• D.C.
  • BXL
  • Lagos
  • Riyadh
  • Beijing
  • SG
  • D.C.
  • BXL
  • Lagos
Semafor Logo
  • Riyadh
  • Beijing
  • SG


icon

Semafor Signals

Massive leak spotlights China’s use of private hackers

Insights from SentinelOne, Natto Thoughts, The Washington Post, and Foreign Affairs

Arrow Down
Updated Feb 22, 2024, 4:52pm EST
securityEast Asia
Dake Kang / Associated Press
PostEmailWhatsapp
Title icon

The News

A vast cache of leaked documents has revealed Beijing’s use of a private security contractor to hack individuals, governments, and organizations both in China and overseas.

Chinese authorities have launched an investigation into the rare online dump of leaked materials from the private Chinese security company I-Soon, the Associated Press reported, which was hired to target dissidents and flood overseas networks with pro-Beijing content, among other forms of influence.

AD

There is currently no indication of who is behind the 190-megabyte leak, which was posted to GitHub, a developer platform, last week – and which cybersecurity experts say appears to be credible, according to The New York Times.

icon

SIGNALS

Semafor Signals: Global insights on today's biggest stories.

China is contracting out cyberespionage to private ‘hackers for hire’

Source icon
Sources:  
SentinelOne, Natto Thoughts, The New York Times

The massive leak “shows explicitly how government targeting requirements drive a competitive marketplace of independent contractor hackers-for-hire,” two researchers wrote in SentinelOne. The leak included contracts to extract information from databases and intercept communications dating back eight years, with targets including at least 20 overseas governments and territories, according to The New York Times.

In an October post on her Substack Natto Thoughts, former intelligence analyst Mei Danowski noted that I-Soon was one of the only non-Chinese state-owned companies to “conduct classified research and development related to state security,” after receiving a high-level secrecy qualification for weapons and equipment research from the Chinese government in 2020. I-Soon last year sued a competing Chinese cybersecurity company, Chengdu 404 – which U.S. officials have linked to cyberespionage — though details of the case were not made public.

The source of the leak could be a disgruntled employee

Source icon
Sources:  
The Washington Post, Foreign Affairs

A disgruntled employee or rival firm are two possible suspected sources of the leak, The Washington Post reported. Among the materials revealed were complaints from its staff over poor pay, long hours, and sexism in the workplace, which the paper said may suggest “infighting and dissatisfaction in the network of patriotic Chinese hackers.” A former FBI analyst noted that employees make less than $1,000 a month.

Without these hackers, China’s extensive online influence campaign could collapse. Aside from private contractors, the country relies on millions of ordinary men and women to carry out surveillance domestically — a model that would be “impossible to export” elsewhere, argued Minxin Pei, a Chinese-American political scientist for Foreign Affairs. “Fancy tech tools notwithstanding, it is the organizational capabilities of China’s Leninist party-state that allows its surveillance to function with unrivaled potency,” he added.

Leak includes data that could be useful for Chinese security agencies

Source icon
Source:  
The New York Times

The leak spotlights several Chinese state agencies that allegedly commissioned I-Soon to crack down on both overseas and domestic targets, including China’s national police, the Ministry of Public Security, and the People’s Liberation Army — the principal military force of the Chinese Communist Party.

Among the leaks was a vast database of road networks in Taiwan — maps that experts say could be useful for China’s threatened invasion of the self-governed territory, which Beijing claims as its own. “Figuring out the road terrain is crucial for planning armored and infantry movements around the island on the way to occupy population centers and military bases,” one cybersecurity expert told The New York Times.

AD