One of the facial recognition databases that the Chinese government is using to track the Uyghur Muslim population in the Xinjiang region has been left open on the internet for months, a Dutch security researcher told ZDNet. The database belongs to a Chinese company named SenseNets, which according to its website provides video-based crowd analysis and facial recognition technology. Yesterday, Victor Gevers, a well-known security researcher that made a name for himself in the past few years by finding leaky MongoDB databases did what he does best and found one of SenseNets' MongoDB databases that had been left exposed online without authentication. Gevers told ZDNet that the database contained information on 2,565724 users, along with a stream of GPS coordinates that came in at a rapid pace. The user data wasn't just benign usernames, but highly detailed and highly sensitive information that someone would usually find on an ID card, Gevers said.
In July 2009, deadly riots broke out in Urumqi, the capital of Xinjiang, China. Nearly 200 people died, the majority ethnic Han Chinese, and thousands of Chinese troops were brought in to quell the riots. An information battle soon followed, as mobile phone and internet service was cut off in the entire province. For the next 10 months, web access would be almost non-existent in Xinjiang, a vast region larger than Texas with a population of over 20 million. It was one of the most widespread, longest internet shutdowns ever.
BEIJING – China's far-northwestern region of Xinjiang has revised legislation to provide a legal basis for internment camps where up to 1 million Muslims are being held amid mounting international criticism. New clauses adopted by the regional government officially permit the use of "education and training centers" to reform "people influenced by extremism." Chinese authorities deny that the internment camps exist but say petty criminals are sent to vocational "training centers." Former detainees in the centers say they were forced to denounce Islam and profess loyalty to the Communist Party in what they describe as political indoctrination camps. "It's a retrospective justification for the mass detainment of Uighurs, Kazakhs, and other Muslim minorities in Xinjiang," said James Leibold, a scholar of Chinese ethnic policies at Melbourne's La Trobe University.
The US government averted another shutdown when Donald Trump instead opted to declare a national emergency to fund his border wall dreams--a wall which raises huge privacy and security concerns and will cause more problems than it solves. As the country digested the national emergency, cybersecurity workers were still scrambling to clean up the security nightmare wrought by the longest shutdown in history. Amid all the border wall news this week, you'd be forgiven for missing that the president also signed an executive order creating the American AI Initiative. In an op-ed for WIRED, White House deputy assistant to the president for technology policy Michale Kratsios explained why AI strategy is a security issue. Speaking of AI, to combat the growing threat of deep fakes, a new tool uses the blockchain to monitor video for tampering and manipulation.
BEIJING - The Chinese database Victor Gevers found online was not just a collection of old personal details. It was a compilation of real-time data on more than 2.5 million people in western China, updated constantly with GPS coordinates of their precise whereabouts. Alongside their names, birth dates and places of employment, there were notes on the places that they had most recently visited -- mosque, hotel, restaurant. The discovery by Gevers, a Dutch cybersecurity researcher who revealed it on Twitter last week, has given a rare glimpse into China's extensive surveillance of Xinjiang, a remote region home to an ethnic minority population that is largely Muslim. The area has been blanketed with police checkpoints and security cameras that apparently are doing more than just recording what happens.