Australia’s fledgling space sector is proving to be a hot target for Chinese snooping, with Beijing tracking the movement of top-secret equipment from a tracking station outside Canberra to NASA in the United States.
And Commonwealth scientists with world-leading expertise have also been targeted by a Chinese company with links to the People’s Liberation Army.
A leaked database developed by Shenzhen-based data company Zhenhua Data, obtained by the ABC as part of an international consortium of media outlets, has more than 70 records that reference CSIRO’s staff and classified operations.
One entry shows Zhenhua Data monitored the March 2019 transfer of “scientific equipment” from Canberra’s Deep Space Communication Complex at Tidbinbilla all the way across the Pacific Ocean to NASA’s Jet Propulsion Laboratory in Pasadena, California.
It records the name of the German-flagged container ship that took the cargo, as well as the Los Angeles-based customs company that took possession of the package after it arrived at the Long Beach port.
“This database has got a vast amount of import-export data that is scraped up, presumably, or stolen or supplied somehow from import-export agents,” Clive Hamilton from Charles Sturt University told the ABC.
“So this database is not just tracking people, but also tracking the movement of goods which might be of interest to China’s intelligence services.”
The database also shows Zhenhua spied on CSIRO’s “transformational bioinformatics team” which is researching artificial intelligence (AI) and genomics in medicine.
An AI researcher at the Australian National University has also been profiled by the Chinese firm, and Zhenhua has also documented the CSIRO’s work in the search for missing Malaysian Airlines flight MH370 and exploration on Mars.
“There’d be hundreds of thousands of references to CSIRO available on the public record,” Professor Hamilton said.
“But this database is not indiscriminate, it’s curated by people sitting there and deciding what to leave in and what to keep a little bit more of.”
Zhenhua’s interest in the space sector is not limited to the CSIRO. The entire board of Gilmour Space Technology is profiled in the database.
“We are aware of this incident,” a spokesperson for the company told the ABC.
“It is not an ideal situation, of course, but it is not unusual in our industry.
“We recognise that security is an ongoing concern for all companies developing innovative research and technology, and we are continuously evolving our processes and systems to mitigate these risks.”
Data leak prompts privacy debate
The ubiquitous nature of the internet means most Australians are exposed online in some fashion, with details uploaded to websites from Facebook through to online shopping and banking.
There are 2.4 million people in the leaked database, including more than 35,000 Australians.
Zhenhua’s chief executive Wang Xuefeng, a former IBM employee, has boasted on Chinese social media platform WeChat of waging “hybrid warfare” and “psychological warfare” by using data scraped from social media.
Labor senator Jenny McAllister, who is also listed in the Zhenhua database along with her husband, is the chair of a Senate inquiry into foreign interference through social media.
“We have seen many, many examples internationally, where third parties and private sector organisations are involved in propagating disinformation online,” Senator McAllister told the ABC.
“These companies are trying to gather and sell this information because there are people out there who are interested in buying it.
“Almost certainly this is not the only information-gathering organisation of this type, but the fact that we’ve come to know about it should serve as a warning — it’s time for governments to start taking action.”
Senator McAllister said the data leak would be included in the inquiry’s considerations.
Perth tech entrepreneur Gov Van Ek was among those who woke up on Monday morning to learn they had been profiled by Zhenhua Data. He likened the situation to that of Clearview AI, which admitted to having its data breached earlier this year, after it was revealed it had developed a database using facial-recognition technology with billions of images scraped from the internet.
“I’m in the tech space and these are the kind of things that are happening in the tech space,” he said.
“And people’s privacy is kind of long gone right now.
“Everything that goes online eventually ends up in a database somewhere or another.”
He is not worried about the data Zhenhua compiled on him. But he said it should be a wake-up call to others sharing personal information online.
“Human beings, sometimes they want to type in something a bit personal, like a medical condition or something,” he said.
“If that got hacked, that database, then what?
“The issue of course with data is data does get hacked and that’s when it can harm people.”
The Office of the Australian Information Commissioner also likened the data breach to that of Clearview AI, which it is investigating with the United Kingdom’s information commissioner.
“The scraping of personal information on a large scale from social media sites, and subsequent matching and combining of different data sets, raises privacy concerns,” Information and Privacy Commissioner Angelene Falk said in a statement.