China hacking document leak exposes widespread state surveillance

[New Sancai Compilation First Release] Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor with ties to China's top police agency and other government departments - which Documents document apparent Chinese hacking and surveillance tools for Chinese and foreigners.

The affected company is China-based Shanghai Anxun Information Company (I-Soon). Obvious targets of the tools it provides include: ethnic minorities and dissidents experiencing severe anti-government protests in parts of China, such as Hong Kong or China Xinjiang, the westernmost region with a densely populated Muslim population.

Two Anxun employees confirmed the leak of a trove of documents late last week and the subsequent investigation into the company's ties to China's Ministry of Public Security. The leaked documents include hundreds of pages of contracts, marketing briefs, product manuals and customer and employee lists. They reveal in detail the methods used by Chinese authorities to spy on dissidents abroad, hack other countries and promote pro-Beijing rhetoric on social media.

The documents show that An Xun apparently carried out hacking attacks on networks in Central and Southeast Asia, as well as Hong Kong and Taiwan. Chinese state agents use these hacking tools to expose users of social media platforms outside China (such as X, formerly known as Twitter), hack emails and hide the online activities of overseas agents. Devices disguised as power strips and batteries that could be used to compromise Wi-Fi networks were also described.

Jon Condra, an analyst at cybersecurity firm Recorded Future, called it the most significant leak ever involving a company "allegedly providing cyber espionage and targeted services to Chinese security services." "Intrusion Services" company. He said that according to the leaked materials, An Xun's target organizations included governments, foreign telecommunications companies and online gambling companies in China.

Leaked internal documents describe the Anxun database, which contained hacked data collected from foreign networks around the world that was promoted and sold to Chinese police.

An Xun's tools appear to be used by Chinese police to curb dissent on overseas social media and fill them with pro-Beijing content. Authorities can directly monitor Chinese social media platforms and order them to remove anti-government posts. “The Chinese government is very interested in social media surveillance and commentary,” said Mareike Ohlberg, senior fellow for the Asia Program at the German Marshall Fund, who reviewed some of the documents.

Olberg said it was crucial to control key domestic positions in order to control public opinion and stem anti-government sentiment. "The Chinese authorities are very interested in tracking users in China," she said.

John Hultquist, chief threat analyst at Google's Mandiant cybersecurity arm, said the source of the leak could be "a rival intelligence service, a disgruntled insider, or even a rival contractor." ”. Hutquist said data showed Anxun's sponsors also included the Ministry of State Security and the Chinese military, known as the People's Liberation Army.

A leaked draft contract shows An Xun is selling "anti-terrorism" technical support to Xinjiang police to track native Uyghurs in Central and Southeast Asia in the region, claiming it can obtain information from countries such as Mongolia, Malaysia, Afghanistan and Thailand. Airlines, cellphones and government data hacked. It is unclear whether the contract has been signed.

"We're seeing a lot of attacks against groups associated with ethnic minorities [Tibetans, Uyghurs]," said China analyst Dakota Cary. "A lot of the attacks against foreign entities can be seen from the government's domestic security priorities. from the point of."

Kari found a spreadsheet containing a list of repositories of information collected from victims and targeted 14 governments, including India, Indonesia and Nigeria. He said the documents showed that An Xun mainly supported the Ministry of Public Security.

Cary was also alarmed that Taiwan's Ministry of Health was set a target for its COVID-19 case numbers in early 2021, and was impressed by the low cost of some of the hacks. He said documents showed An Xun charged $55,000 for launching a hacking attack on Vietnam's Ministry of Economic Affairs.

An initial review of the data by The Associated Press found that while some chats mentioned NATO, there was no indication that any NATO country had been successfully hacked. But that doesn’t mean state-backed Chinese hackers won’t try to attack the United States and its allies. Cary said that if the leaker was in China, which seems possible, "leaking information about hacking of NATO would be very, very inflammatory," a risk that could easily make Chinese authorities more determined to identify the hackers. .

In 2023, U.S. officials accused 40 members of China's police force of being sent to harass the families of Chinese dissidents abroad and spread pro-Beijing content online. The indictment describes tactics similar to those detailed in An Xun's documents, Harth said. U.S. officials, including FBI Director Chris Wray, have recently complained about Chinese state hackers planting malware that could be used to disrupt civilian infrastructure.

(Compiled by: Wang Jimin)

(Editor: Jiang Qiming)

(Source of the article: Compiled and published by New Sancai)