Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Internet censorship. Show all posts
VPN Blocking
Belt And Road China Great Firewall Cybersecurity Threats Data Breach Deep Packet Inspection Digital Authoritarianism Internet censorship Surveillance Technology VPN Blocking

500GB Leak Marks Largest Exposure of Great Firewall’s Internal Operations


 

There has been a significant breach of one of the world's most sophisticated censorship systems, the Great Firewall, which is considered one of the most tightly controlled systems. This breach has led to the largest data leak to date for China’s Great Firewall. 

Geedge Networks, a company directly responsible for developing and operating China’s internet control infrastructure, released a massive amount of data on September 11, 2025, that included 500 gigabytes of internal files and over 100,000 confidential documents. In the cache, detailed blueprints of the DPI and filtering technologies which underpin Beijing’s digital censorship regime are available. 

As a result of these leaked records, it is clear that not only has the tool been exported and sold to at least four authoritarian governments outside of China, but it has also been used to police information flows in China. It is revealing in a way that no previous insight was available into the inner workings of the Great Firewall, and it raises urgent questions regarding the global spread of surveillance and censorship technologies sponsored by states. 

GFW Report's researchers have found that the trove contains dozens of internal records, including proposals, research papers, and operational logs, as well as source code and RPM packages that were used in developing the filtering infrastructure. In many of the documents, references can be found to projects related to China's Belt and Road Initiative (BRI), suggesting that the censorship technology is not only being considered in China but is often deployed outside the country’s borders as well. 

As detailed by the internal notes of Geedge Networks, they also indicate that they have been providing services to provincial governments in regions like Xinjiang, Jiangsu, and Fujian, as well as exporting surveillance systems to foreign companies. An investigation conducted by Cybernews reveals that the leaked suite of software also includes advanced tools that allow users to analyse traffic, such as Deep Packet Inspection (DPI) for traffic analysis, modules for detecting VPNs, Tor, and other circumvention tools, as well as features for traffic throttling, content monitoring, and potential user tracking, to name just a few. 

Even though these capabilities appear extensive, experts warn that the exact functionality of the software is uncertain based on the fact that the source code has not yet been examined fully and that some of the leaked materials are still not entirely accurate. Researchers discovered that inside the leaks, they have found complete build systems for DPI platforms, as well as code modules designed for identifying and thwarting certain circumvention techniques. 

The technical material focuses mainly on the detection of VPN networks, SSL fingerprinting, and the logging of full sessions of traffic in order to demonstrate how precisely the system has been designed to monitor and control Internet activity with its precision. Great Firewall Report, the first group to authenticate this leak, noted in its report that the documents describe the architecture of Tiangou, a commercialised censorship system which was described internally as a "Great Firewall in a box." When international sanctions were imposed in response to Tiangou's earlier versions, the server was reportedly built on HP and Dell servers, but later switched to Chinese-made equipment. 

A leaked deployment sheet shows how large the system is: according to the information on the leaked deployment sheet, in Myanmar the platform has been installed across 26 data centers that are directly connected to the nation's internet exchange points, making it possible for authorities to monitor 81 million simultaneous TCP connections, as well as enforce sweeping controls over online communication with their live dashboards. 

Moreover, the documents also indicate that Myanmar's state-run telecom company was responsible for operating the installation, highlighting the significance of national carriers in enforcing digital censorship in Myanmar. The evidence also indicates that Geedge's DPI technology has been exported to a number of foreign countries outside Myanmar. It is reported by WIRED and Amnesty International that deployments have occurred in Pakistan, Ethiopia, and Kazakhstan, and that they are often complemented by lawful intercept systems that can monitor mobile communications in real time. 

According to reports, this technology is used to underpin a nationwide monitoring program known as WMS 2.0, which will oversee mobile communications on a massive scale throughout the country. In addition to the leaked documents, earlier findings from May signal a shift in China's censorship architecture to a "provincial firewall" model that signals a move away from strict centralisation towards a more layered approach to regional control that is based on a more regional approach to censorship. 

The decentralisation scheme appears to be aimed at increasing the degree of flexibility and efficiency of monitoring by allowing provincial authorities to tailor censorship and surveillance according to local circumstances, while adhering to the general national directives at the same time. As it turns out, the documents provided by China indicate that, under the Belt and Road Initiative framework, such technologies are being actively exported beyond Chinese borders. 

