Extensive leak shows how a Chinese company is exporting a large firewall to the world

The leakage of more than 100,000 documents shows that a quietly known Chinese company has been selling censorship systems that have been modeled on large firewalls to governments around the world.

Geedge Networks, a company founded in 2018 and considers the “father” of the massive China censorship infrastructure as one of its investors, offers itself as a network monitoring provider and offers cyber security tools to “obtain a comprehensive view and minimize security risks” for its customers. In fact, the researchers found that the system has done an advanced system that allows users to control online information, block specific websites and VPN tools, and spy on specific people.

Researchers who have reviewed leak content found that the company was able to pack advanced monitoring capabilities in the commercially version of the Big Firewall – a wholesale solution with both hardware that can be installed at any remote data center and software run by local government officers. The documents also discuss the functions that the company is working on, such as Attatch Attack-For-Hire and Geoftening, some specific users.

According to the leaked documents, Geedge has already been operational in Kazakhstan, Ethiopia, Pakistan and Myanmar, as well as another anonymous country. A public job sending shows that Geedge is also looking for engineers who can travel to other countries for engineering work, including several countries that are not named in the leaked documents.

Files, including JIRA and Confluence inputs, source and correspondence with a Chinese academic institution, most include internal technical documentation, operations and communications logs to solve problems and add performance. Despite anonymous leak, cases were reviewed by the Consortium of Human Rights and Media Organizations such as Amnesty International, IntersEClab, Justice for Myanmar, paper sequence media, land and letters, Tor project, the Austrian newspaper der Standard, and money.

“This is not like a legal intervention that any country, including Western democracy, does,” says Marla Rivera, a technical researcher at Interclab, a World Forensic Research Institute. In addition to collective censorship, the system allows governments to target specific people based on their website activities, such as visiting a particular domain.

Rivera says the surveillance system that is being sold “gives the government a lot of power that no one should really have.” “That’s very scary.”

Digital authority as a service

Documents show that the core of Geedge is a gateway tool called Tiangou Secure Gateway (TSG) designed to sit in data centers and can be scaled for processing the country’s total Internet traffic. According to the researchers, every package of Internet traffic runs through it, where it can be scanned, filtered or completely stopped. In addition to monitoring the entire traffic, documents also show that the system also allows for additional rules for specific users who appear to be suspicious and collect their network activities.

For the internet without encryption traffic, this system is capable of tracking sensitive information such as website content, passwords and email attachments according to the leaked documents. If the content is properly encrypted through the Layer Transport Security Protocol, the system uses deep closed inspections and machine learning techniques to extraction from encrypted traffic and predicts whether it goes through a censorship bypassing tool such as VPN. If it fails to detect encrypted traffic content, the system can also be banned as suspicious and block it for a period of time.