tells a different story: China’s leaders seem to care little for the privacy, or the freedom, of millions of its citizens.

以上就是关于“安全上网”的介绍，那么如何隐藏自己的身份，避免被朝廷跨省追捕呢？先点击关注本频道（安全上网，注意事项），本频道已经转载的一些文章已经介绍了方法，记得认真阅读，可不要认为你没有做违法的事情就不会被朝廷跨省追捕呀，现实可不是这样的哦，多数人都是没干什么违法的事，很多人做的还是依法的事情，还是维护公平正义的事情，都被朝廷跨省追捕了！如果你觉得这篇文章对你很有帮助，请立即转发本频道以及文章到你所在的所有电报群，还有你认识的朋友。因为电报Telegram是一个联合体，在电报上，每个人的安全是一切人安全的条件，也只有大家安全你才会有真正的安全！

如果你还是那么简单地觉得你说的，你做的没什么的，你对安全上网还不去重视的话，那么请你时刻记住，错的往往不是你，而是这个社会！

本电报频道 @anquanshangwang 会转载一些关于安全上网的文章，这些文章都比较浅显，请务必仔细阅读，特别是关注或者参与正当权益维护的朋友，你不好好阅读，等某一天你被这个错误的社会送到监狱的时候，再想来看已经悔之晚矣！

最后请务必把本频道转发给你的每一位好友，救人一命，胜造七级浮屠！善哉善哉！