Leaked documents from a Chinese contractor offers rare insight into how the CCP operates its cyberwarfare and surveillance operations
By avagrace // 2024-02-29
 
Chinese police are investigating an unauthorized and highly unusual online leak of documents from a private security contractor linked to the nation's top policing agency and other parts of its government – a trove that catalogs apparent hacking activity and tools to spy on both Chinese citizens and foreigners. The impacted company is known as I-Soon, based in Chengdu, Sichuan, a security contractor with ties to the Ministry of Public Security (MPS). Among the apparent targets of the tools provided by I-Soon are Chinese ethnic minorities and dissidents in parts of the communist nation that have seen significant anti-government protests, such as the relatively freer Hong Kong and the heavily Muslim region of Xinjiang in China's far northwest. The dump of scores of documents and the subsequent investigation were confirmed by two employees of I-Soon. The dump, which analysts consider highly significant even if it does not reveal any especially novel or potent tools, includes hundreds of pages of contracts, marketing presentations, product manuals and client and employee lists. (Related: Cybersecurity official warns: Americans must prepare for CYBERATTACKS from Chinese hackers.) The leaked documents reveal, in detail, the methods used by Chinese authorities to surveil dissidents within the mainland as well as overseas. The documents also provide insight into how Chinese authorities hack into the networks of other nations and spread pro-Beijing narratives on social media platforms. The documents show apparent I-Soon hacking of networks across Central and Southeast Asia, as well as Hong Kong and the self-ruled island of Taiwan, which Beijing claims as its territory. I-Soon and Chinese police are investigating how the files were leaked, the two I-Soon employees said. One of the employees said I-Soon held a meeting about the leak and was told it wouldn’t affect business too much and to “continue working as normal.” Jon Condra, an analyst with Massachusetts-based cybersecurity firm Recorded Future, called the leak the most significant leak ever linked to a company "suspected of providing cyber espionage and targeted intrusion services for the Chinese security services." He said organizations targeted by I-Soon – according to the leaked material – include governments, telecommunications firms abroad and online gambling companies within China. Until the 190-megabyte leak, I-Soon's website included a page listing clients topped by the MPS and included 11 other provincial-level security bureaus and 40 other municipal-level public security departments. The company’s website was fully offline later. An I-Soon representative refused an interview request and said the company would issue an official statement at an unspecified future date.

Cyber tools used to surveil dissidents, flood social media with propaganda

Chinese censorship bureaus can directly surveil Chinese social media platforms and order them to take down anti-government posts or to keep watch over individuals who may be troublemakers. China does not have this similar power on overseas sites like Facebook and X, formerly Twitter, where millions of Chinese individuals flock to evade state surveillance and censorship. This is where I-Soon comes in, with its tools designed to curb dissent on overseas social media platforms and to flood them with pro-Chinese content. “There’s a huge interest in social media monitoring and commenting on the part of the Chinese government,” said Mareike Ohlberg, a senior fellow in the Asia Program of the German Marshall Fund. To control public opinion and forestall anti-government sentiment, Ohlberg said, control of critical posts domestically is pivotal. "Chinese authorities have a big interest in tracking down users who are based in China," she said. The source of the leak could be "a rival intelligence service, a dissatisfied insider or even a rival contractor," said chief threat analyst John Hultquist of Google's cybersecurity division, Mandiant. One leaked draft contract shows I-Soon was marketing "anti-terror" technical support to Xinjiang police to track the region's native Uyghurs who have migrated to Central and Southeast Asia. I-Soon also claimed it had access to a hacked airline and cellular and government data from multiple nations including Afghanistan, Malaysia, Mongolia and Thailand. "We see a lot of targeting of organizations that are related to ethnic minorities – Tibetans, Uyghurs. A lot of the targeting of foreign entities can be seen through the lens of domestic security priorities for the government," said Dakota Cary, a China analyst with the cybersecurity firm SentinelOne. Cary added that he believes the documents are legitimate because they align with what would be expected from a contractor hacking on behalf of China’s security apparatus with domestic political priorities. Cary found a spreadsheet with a list of data repositories collected from victims and counted 14 governments as targets, including India, Indonesia and Nigeria. The documents indicate that I-Soon mostly supports the Ministry of Public Security, he said. Cary was also struck by the targeting of Taiwan’s Health Ministry to determine its Wuhan coronavirus (COVID-19) caseload in early 2021 – and impressed by the low cost of some of the hacks. The documents show that I-Soon charged $55,000 to hack Vietnam’s economy ministry. Watch this Feb. 22 episode of "The Alex Jones Show" on InfoWars as Alex Jones discusses how agents of Communist China are the prime suspects for AT&T's recent outage. This video is from Polyxena Lobcovice on Brighteon.com

More related stories:

New documents reveal horrific conditions in illegal medical lab in California owned by Chinese firm. China bans critical industries from purchasing Micron products for failing "cybersecurity review." Cybersecurity expert successfully builds PROPAGANDA MACHINE that can mass produce AI-generated DISINFORMATION. Sources include: Independent.co.uk InfoSecurity-Magazine.com Brighteon.com