Large amounts of data from a Chinese cybersecurity company have been leaked online, showing its contracts and communications with the Chinese government for collecting important digital information at home and abroad — including in countries such as India, Nigeria, Indonesia and the United Kingdom.
I-Soon, a Shanghai-based company (also transliterated from the Mandarin as Auxun), is believed to be one of the many private contractors that help the Chinese state conduct its intelligence-gathering, hacking and other surveillance activities.
Last week, 190 megabytes of information were posted on the software and code-sharing platform GitHub. What do we know about the leak so far, and how does it fit into China’s larger surveillance activities? We explain.
First, what’s in the leaked data and whom does it target?
The data trove shared on GitHub contains emails, images, conversations and a trove of documents. According to a report in The Washington Post, they “detail contracts to extract foreign data over eight years and describe targets within at least 20 foreign governments and territories, including India, Hong Kong, Thailand, South Korea, the United Kingdom, Taiwan and Malaysia”.
These documents do not contain the actual information that was secured. But they have details about the targets of the surveillance, and the contracts that were awarded to I-Soon.
“One spreadsheet listed 80 overseas targets that iSoon hackers appeared to have successfully breached,” the report said. This included “95.2 gigabytes of immigration data from India and a 3 terabyte collection of call logs from South Korea’s LG U Plus telecom provider”.
Also, “459GB of road-mapping data from Taiwan, the island of 23 million that China claims as its territory,” was listed, according to The Post report.
Within China, the targets seemed to include “ethnicities and dissidents in parts of China that have seen significant anti-government protests, such as Hong Kong or the heavily Muslim region of Xinjiang in China’s far west”, the Associated Press reported.
Where did the leaked data come from?
John Hultquist, the Chief Threat Analyst of Google’s Mandiant cybersecurity division, told the AP that the source of the leak could be “a rival intelligence service, a dissatisfied insider, or even a rival contractor.”
He added that the company I-Soon’s sponsors are likely to be China’s Ministry of State Security, which is the state intelligence and security agency, and the Chinese military, called the People’s Liberation Army (PLA).
What does the leak tell us about China’s cyberintelligence-gathering techniques?
The information reveals the hacking tools used to find identities on social media platforms such as X (formerly Twitter), and to access emails and hide the online activity of overseas agents, the AP reported. Platforms such as Facebook and X are blocked in China.
While users in China have accounts on China-based social media apps, accessing foreign social media websites helps monitor and target foreign citizens and Chinese nationals abroad, and spread pro-China information to global audiences through user posts.
A French cybersecurity researcher told the AP that it seemed I-Soon had the capabilities to hack X accounts, even if they had two-factor authentication (such as a password in addition to OTP verification). Devices resembling batteries were used to attack Wi-Fi networks. The AP report added that I-Soon and Chinese police were looking for the reason behind the leak.
What is I-Soon, and what does it typically do?
On an archived webpage of its website, the company describes itself as being “deeply involved in the field of cyberspace security” and as “a public network security and digital intelligence solution service provider”.
Founded in 2010, it is headquartered in Shanghai and has branches and offices in Beijing, along with the provinces of Sichuan, Jiangsu and Zhejiang. “Its business scope covers 32 provinces, municipalities and autonomous regions,” it says.
In recent days, I-Soon’s website was seemingly offline, but it previously included names of its clients — the Chinese Ministry of Public Security, 11 provincial-level security bureaus and some 40 municipal public security departments.
The AP cited a leaked draft contract as saying that the company sought to offer “anti-terror” technical support to Xinjiang police for tracking the Uyghur Muslim population. This ethnic minority group has faced several restrictions in mobility, been a target of state surveillance and has been subjected to human rights violations.
The company also claimed to have hacked airline, cellular and government data from countries such as Mongolia, Malaysia, Afghanistan and Thailand. A few of these countries have housed some Uyghur refugees in the past.
So, what’s the larger context here?
The leaks are not the first confirmation of the Chinese state’s significant cyberintelligence and cybersecurity apparatus. In 2020, an investigation by The Indian Express found that a company based in the city of Shenzhen, with links to the Chinese government, was monitoring over 10,000 Indian individuals and organisations that were part of a global database of “foreign targets”.
The list of targets ranged from then President Ram Nath Kovind and Prime Minister Narendra Modi to Congress leader Sonia Gandhi and their families; then Chief Ministers Ashok Gehlot, Amarinder Singh, and Uddhav Thackeray; Cabinet Ministers Rajnath Singh, Nirmala Sitharaman, Smriti Irani, and Piyush Goyal; the late Chief of Defence Staff Bipin Rawat and at least 15 former Chiefs of the Army, Navy, and Air Force; then Chief Justice of India Sharad A Bobde; and top industrialists Ratan Tata and Gautam Adani.
The company also reportedly collected the personal details of more than 35,000 Australians and at least 50,000 Americans.
“Every country does this in one way or the other; that’s the job of foreign intelligence. But using big data science and technology, Beijing has, clearly, taken it to the next level,” Robert Potter, a Canberra-based cyber security, tech and data expert, who helped verify the electronic antecedents of the Zhenhua data set at the time, had said at the time.
On Thursday (February 22), The Indian Express reported that a 2018 data breach that impacted the systems of the Employees’ Provident Fund Organisation (EPFO), containing the personal data of Indians, had been “repackaged” by a Chinese cyber agency, according to a preliminary investigation by the Indian Computer Emergency Response Team (Cert-In), India’s cybersecurity agency.
Besides EPFO, the compromised data contained information on BSNL users, and information that is available with companies including Air India and Reliance.
For the latest news from across India, Political updates, Explainers, Sports News, Opinion, Entertainment Updates and more Top News, visit Indian Express. Subscribe to our award-winning Newsletter Download our App here Android & iOS
News Related-
Anurag Kashyap unveils teaser of ‘Kastoori’
-
Shehar Lakhot: Meet The Intriguing Characters Of The Upcoming Noir Crime Drama
-
Watch: 'My name is VVS Laxman...': When Ishan Kishan gave wrong answers to right questions
-
Tennis-Sabalenka, Rybakina to open new season in Brisbane
-
Sikandar Raza Makes History For Zimbabwe With Hattrick A Day After Punjab Kings Retain Him- WATCH
-
Delayed Barapullah work yet to begin despite land transfer
-
Army called in to help in tunnel rescue operation
-
FIR against Redbird aviation school for non-cooperation, obstructing DGCA officials in probe
-
IPL 2024 Auction: Why Gujarat Titans allowed Hardik Pandya to join Mumbai Indians? GT explain
-
From puff sleeves to sustainable designs: Top 5 bridal fashion trends redefining elegance and style for brides-to-be
-
The Judge behind China's financial reckoning
-
Arshdeep Singh & Axar Patel Out, Avesh Khan & Washington Sundar IN? India's Likely Playing XI For 3rd T20I
-
Horoscope Today, November 28, 2023: Check here Astrological prediction for all zodiac signs
-
'Gurdwaras are...': US Sikh body on Indian envoy's heckling by Khalistani backers