A Chinese Private security contractor linked to communist China’s top policing agency suffered a major leak this week, as hundreds of private documents exposed the country’s surveillance tactics against dissidents, and also its cyber warfare capabilities for a potential cyberattack against its adversaries like the United States, as it enters most important election in history.
The Security contractor, I-Soon, which has ties to the Ministry of Public Security (MPS), suffered a leak of private documents showing it provided the Chinese government with powerful tools to target dissidents, anti-government activists, and ethnic minorities such as Muslims.
Two I-Soon employees confirmed the massive documents dump, including hundreds of contracts, manuals, client and employee lists.
Also included in the documents are I-Soon’s hacking of networks in the following locations:
- Central and Southeast Asia
- Hong Kong
- Taiwan
The leaked documents also add weight to the threat of an unprecedented cyberattack looming against the U.S., detailing methods Chinese authorities use to hack into the networks overseas.
As reported earlier this month, Chinese hackers’ primary targets are the U.S. electrical grid, transportation systems, and water treatment plants.
FBI director Chris Wray said there is little public focus on a cyber threat that would affect “every American.”
“China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,” Wray said.
Jen Easterly, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, said the crisis would be on such a large scale it would endanger Americans’ lives.
The hacking company has now teamed up with police to investigate who leaked the files, believed to be a Chinese dissident or hacktivist, but could also be “a rival intelligence service, a dissatisfied insider or even a rival contractor,” according to chief threat analyst John Hultquist of Google’s cybersecurity division, Mandiant.
Cybersecurity analyst Jon Condra, who works for Recorded Future, described the leak as the most significant one linked to a company “suspected of providing cyber espionage and targeted intrusion services for the Chinese security services.”
Echoing our previous reports, Condra said organizations targeted by I-Soon include telecommunications firms abroad, governments, and even online gambling companies within China.
Before the leak, I-Soon’s official website included clients topped by the MPS, along with 11 other provincial-level security bureaus and 40 municipal-level public security departments.
After the leak, the company’s website went offline, with an I-Soon representative stating the company would issue an official statement on the matter.
Tools for propaganda
China is known to surveil social media platforms to keep tabs on “anti-government” posts within the country.
While China cannot access or surveil sites like Facebook and X (that we know of), I-Soon enables the government, with the help of its tools, to curb dissents on overseas social media platforms by flooding them with pro-Chinese content.
Mareike Ohlberg, a Senior fellow in the Asia Program of the German Marshall Fund, said, “There’s a huge interest in social media monitoring and commenting on the part of the Chinese government.”
Ohlberg added that China’s control of critical posts domestically is essential for the country, saying, “Chinese authorities have a big interest in tracking down users who are based in China,” she said.
According to one leaked draft, I-Soon was marketing “anti-terror” technical support to Xinjiang police to track Uyghurs.
The company also claimed access to hacked cellular, government, and airline data from Afghanistan, Malaysia, Mongolia, and Thailand.
“We see a lot of targeting of organizations that are related to ethnic minorities – Tibetans, Uyghurs. A lot of the targeting of foreign entities can be seen through the lens of domestic security priorities for the government,” said Dakota Cary, a China analyst with the cybersecurity firm SentinelOne.
Cary said he believes the documents are legitimate, reflecting what he would expect from a hacking contractor with domestic political aims.
According to a spreadsheet Cary discovered, a list of data repositories was found, which counted 14 governments as targets, including:
- India
- Indonesia
- Nigeria
China is also targeting the U.S. from deep within leftist political movements.
According to New York Times bestselling author Peter Schweizer, author of the explosive book new book ‘Blood Money: Why the Powerful Turn a Blind Eye While China Kills Americans,’ the Chinese Communist Party is “radicalizing” far-left movements in the U.S.
Speaking on Donald Trump Jr.’s podcast Triggered, Schweizer said: “A lot of people are looking around, and they see that America is on fire. What they don’t realize is that the Chinese are holding an empty can of gasoline, and our political leaders know it, and they’re not doing anything about it. And the evidence is very clear.”
Over the past five years, Chinese hackers also have embedded themselves within U.S. infrastructure, preparing themselves for a major cyber attack.
NBC News reported:
The claim was published in a public cybersecurity warning, one of the largest and starkest of its kind, from six U.S. agencies and allied cybersecurity and intelligence agencies from Australia, Canada, New Zealand and the U.K.
Over the past year, U.S. officials have repeatedly issued warnings that hackers working for China’s intelligence services keep gaining stealthy access to U.S. infrastructure. They feared such access could turn into a destructive cyberattack in the event of a major conflict, like China invading Taiwan, as the U.S. has said it would come to Taiwan’s aid.