Hackers for sale: what we've learned from China's massive cyber leak


A signboard reading "Anti-cyber crime office" is displayed near an entrance door to the I-Soon office, also known as Anxun in Mandarin, after office hours in Chengdu in southwestern China's Sichuan Province. - AP

BEIJING: A massive data leak from Chinese cybersecurity firm I-Soon has offered a rare glimpse into the inner workings of Beijing-linked hackers.

I-Soon is yet to confirm the leak is genuine and has not responded to a request for comment from AFP.

As of Friday (Feb 23), the leaked data was removed from the online software repository GitHub, where it had been posted.

Analysts say the leak is a treasure-trove of intel into the day-to-day operations of China's hacking programme, which the FBI says is the biggest of any country.

From staff complaints about pay and office gossip to claims of hacking foreign governments, here are some of the key insights from the leaks:

Every day, workers at I-Soon were targeting big fish.

Government agencies from China's neighbours, including Kyrgyzstan, Thailand, Cambodia, Mongolia and Vietnam, had websites or email servers compromised, the leak revealed.

There are long lists of targets, from British government departments to Thai ministries.

I-Soon staff also boasted in leaked chats that they secured access to telecom service providers in Pakistan, Kazakhstan, Mongolia, Thailand and Malaysia, among others.

They named the government of India - a geopolitical rival of Beijing's -- as a key target for "infiltration".

And they claimed to have secured back-end access to higher education institutions in Hong Kong and self-ruled Taiwan, which China claims as part of its territory.

But they also admitted to having lost access to some of their data seized from government agencies in Myanmar and South Korea.

Other targets are domestic, from China's northwestern region of Xinjiang to Tibet and from illegal pornography to gambling rings.

Judging from the leaks, most of I-Soon's customers were provincial or local police departments -- as well as province-level state security agencies responsible for protecting the Communist Party from perceived threats to its rule.

The firm also offered clients help protecting their devices from hacking and securing their communications -- with many of their contracts are listed as "non-secret".

There were references to official corruption: in one chat, salesmen discussed selling the company's products to police -- and planned to give kickbacks to those involved in the sale.

There were also references to a client in Xinjiang, where Beijing is accused of grave human rights.

But workers complained about the challenges of doing business in the tense region.

"Everyone thinks of Xinjiang like a nice big cake... but we have suffered too much there," one said.

In their chats, I-Soon staffers told colleagues their main focuses were making "trojan horses" -- malware disguised as legitimate software that allows hackers access to private data -- and building databases of personal information.

"At the moment, the trojan horses are mainly customised for Beijing's state security department," one said.

It also laid out how the firm's hackers could access and take over a person's computer remotely, allowing them to execute commands and monitor what they type, known as keylogging.

Other services included ways to breach Apple's iPhone and other smartphone operating systems, as well as custom hardware -- including a powerbank that can extract data from a device and send it to the hackers.

In one screenshot of a conversation, someone describes a client request for exclusive access to the "foreign secretary's office, foreign ministry's Asean office, prime minister's office national intelligence agency" and other government departments of an unnamed country.

One service offered is a tool that allows clients to break into accounts on social media platform X, formerly Twitter, claiming to be able to obtain the phone number of a user and break into their private messages.

They also have a technique to bypass two-step authentication -- a common login technique that offers an extra level of security to the account.

The leak also paints a less-than-flattering picture of the day-to-day goings-on at a mid-level Chinese cybersecurity firm.

Chats are full of complaints about office politics, lack of basic tech expertise, poor pay and management, and the challenges the company faced in securing clients.

Other screenshots showed arguments between an employee and a supervisor over salaries.

And in another leaked chat, a staffer complained to their colleague that their boss had recently bought a car worth over a million yuan (US$139,000) instead of giving their team a pay rise.

"Does the boss dream about being an emperor?" - AFP

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

China , hackers , cybersecurity , I-Soon

   

Next In Aseanplus News

Taiwan son scams online scammers to get back US$21,000 father loses to crooks
China again urges Philippines to withdraw US missile system in the name of peace
Vietnam likely to experience intense heatwaves in 2025
HK actor Michael Chan, 81, spends over RM500k battling cancers
Rare 1,700-year-old oil lamp unearthed in Jerusalem
Emerging Greater Mekong Subregion vital to Asean centrality, say academics
It's war against scammers - Cambodia reinforces efforts to combat online job fraud that has even affected Malaysians
Mekong River Commission launches education hub and One Mekong app in Vientiane
'No overspending pls', Brunei civil servants urged to plan bonuses wisely
Blackpink’s Jennie to release debut studio album in 2025

Others Also Read