Samantha Dick, The New Daily, September 15, 2020
A popular Instagram fitness influencer was named on a Chinese hacking hit list targeting more than 35,000 Australians for their personal data.
And cybersecurity experts are not surprised.
On Monday, it was revealed the company behind the covert operation has links to Beijing’s military and intelligence networks and has collated profiles on 2.4 million people.
Among them was Adelaide-born fitness entrepreneur Kayla Itsines, 29, whose popular workout programs have attracted more than 12.6 million Instagram followers.
Personal data collected included birth dates, addresses, relationship statuses, political leanings, bank records and psychological assessments.
Although much of the information has been drawn from public records, some details appear to have been sourced from top-secret documents, raising questions about China’s intelligence-gathering operations.
A familiar story
It’s a story we’ve heard before – and will certainly hear again – as data-collecting operations become increasingly sophisticated, cybersecurity expert Mark Pesce said.
The techniques were likely similar to those used in the 2018 Cambridge Analytica scandal, in which millions of Facebook users’ personal data was harvested without consent for political advertising, he said.
“What is China doing that Facebook isn’t doing all the time?” said Mr Pesce, an honorary associate in digital cultures at the University of Sydney.
“Facebook is constantly profiling people. It has one on all 2.5 billion of its monthly users.”
Information from our social media profiles is regularly sold to advertising companies without our knowledge, so they can create personalised ads based on our ‘likes’ or interests.
Soft power in play
Mr Pesce said the main difference in this case was that China’s “curated list” of powerful Australians was clearly part of a targeted political strategy and not just commercial gain.
“You can tell a lot about a person by the connections in their social network – their sexual preference, political identity, whether they’re likely to divorce, whether they’ll be successful in quitting smoking or if they’re gaining weight,” he told The New Daily.
“The more you can profile someone, the more you can predict how they’ll react in a given situation, and the more you can target particular information to them, or about them.”
In today’s tech-driven world, in which Google virtually tracks our every movement, China’s ability to get dirt on a powerful person may not sound overly impressive.
What they choose to do with it, though, is the skillful part.
“The more information you have on someone, the easier it is to spread disinformation about them because it’ll pass the sniff test even if it’s not quite true.”
All it takes is a few carefully crafted “news” stories or online posts to start a social media frenzy and sway public opinion.
An obvious target on China’s list was Prime Minister Scott Morrison.
If you’ve got access to Mr Morrison’s personal online details, you’ll be able to see who he is talking to, which deals he is making behind closed doors and what he really thinks about certain policies or one Twitter-mad president.
In the wrong hands, this information could have disastrous consequences.
How an Instagram fitness star can benefit Beijing
It’s not only top politicians in China’s firing line.
CEOs, billionaires and entrepreneurs also featured prominently, including Ms Itsines.
So what does a savvy fitness influencer have to do with Chinese foreign policy?
It turns out, quite a lot.
“CEOs are a huge target,” La Trobe University cybersecurity expert Dr Stanley Shanapinda said.
According to a cybersecurity risk report published by Aon’s Cyber Solutions in February, C-level executives are 12 times more likely to be targeted by hackers than anybody else.
In 2018, Forbes business magazine estimated Ms Itsines and her then-fiancé’s net worth to be $696 million.
This may explain why her personal data is so valuable to China (and no, it’s not her bikini body workouts).
Online tracking of CEOs can uncover a company’s private business plans, such as new product-in-the-making, and reveal correspondence with other powerful people, like politicians or business leaders.
“If you have the CEO’s email address and you can collect his or her passwords, you get keys to the kingdom,” Dr Shanapinda said.
“That’s how you will be able to get into the network and collect all the secrets from that organisation.”