Kazakhstan: Major data hack bears Chinese fingerprints
The targeted individuals apparently included employees of the National Security Committee and the Defense Ministry.
A trove of freshly leaked data, apparently from a contractor for China’s security services, has revealed that particular interest was taken in learning about law enforcement and military personnel in Kazakhstan.
The Kazakh Digital Development, Innovation and Aerospace Industry Ministry said in a statement on February 20 that it has, together with the National Security Committee, or KNB, begun analyzing the leaked information to learn more.
The story began earlier this month, when unknown users of the GitHub developer platform uploaded a large amount of sensitive data they said had come from a Chinese company called I-Soon, which they said had done work for the Chinese Ministry of Public Security.
IT specialists say the data was sourced from all over the world, including Afghanistan, Egypt, France, India, Kazakhstan, Kyrgyzstan, Mongolia, Pakistan, and Turkey, among many others.
TsARKA, a Kazakhstan-based cyber-security company, suggested on its website on February 20 that the leak revealed the techniques preferred by Chinese IT surveillance operatives. These included Trojan viruses, systems for de-anonymizing social network users, and WiFi networking hacking equipment.
The target of the alleged Chinese surveillance operation was both broader systems, such as databases, and the correspondence, call logs and movements of specific individuals, cybersecurity experts have said.
Kazakhstan appears to have been of particular interest to Chinese intelligence services. Based on an analysis of the leaked information, TsARKA claimed that at least one hacker group had full access to the critical infrastructure of Kazakhstan’s telecom operators over a period of more than two years.
Entities whose data ended up in the hands of the Chinese company include the country’s largest telecommunications operator, Kazakhtelecom, as well as cellular operators Beeline, Kcell and Tele2. The information included the personal data of subscribers: names, email and postal addresses, phone numbers, call logs, device IMEIs, and logins and passwords.
Other reported targets were the State Pension Fund and airline company Air Astana. The pension fund, however, has denied that any of its data has been hacked.
The targeted individuals identified by TsARKA included employees of the National Security Committee, or KNB, and the Defense Ministry.
“This is just the tip of the iceberg. No one knows how many undetected hackers and leaks of our data there are,” said researchers for the company, which is widely understood to have ties to the KNB.
Almaz Kumenov is an Almaty-based journalist.
Sign up for Eurasianet's free weekly newsletter. Support Eurasianet: Help keep our journalism open to all, and influenced by none.