It has been revealed that Geedge Networks, the company at the centre of the leak, has provided comprehensive censorship and surveillance platforms to Internet providers in Myanmar, Pakistan, Kazakhstan, Ethiopia, as well as to unknown countries—effectively replicating the digital authoritarian model that has become so prevalent in China on a worldwide basis. 

The revelations about advanced surveillance capabilities for individuals and groups have been particularly troubling. This paper demonstrates a variety of deep packet inspection systems, VPN/Tor/Psiphon detection systems, traffic shaping systems, and even malware injection systems, all accompanied by sophisticated dashboards that allow governments to monitor users in real time, and this can result in improved security. 

As new technologies are developed, such as geofencing and trajectory mapping, individuals can be automatically flagged for entering specific areas, past movement patterns can be reconstructed, and high-risk individuals can be marked as high risk based on their behaviours, including frequent SIM swaps, use of circumvention tools, and interactions with foreign platforms. In addition to these tools, there are tools for collective monitoring as well. This system can provide governments with unprecedented power to suppress dissent before it reaches the public square by displaying the real-time geographic distribution of monitored groups, detecting unusual gatherings, and identifying potential protests before they occur, which is even more concerning. 

In the past few years, China has been waging a campaign of cybersecurity control and online censorship with its Great Firewall, which was designed to regulate virtually all internet activity within the country for years. In its core is a deep packet inspection engine, which is capable of examining every data packet that passes through a network service provider, cross-referencing it to continuously updated blacklists containing keywords, IP addresses, and protocol signatures, and deciding whether, at any time, the data packet should be permitted, throttled, or blocked. 

The system is enhanced by tampering with DNS, blocking IP addresses, filtering keywords, and real-time traffic shaping. Together, these measures form a comprehensive censorship barrier that obstructs access to foreign news outlets, social media platforms, and politically sensitive content, while at the same time logging user activity for government surveillance purposes. 

It is because Geedge Networks, led by Fang Binxing, often referred to as the "Father of the Great Firewall," is developing the proprietary hardware, firmware, as well as the Secure Gateway software that drives this censorship engine to serve the needs of the US government. There has been a substantial contribution made by the MESA Lab at the Institute of Information Engineering, which has contributed algorithms for detecting and resolving circumvention tools such as VPNs and proxy servers, transforming the technology into a fully functional turnkey product ready to deploy. 
A researcher at the Great Firewall Report describes this exportable kit as “a great firewall in a box.” As investigators pieced together the export trail, they discovered a striking correlation between cargo manifests, data centre footprints, and annotations on code that revealed the delivery of this technology to countries with severe restrictions on digital rights, countries already known for their harsh stance on digital freedoms. 

Thousands of users in these regions suffer immediate and chilling consequences when such infrastructure arrives: news articles can suddenly disappear from their screens, messaging apps may cease working, or video calls to family members abroad can end mid-conversation without any warning. As a consequence of the firewall's capability of surveillance, civil society has been exposed to greater dangers just for speaking freely, which includes activists, journalists, and ordinary citizens. 

In the face of China's layered defences, even the most advanced virtual private networks (VPNs) face mounting challenges. The DPI engine now utilises deep-learning classifiers, which are capable of detecting obfuscation protocols, so that it can throttle or block VPN traffic in real time in order to protect users. Several VPN providers, including NordVPN and Proton VPN, have introduced stealth protocols specifically designed to counter these measures, but the battle remains on. 

As censorship technologies develop, VPN developers are constantly on the lookout for ways to maintain access to a free and open internet, and they must strive to keep up to date with these technologies to ensure they remain a step ahead of them. China's Great Firewall has been exposed in unprecedented ways through this massive leak, forcing the public to reassess China's policies far beyond its borders. 

At its heart lies a troubling reality: these technologies were originally designed to consolidate state power in the domestic sphere, but now are being systematically exported across multiple continents, institutionalising digital authoritarianism. As a result of the global diffusion of surveillance infrastructure, it is imperative to ensure transparency, stronger safeguards for internet freedom, as well as international cooperation, in order to counter this threat. 

This type of turnkey censorship system poses a huge risk to top policymakers, civil society, and technology companies, and we must all work together to deal with it. Not only must we demand accountability from states that deploy them, but we must also strengthen resilient tools that can protect online expression and privacy from them. This revelation should also serve as a warning to democratic nations that they should work hard to develop and support open-source, censorship-resistant technologies and promote policies that prioritise human rights in digital governance in order to combat the threat of censorship. 

