Update That big data leak of 571 files from the hacker firm iS00N had researchers and journalists salivating for five days - but on the sixth day, GitHub, the platform where it was posted, invoked its terms of service to remove it. The biggest leak of data ever from any Chinese hacking organization was replaced overnight on 21-22 February with this notice: This repository has been disabled.Access to this repository has been disabled by GitHub Staff due to a violation of GitHub's terms of service. If you are the owner of the repository, you may reach out to GitHub Support for more information. We asked GitHub's media affairs folks for an interview (just a short drive for me to their San Francisco headquarters) but they preferred to go with this statement: “We removed the content as it was found to be in violation of GitHub's Acceptable Use Policies on doxxing and invasion of privacy.” Understandable. But there is another consideration. GitHub was acquired by Microsoft in 2018 for $7.5 billion, and Microsoft has operated in China since 1992 when they opened their Beijing office (I was there, representing the US as a Commercial Officer at our embassy). Nowadays the software giant has about 9,000 employees in the People's Republic. It is not hard to imagine the conversation that might have occurred between Microsoft's reps in Beijing and the host government (and this may become a game of whack-a-mole for all concerned). We can leave that there. I asked Drew Thompson, a Visiting Senior Research Fellow at the National University of Singapore, for a comment. He is a keen observer of US-China relations and the tech scene and had this to say:
So the reach of these efforts is far and wide, but its organization is strained. That may continue, or the CCP, which is good at organizing things, may succeed in improving these collection efforts. Let's hope for more Snowdens in China. What's good for the goose is good for the gander (insider leaks, that is). For new subscribers, the original post follows. Regards, Matt Background: the original post of 21 February: Several stories came out this week about a massive data dump from China, including in the New York Times and throughout the cybersecurity press, the overseas anti-communist Chinese press, and the cyber press in Chinese. Not much from the mainland's CCP-approved press, of course. Posted on GitHub by an unknown party, the data was from iS00N, a contractor for China's Ministry of Public Security. iS00N is also known as the Shanghai Anxun Information Company (上海安洵信息公司). It is headquartered in Shanghai and has offices elsewhere in the People's Republic. I'm happy to say that we at SpyTalk kept up with the power curve on this one. Our story is no longer behind a paywall as of 12:00 Noon Eastern on 22 February. Please take a look at SpyTalk and consider taking out a free or paid subscription. Your support is how we keep this effort going. Back to the story: our account of iS00N's operations - hacking into databases and against individuals around the globe - was informed by combing through dozens of chats and documents in Chinese. The material we consulted showed that iS00N works primarily for Public Security Bureaus around China, but other sources believe that they also count the Ministry of State Security in their client base. Links to some of these stories are below. A salacious bit right up front. Not all of iS00N's workers are happy in their work. One chat exchange in the leaked material went like this: I’m really drunk…Public Security clients are such stupid c***s,” [公安的客户太傻逼], said one.” I’d like to get the f*** out of the Public Security business this year. Too much heartache. Still no f***ing money. It was a sharp contrast with the good living that a working-level cybersecurity engineer can make in the U.S. and allied nations. Other stories on the iS00N leak: https://www.malwarebytes.com/blog/news/2024/02/a-first-analysis-of-the-i-soon-data-leak A really good one with photos I wish I'd had for the SpyTalk story: https://substack.com/home/post/p-138316145?r=1j0&utm_campaign=post&utm_medium=web. It included this one: The eight-character slogan behind the desk reads "Professional and in the lead; prestigious and distinguished." Next month, I will publish a deeper dive into iS00N and its fellow PRC hack jocks firms and how they work with China's security apparatus in the Jamestown China Brief. The goal: to explain as much as possible in readable English (if you've ever tried to understand cyber security articles, you know what I mean). More on that in the next newsletter. Lessons from this unprecedented look at a hacking contractor in the service of PRC security agencies:
Best regards, Matt Mobile (Signal enabled): +1-408-891-5187 Email: matthew.brazil@gmail.com Encrypted: matt.brazil@hushmail.com https://www.mattbrazil.net/ |
Sign up for the research newsletter; find more learning resources at the links below.
Dear Friends: Book Research News My last newsletter was in February - apologies for being quiet for so long. I'm moving forward with chapters for the book on China's state security structure and activities, and will shortly submit a proposal to a publisher. The revised table of contents includes chapters on: Enemies Within (sound familiar?) Taiwan and the United States as main espionage targets The CCP's use of Hong Kong and Macau Operations in Europe and Asia The Cyber Revolution Research...
This year's most popular poster at the MSS and the CCP Propaganda Department? Maybe only in the gift shop (to view images, enable download) Sino Spies of the Baltic; The Comparative Politics of Spy Trades; Pathbreaking Research from Australia by Alex Joske Sino spies of the Baltic Russian clandestine operations have long targeted the Baltic States and Scandinavia, but lately, the environment has become more crowded. Interviews conducted in Europe since the last newsletter in July highlighted...
Dear Friends: Here are a couple of items that I hope you will find interesting. Chinese "Police Stations" Abroad: A Radio Segment, and Some Background For an eight-minute explanation on these stations, go here for my interview with Scott Tong on "Here and Now," the award-winning radio program from National Public Radio and WBUR Boston. They do long-form interviews and dig deeper into contemporary affairs than other such shows, and are worth checking out. Go Deeper: The Chinese Communist Party...