Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the nation's top policing agency and other parts of its government - a trove that catalogs apparent hacking activity and tools to spy on both Chinese and foreigners.
They reveal, in detail, methods used by Chinese authorities used to surveil dissidents overseas, hack other nations and promote pro-Beijing narratives on social media.
The documents show apparent I-Soon hacking of networks across Central and Southeast Asia, as well as Hong Kong and the self-ruled island of Taiwan, which Beijing claims as its territory.
The hacking tools are used by Chinese state agents to unmask users of social media platforms outside China such as X, formerly known as Twitter, break into email and hide the online activity of overseas agents.
The Chinese Foreign Ministry did not immediately respond to a request for comment.
Internal documents in the leak describe I-Soon databases of hacked data collected from foreign networks around the world that are advertised and sold to Chinese police.
I-Soon was founded in Shanghai in 2010, according to Chinese corporate records, and has subsidiaries in three other cities, including one in the southwestern city of Chengdu that is responsible for hacking, research and development, according to leaked internal slides.
I-Soon's tools appear to be used by Chinese police to curb dissent on overseas social media and flood them with pro-Beijing content.
Authorities can surveil Chinese social media platforms directly and order them to take down anti-government posts.
They lack that ability on overseas sites like Facebook or X, where millions of Chinese users flock to in order to evade state surveillance and censorship.
The documents show that I-Soon charged $55,000 to hack Vietnam's economy ministry, he said.
That doesn't mean state-backed Chinese hackers are not trying to hack the U.S. and it's allies, though.
Mathieu Tartare, a malware researcher at the cybersecurity firm ESET, says it has linked I-Soon to a Chinese state hacking group it calls Fishmonger that it actively tracks and which it wrote about in January 2020 after the group hacked Hong Kong universities during student protests.
He said U.S. cyber operators and their allies are among potential suspects in the I-Soon leak because it's in their interests to expose Chinese state hacking.
Western governments, including the United States, have taken steps to block Chinese state surveillance and harassment of government critics overseas in recent years.
Laura Harth, campaign director at Safeguard Defenders, an advocacy group that focuses on human rights in China, said such tactics instill fear of the Chinese government in Chinese and foreign citizens abroad, stifling criticism and leading to self-censorship.
Last year, U.S. officials charged 40 members of Chinese police units assigned to harass the family members of Chinese dissidents overseas as well as to spread pro-Beijing content online.
Chinese officials have accused the United States of similar activity.
U.S. officials including FBI Director Chris Wray have recently complained about Chinese state hackers planting malware that could be used to damage civilian infrastructure.
On Monday, Mao Ning, a Chinese Foreign Ministry spokeswoman, said the U.S. government has long been working to compromise China's critical infrastructure.
This Cyber News was published on apnews.com. Publication date: Thu, 22 Feb 2024 01:29:05 +0000