As communication is increasingly becoming an integral part of social, political, and economic participation in modern times, it is becoming increasingly apparent that the unchecked spread of such mechanisms threatens to redraw the boundaries of free speech around the globe. As alarming as the leak may be, it offers us a rare opportunity to map these systems and develop countermeasures - before the digital iron curtain becomes the norm for securing our privacy around the world.
Read more »
State-Sponsored Monitoring
Authoritarian Technology Cybersecurity Leak Data Breach digital surveillance Great Firewall Internet censorship State-Sponsored Monitoring

Great Firewall of China Compromised in Historic 600GB Data Exposure


 

It has been reported that on September 11, 2025, nearly 600 gigabytes of classified materials linked to the Great Firewall of China have emerged online in a breach of China's closely guarded internet censorship machinery, which is a breach of scale that has never been experienced. This leaked cache of internal GFW documents, which experts have described as the largest exposure of internal GFW documents ever in history, provides a rare opportunity to get a closer look at Beijing's highly automated digital surveillance system. 

It is a collection of data that has been gathered from Geedge Networks, a company founded and led by Fang Binxing, one of the most renowned scientists in the world, along with the MESA Lab at the Institute of Information Engineering of the Chinese Academy of Sciences, which has collected and archived source code, internal communications, development logs, and archives of project management tools for a period of many years. 

According to researchers who examined the document, the revelation not only confirms Chinese national security sweeping domestic control, but reveals how censorship and surveillance technology, packaged as deployable hardware and software systems, has been exported overseas. Geedge's services are indicated in the documents, not only to sensitive domestic regions such as Xinjiang, Jiangsu, and Fujian, but also to governments in Myanmar, Pakistan, Ethiopia, and Kazakhstan, with further signs that the company's services may be deployed under the Belt and Road Initiative.

A 500GB archive of server repositories, detailed manuals, and operational files is one of the details of the breach that indicates not just a compromise of a state secret but also a glimpse into how China's digital authoritarian model of digital authority has been refined and marketed for international use as well. 

There are two pivotal institutions at the heart of China's online censorship regime, which are referred to in the cache of leaked files: Geedge Networks and MESA Lab of the Institute of Information Engineering under the Chinese Academy of Sciences. As a result of the work of Geedge, led by its chief scientist, Fang Binxing— widely known as “Father of the Great Firewall”—Geedge has been seen for decades as the technical brain behind the operation of the firewall system. 

There has been a forensic investigation into the incident, and it appears the attackers have exploited an incorrectly configured private code repository to gain access to backup snapshots, archived communications, and development environments. A single mirror archive of RPM packaging servers was estimated to have accounted for 500 GB of the material that was exposed, along with years' worth of documentation, JIRA project management data, and technical manuals. 

It turned out that the breach exposed nearly 600 gigabytes of data. In the files, scientists found evidence that Geedge was not only located in provinces such as Xinjiang, Jiangsu, and Fujian, which represent some of the worst cases of domestic censorship, but was also supplying censorship as a service to other countries under the Belt and Road Initiative. 

The contract and proposal details the provision of keyword blacklists, real-time traffic monitoring, cloud-based filtering appliances, and other services to the governments of Myanmar, Pakistan, Ethiopia, and Kazakhstan, with diplomatic communications suggesting additional undisclosed customers. 

In the leak, a parallel role also comes to light for MESA Lab, which was established in 2012 as the Processing Architecture Team for "Massive Effective Stream Analysis" and eventually became an international research centre worth millions of yuan. 

The lab maintains internal source code and development records, which expose sophisticated algorithms for packet inspection, dynamic rule enforcement, and evasion detection, including simulated testing against encrypted tunnels circumvention tools as well as testing against encryption tunnels and circumventions. 

The documents, which have been carefully reviewed by organisations such as GFW Report and Net4People on isolated systems, are seen as a groundbreaking intelligence breakthrough by analysts. They provide an unparalleled understanding of the mechanism of state-sponsored internet controls while raising important questions regarding the export of authoritarian surveillance techniques to the global marketplace. 

The leaked cache contains nearly 600 gigabytes and tens of thousands of files and repositories, and together, they provide a rare and intricate insight into the machinery of China's censorship system, with its complex and comprehensive policies governing the internet. In its core lies a massive 500GB mirror archive of RPM packaging servers. This demonstrates to us that, in addition to being a political construct, the Great Firewall is a highly engineered software ecosystem that is maintained to the same standard as a large, corporate-scale IT operation. Additional archives such as geedge_docs.tar.zst and mesalab_docs.tar.zst contain countless internal reports and research proposals. 

