Insiders were placed inside organisations to steal information.
Insiders were placed inside organisations to steal information.

Chinese police have arrested nearly 100 data thieves and hackers in the culmination of a large operation spanning all over the one of the largest countries in the world. Chinese State broadcaster, CCTV, reported the bust.

Police arrested 96 people suspected of stealing and misusing data. The country-spanning network is meant to have stolen data from gaming, video and social media sites. The group then took that data, which included passwords, ID card numbers and addresses, and sold it on online forums.  

Several of the suspects arrested were noted for not specifically being hackers, but employees of companies from which the data was stolen.

Chinese security forces detained over 4000 people last year for misuse of personal data according to Xinhua News, another state outlet. Of these, less than one hundred were hackers and almost 400 were employees of businesses that exploited personal information held by their employers.

Insider threats rest heavily on the minds of many IT professionals. They tend to sit in the ideal place to steal information for criminal use. While most that are deemed insider threats exploit their employers by accident, circumventing cumbersome security policies to do their job more efficiently, malicious insiders still emerge.  The threat is a notoriously hard one to overcome and such adversaries have been behind a number of famous breaches including Morrisons, the 2016 Sage breach and even Chelsea Manning's disclosures to Wikileaks. Partitioning access and ensuring that employees are restricted to getting at only the information critical to their jobs is often proposed as a remedy to such adversaries.

While Chinese security services are meant to be aggressively pursuing data theft, The South China Morning Post reported, Chen Zhimin, deputy minister of public security, admitted that such cases remained “prominent”.