View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Insecure MongoDB Databases Expose Chinese State Surveillance, Nuclear Plant

The social media surveillance programme is retrieving private messages en masse....

By CBR Staff Writer

Exposed MongoDB databases are being used by Chinese surveillance operatives to store and share data collected from over 364 million profiles on social media sites, with the databases being used to mine social media messages – wide in the open.

The insecure MongoDB databases were discovered by non-profit GDI Foundation security researcher Victor Gevers, who disclosed his findings on Twitter as he also sought community help in identify messaging services connected to the databases.

The find comes just weeks after Gevers also identified an exposed MongoDB database with default credentials for a Chinese nuclear reactor. (Twitter users in the infosec community speculated that this was a honeypot*; it has since been pulled offline).

Gevers wrote on Twitter: “So this social media surveillance program is retrieving (private) messages per province from 6 social platforms and extracts named, ID numbers, ID photos, GPS locations, network information, and all the conversations and file transfers get imported into a large online database.”

MongoDB is a non-relational databases that store documents in flexible, binary representations called BSON (Binary JSON). This means fields can vary from document to document and data structure can be changed over time; as opposed to relational database management system like Oracle’s MySQL, which store data in tables and use structured query language for database access.0.

MongoDB Database Used on A Daily Basis by Surveillance Operatives

Gevers sought out help on Twitter to help identify the messaging services involved such as one displayed as ‘wxmsg’, which was correctly identified as the Wechat messaging service by other Twitter users.

He found that over 364 million online profiles, the data from their chats and file transfers were being processed through the MongoDB database on a daily basis. These online profiles were then being linked to the identity of an individual. This data was then transferred between police stations in cities and provinces across China.

He added that most of the conversations he viewed within the database appear to be ‘typical teenager conversations’.

He is still unclear how these conversations are being selected for review, as in which trigger words are triggering a manual review by a human. Gevers used a VPN to access the Chinese section of the internet which is controlled by the Chinese state.

On Feb 22, the National Computer Network Emergency Response Technical Team/Coordination Center of China CNCERT published an announcement on their website saying that they have found 468 public MongoDB instances in China so far and they are working with local authorities to get them fixed.

See Also: MongoDB Lets Rip at AWS After Amazon’s DocumentDB Launch

*Computer Business Review certainly hopes so… 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.