A number of the files referencing projects such as “CTF-AWD,” “BRI,” and “CPEC” suggest connections and international collaborations that are based on the Belt and Road Initiative, while project management data and communication drafts show the coordination of researchers and engineers on a daily basis. 

Even though many documents appear mundane, such as reimbursement receipts and documents labelled simply “Print”, censorship is still an institutionalised part of bureaucratic processes and procedures. There are a number of things that distinguish this leak from other types of breaches, the most remarkable being its breadth and granularity. Instead of only a few emails or whistleblower memos, this collection comprises raw operational information that reveals years of investment, research, and development. 

Several independent researchers, including Net4People, Hackread.com, and others, have noted that the file tree itself tells a great deal about the Firewall's evolution into a distributed, export-ready system. Additionally, the background materials also examine how the MESA Lab grew in 2012 from a small research lab at the Chinese Academy of Sciences into a multi-million dollar operation that contributed to national cybersecurity awards in 2016, which had been opened in 2016. 

Originally created under the guidance of Fang Binxing, who is given credit for designing the Great Firewall, Geedge Networks quickly absorbed the talents of the MESA and has quickly emerged as one of the few private firms capable of supporting state censorship both domestically and internationally. 

The immediate revelations of Chinese internet control infrastructure confirm what many observers have long suspected: that while the full analysis of source code may take months, they already confirm what many observers have long suspected. There is no static or insular Chinese internet control infrastructure. Instead, it is a living system shaped by government contracts, academic research, and private enterprise, and increasingly packaged for export to other countries. 

A hacktivist group behind the disclosure has warned that examining the files should only be done in an isolated environment because there might be embedded malware and tracking elements in them. Despite these dangers, researchers and rights advocates argue that the trove offers the chance to gain a comprehensive understanding of the Great Firewall, both in terms of how it worsens and how its influence is being systematically extended outside of the country. 

This unprecedented exposé of the Great Firewall's inner workings is far more than a breach - it marks an important turning point in the global debate around digital rights, sovereignty, and the export of surveillance technology worldwide. In the context of governments, these files provide an unfiltered look at how authoritarian states operationalised censorship, transforming it into a scaled, almost commodified system that is capable of deploying well outside their own borders. 

As researchers and civil society groups, we find that this material is an invaluable resource unravelling censorship mechanisms, developing countermeasures, and creating stronger tools to circumvent censorship. 

As a result of these revelations, policymakers around the world need to look at how Chinese surveillance infrastructure is spread through initiatives like the Belt and Road initiative, and to weigh the geopolitical implications of supporting regimes that restrict freedom of expression to take appropriate measures. Since the data is subject to potential security risks, it is imperative to handle it carefully. 

However, its availability presents an excellent opportunity to improve transparency, accountability, and resilience against digital authoritarianism, as well as strengthening transparency, accountability, and resilience. If used responsibly, this leak could not only reshape the way people perceive China's censorship model but also help to spark international efforts to safeguard the open internet in general.
Read more »
Technology
Censorship Internet censorship Technology

Roskomnadzor accused Google of blackmail and pressure on the court

Representatives of Roskomnadzor accused the American corporation Google of blackmail after its statement about possible risks for Russia associated with the requirement to unblock the YouTube channel Tsargrad or pay a court penalty. The organization had previously threatened to refuse to remove information banned in the country from search results.

"By threatening the Russian state with stopping the removal of prohibited content from search results, the company seeks to manipulate public opinion and put pressure on the judicial authorities. Google is ready to endanger the lives and health of Internet users in Russia, including children and teenagers, for the sake of its commercial interests," the agency said.

Ekaterina Mizulina, director of Safe Internet League, also called Google's behavior unacceptable. In her opinion, the American corporation would never dare to put pressure on the courts of major European countries, such as Germany and France, because then it would face fines of several billion euros. "These companies work in our market and make huge profits, so they should comply with the current Russian legislation and respect the interests of Russian users and business representatives," she stressed.

Earlier it was reported that Google filed an appeal to the Russian court. The company said that the court penalty, which it faces if it does not unblock the channel Tsargrad entails "significant risks to its ability to operate in Russia" as well as "putting at risk" the implementation of the federal law "On Information": Google may stop removing links to materials blocked in Russia from its search results.

Tsargrad is the first Russian conservative information and analytical TV channel on YouTube. It was blocked in the summer of 2020. Its owner Konstantin Malofeev has been under sanctions by the United States, Canada and the European Union since 2014. In April 2021, a Russian court declared the blocking of the YouTube channel illegal and demanded that access to it be returned.

