Data leak from China spills beans over global hacking bid

Sensitive information leaked from Chinese cybersecurity firm I-Soon has shown the prowess of Beijing hackers to the world.The United States Federal Bureau of Investigation (FBI) has claimed this to be the biggest data leak in a country comprising sensitive intel of day-to-day operations of China’s hacking program.

Chinese police are busy investigating online dump of files from private security firms working for the local government. The leak included hundreds of images, chat transcripts, and documents from Shanghai-based I-Soon. It was revealed that the group used to gather information from a network of Beijing-based hackers who used to sell the sensitive information to local state governments in China. The Shanghai-based company I-Soon is believed to be one of the many private contractors that help the Chinese conduct hacking and surveillance activities.

Around 190 megabytes of data was posted on the software and code-sharing website GitHub. This massive data upload never directly hinted at the data being stolen but revealed which outfits the Chinese hackers are targeting, and the Chinese agencies buying these data.According to a report published in Washington post the data had detail of contracts awarded to I-Soon to extract foreign data over eight years and describe targets within at least20 foreign governments and territories, including India, Hong Kong, Thailand, South Korea, the United Kingdom, Taiwan and Malaysia.

The data leak also revealed the length and breadth of data gathering done by Chinese hacking networks targeting top global agencies and phone companies. The source of data leak, the hackers involved, and the kind of funding given, are some key points that are yet to be revealed but one thing is for sure that China heavily relies on such information.

“One spreadsheet listed 80 overseas targets that iSoon hackers appeared to have successfully breached,” the report said. This included “95.2 gigabytes of immigration data from India and a 3 terabyte collection of call logs from South Korea’s LG U Plus telecom provider,” it added.

I-Soon workers used to target top agencies everyday. Theygathered intel from government agencies functional in China’s neighbours, including Kyrgyzstan, Thailand, Cambodia, Mongolia and Vietnam, and had websites or email servers hacked. Other targets ranged from offices of top British think tanks to Thai ministries.

Chinese hackers were constantly recording data from top telecom providers in Pakistan, Kazakhstan, Mongolia, Thailand and Malaysia, among others, and educational institutions operating from Hong Kong and self-ruled Taiwan, which China wants to integrate into its own territory. The data leaks further revealed that hackers had lost access to some of their data seized from government agencies in Myanmar and South Korea. The I-Soon hacking network had key insights at a domestic level as well, from China’s northwestern region of Xinjiang to Tibet and from illegal pornography to gambling rings, every little detail was part of the leaks.

The most evident was the fact that I-Soon’s customer base included officials from the local police department and Communist Party of China. Some other services offered internally by I-Soon included protecting devices from hacking and securing communications.There were also references to official corruption, grave human rights violations, and abuse of the labour force captured through the chat transcripts taken locally in China. I-Soon workers were found deeply involved in developing malware, trojan horses, and keyloggers in the guise of software that were used to build databases of personal information. Some details leaked online revealed that hackers were able to gain access to a person’s computer remotely and execute commands and monitor what they type.

The proficient Chinese hackers even found ways to breach Apple’s iPhone and other smartphone operating systems and broke into customer’s accounts on social media platform X, formerly Twitter, in order to obtain sensitive information. Some of the hackers had exclusive access to the foreign secretary’s office, foreign ministry’s Asean office, prime minister’s office, national intelligence agency” and other government departments of an unnamed country. These hackers had developed tools to bypass basic two-step authentication on someone’s smartphone or account to get hold of all personal information and sell them in public domains.

I-Soon is a part of a patriotic hacking ecosystem backed by the Chinese government to serve powerful government entities including the Ministry of Public Security, the Ministry of State Security and the Chinese military. Top US agencies investigating the data leaks uncovered that I-Soon hackers along with the People’s Liberation Army have breached computer systems in about two dozen key American infrastructure entities over the last year and were persistent with their attacks on top-notch American companies like X, Microsoft and Apple.

China in recent years has escalated its efforts to monitor social media platforms, transactions done by global agencies and even the status of multiple political parties. ISoon was found to have signed hundreds of deals with Chinese police that range from small jobs priced at $1,400 to multiyear contracts costing as much as $800,000.

The company’s leaked product manuals describe the services they offer and their prices, and boast about being able to steal data without detection. The product descriptions, targeted at state security clientele, at times use wartime language to describe a data-extraction mission underpinned by extreme threats to China’s national security. Overall, I-Soon data leaks have exposed the kind of intel China possesses and how it can be a threat to global data security.