日本語
한국어
Tiếng Việt
简体中文
In a significant cybersecurity event, China’s extensive internet censorship apparatus, widely known as the Great Firewall, suffered a massive data breach on September 11. Researchers confirmed that over 500GB of sensitive internal documents, complete source code, operational logs, and internal communications were leaked online. This unprecedented spill includes critical packaging repositories and runbooks vital for building and maintaining China’s national traffic filtering system, offering a rare glimpse into its sophisticated mechanisms.
The leaked data reportedly originates from Geedge Networks, a company frequently associated with Fang Binxing, often dubbed the “father” of the Great Firewall. The MESA lab at the Institute of Information Engineering, a research branch of the Chinese Academy of Sciences, also appears to be linked to the breach. This incident sheds light on the entities involved in the development and deployment of advanced internet control technologies.
Among the trove of leaked files are what appear to be full build systems for advanced deep packet inspection (DPI) platforms. These systems contain code modules specifically designed to identify and throttle various internet circumvention tools. A substantial portion of the technology stack is geared towards DPI-based VPN detection, sophisticated SSL fingerprinting, and comprehensive full-session logging, highlighting the advanced capabilities used for network surveillance and control.
“Great Firewall in a Box” Exported Globally
Analysts at the Great Firewall Report, who were among the first to verify and index the leaked material, assert that the documents detail the internal architecture of a commercial platform named ‘Tiangou’. This platform is described as a turnkey “Great Firewall in a box,” designed for deployment by Internet Service Providers (ISPs) and at border gateways. Initial implementations reportedly utilized HP and Dell servers, before a strategic shift to Chinese-sourced hardware in response to international sanctions.
Alarmingly, a leaked deployment sheet illustrates the widespread adoption of this system, revealing its installation across 26 data centers in Myanmar. Live dashboards within the system were observed monitoring an staggering 81 million simultaneous TCP connections. Reports indicate that Myanmar’s state-run telecoms company operated the system, integrating it into core Internet exchange points to facilitate mass blocking and selective content filtering across the nation.
The global reach of Geedge’s DPI infrastructure extends beyond Myanmar. Collaborative investigations by WIRED and Amnesty International expose that this technology has been exported to several other nations, including Pakistan, Ethiopia, and Kazakhstan. In these countries, the censorship equipment is frequently deployed in conjunction with lawful intercept platforms. Specifically in Pakistan, Geedge’s technology is allegedly a component of a larger system known as WMS 2.0, which is capable of conducting real-time, blanket surveillance across mobile networks.
Insights for Cybersecurity and Digital Rights
The sheer scale and specificity of this data leak provide an unparalleled understanding of how China’s internet censorship is not only engineered but also commercialized and exported worldwide. WIRED’s reporting further details how the leaked documents demonstrate the Geedge system’s capability to intercept unencrypted HTTP sessions, raising significant concerns about online privacy and security.
Researchers are just beginning to delve into the vast source-code archive. While much of it remains under thorough evaluation, experts believe that the presence of detailed build logs and development notes could be instrumental in identifying protocol-level weaknesses or operational vulnerabilities. These insights could potentially be exploited by censorship circumvention tools, offering new avenues for digital freedom advocates.
The complete archive is now mirrored by various entities, including Enlace Hacktivista. Researchers strongly advise extreme caution for anyone considering downloading or examining the material, recommending the use of air-gapped Virtual Machines (VMs) or other sandboxed environments to mitigate security risks associated with the sensitive data.