Read more »
Russian Cyber Security
Internet censorship Internet isolation National Cyber Security Russia Russian Cyber Security

Medvedev mentions about the possible disconnection of Russia from the global network

Disconnecting Russia from the global network is possible, but the authorities have a plan of action in this case, said the Deputy Chairman of the Security Council Dmitry Medvedev.

Medvedev said that Russia has the technical capabilities to ensure the autonomous operation of the Russian segment of the Internet, but no one would like to take it to such extremes.

"Technologically, everything is ready for this. At the legislative level, too, all decisions have been made. But once again I emphasize: this is not easy, and I would really not want it,” stressed he.

Medvedev acknowledged that the isolation of the Russian segment of the Internet is only a backup plan in the extreme case if Russia is disconnected from the global network. "Of course, we have a plan for how to act in such a situation. The Internet, as you know, appeared at a certain time, and, of course, the key management rights are located in the United States of America. So potentially, Russia's disconnection from the global network can happen," said Medvedev. 

The politician recalled the constant talk about disconnecting Russia from the international interbank system for transmitting information and making SWIFT payments. "They constantly frighten us with this. We were even forced to create our own system for the transfer of information if suddenly this happens so that electronic messages can be exchanged. The same thing can potentially happen with the Internet, and then we will not have access to the main nodes of this network," said the deputy head of the Security Council.

The Deputy Head of the Security Council recalled that against the background of such risks, a law on the Russian segment of the Internet was adopted so that it could be managed autonomously.

Nevertheless, the deputy head of the Security Council urged to be realistic and understand that if the Runet is isolated, it will create big problems.

Earlier, E Hacking News was reported that Russian business expressed fear about the isolation from the global Internet.

Read more »
Privacy Breach
Cyber Law Digital Concentration Camp Human rights Internet censorship Privacy Privacy Breach

Digital Concentration Camp: Tech giants are playing God

Recent events in the United States have shown that the tech giants do not care about the constitution, this is a cause for concern.

There are situations when half a dozen people who have created their own technological empires do not even want to know what rights they have in their state. They determine their own rights on the basis of so-called "corporate norms" and do not respect the constitution of their states. We have seen this clearly in the United States. This, of course, a matter of serious concern.

In general, we are talking about the fact that several major multinational corporations - IT, media, pharmaceuticals, banks - plan to do what they want with people. As you know, the emergence of giant monopolies is a classic feature of any large-scale crisis of capitalism. Lenin wrote about this fascinatingly.

An excellent example of this was when Twitch, Twitter, Facebook, YouTube and Instagram previously blocked Trump's accounts for various periods of time due to his statements about the riots in Washington on January 6.

According to Vladimir Shapovalov, a member of the board of the Russian Association of Political Science, Trump and his supporters were deprived of the freedom to vote, the right to receive and disseminate information. But such a right is fundamental.

Another example is how the largest American airline Delta blacklisted almost nine hundred passengers for their "Trumpism". In November, the same company denied its services for life to a passenger who shouted slogans in support of Trump.

It's interesting to note that on one decision to ban Trump, Zuckerberg's company lost 5% of its value. However, they don't seem to care at all about profit. Uber, Snapchat, and Tesla record losses year after year. All they are interested in is the most severe control of their consumers.

It is worth noting that on January 17, Naavi, a veteran Cyber Law specialist in India, became a victim of the injustice of the monopolies. He published an interesting article Union Bank and RSA Fiasco, where he shared his experience and expressed his opinion about what is happening. It all started with the fact that his site was groundlessly accused of hosting a phishing script. The article about Union bank, published on January 14, 2021, received a complaint from the RSA security service. This resulted in the Service provider M / S Square brothers has disabled not only the article page but the entire website www.naavi.org.

Readers in the comments advise Naavi to send a legal notice to RSA and UBI for defamation, DoS (disruption of legal rights) and various sections of the IT Act. The consensus among readers is that RSA and UBI consider themselves above the law and that they need to be made aware of their limits.

Moreover, even our E Hacking news portal has faced similar issue. The Cyber Security Company Comodo mistakenly marked the E Hacking news site as phishing. We even sent a false positive request from their website and also tried to contact them on their Twitter account. There was no reaction on their part.

Earlier, E Hacking news reported that a Russian IT company reportedly lost the contract in the USA because of serving sites with content from Trump supporters.

Read more »
Subscribe to: Comments (Atom)