Wikimedia bans seven Chinese users citing “security risk”
Image: The Record
Catalin Cimpanu September 14, 2021

Wikimedia bans seven Chinese users citing “security risk”

Wikimedia bans seven Chinese users citing “security risk”

The Wikimedia Foundation, the organization behind the Wikipedia portal, has banned seven Chinese users on Monday, citing a “security risk.”

“We have banned seven users and desysopped a further 12 as a result of long and deep investigations into activities around some members of the unrecognized group Wikimedians of Mainland China,” Maggie Dennis, the Wikimedia Foundation’s Vice President of Community Resilience & Sustainability, said in an email to Wikimedia members on Monday.

The group, which claims to have more than 280 members, was established in 2017 and said on its project page that its main role was to help new users learn how to use and edit Wikipedia and promote the portal inside China, where the site has been banned since May 2019.

Wikimedia acted to protect the security of its users

But in a carefully worded statement, Dennis suggested that the group might have been infiltrated, something that appears to have created a security risk for the organization and its users.

The security risk relates to information about infiltration of Wikimedia systems, including positions with access to personally identifiable information and elected bodies of influence,” Dennis said.

We restricted access to these tools immediately in the jurisdictions of concern, while working with impacted users to determine if the risk applied to them.”

Dennis said that not all users for which they restricted access were a security risk themselves, but would have been in danger of “exploitation and harm by external groups because they are already trusted insiders” inside the Wikipedia project.

This policy primarily served to address the latter risk, to reduce the likelihood of recruitment or (worse) extortion,” Dennis said.

We believe that some of the individuals impacted by this policy change were also themselves in danger, not only the people whose personal information they could have been forced to access.

The Hong Kong Free Press, which also reported on the ban, had more insight into what went down, claiming that at least one member of the WMC group had been advocating for reporting Hong Kong Wikipedia users to Chinese police, and other members had been involved in election canvassing for admin roles in the Wikimedia China section.

The list of banned users is available here, with the ban timestamp of September 13, 2021.

Dennis said she would be answering questions from fellow Wikipedia users about the ban on the site’s community pages in the next weeks.

Wikimedia sets up a disinformation team

The Wikimedia exec also said that today’s ban is the result of an investigation carried out by its recently founded “disinformation team,” the same team that banned the admin of Wikipedia Croatia in June for pushing a radical right agenda through misleading and inaccurate edits.

Dennis said this team “is still finding its footing” and is currently contracting an external researcher to assess disinformation on the platform.

In addition, Dennis said that Wikimedia had also established a “human rights team” that will be tasked with dealing with “urgent threats to the human rights of communities” and that no harm is done to those who are editing the site.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.