Online dump of Chinese hacking documents offers a rare window into pervasive state surveillance

By Dake Kang and Frank Bajak

Feb. 21, 2024

Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the nation’s top policing agency and other parts of its government — a trove that catalogs apparent hacking activity and tools to spy on both Chinese and foreigners.

Among the apparent targets of tools provided by the impacted company, I-Soon: ethnicities and dissidents in parts of China that have seen significant anti-government protests, such as Hong Kong or the heavily Muslim region of Xinjiang in China’s far west.

The dump of scores of documents late last week and subsequent investigation were confirmed by two employees of I-Soon, known as Anxun in Mandarin, which has ties to the powerful Ministry of Public Security. The dump, which analysts consider highly significant even if it does not reveal any especially novel or potent tools, includes hundreds of pages of contracts, marketing presentations, product manuals, and client and employee lists.

They reveal, in detail, methods used by Chinese authorities used to surveil dissidents overseas, hack other nations and promote pro-Beijing narratives on social media.

The documents show apparent I-Soon hacking of networks across Central and Southeast Asia, as well as Hong Kong and the self-ruled island of Taiwan, which Beijing claims as its territory.

MORE

South America hacker team targets dissidents, journalists







By FRANK BAJAK

LIMA, Peru (AP) — A shadowy cyber-espionage group that sent malware to the prosecutor whose mysterious death transfixed Argentina early this year has been hitting targets in left-leaning nations across South America, the Internet watchdog group Citizen Lab reported Wednesday.

The breadth and brazenness of the hackers’ activity bear the hallmarks of state sponsorship. So do its targets.

The group has been attacking opposition figures and independent journalists in Ecuador with spyware. It also ran dummy websites. The most elaborate, geared toward Venezuela, is a constantly updated news site featuring dubiously sourced “scoops” on purported corruption among the ruling socialists. In Ecuador, a similarly faux site seemed tailored to attract disgruntled police officers.

The researchers launched the three-month probe after determining that spyware found on the smartphone of Argentine prosecutor Alberto Nisman was written to send pilfered data to the same command-and-control structure as malware sent to targets infected in Ecuador. They said the hackers had a “keen and systematic interest in the political opposition and the independent press” in the three nations, all run by allied left-wing governments. That suggests it may have operated on behalf of one or more of those governments, the 60-page report said.

In September, the hackers threatened a Citizen Lab researcher as he poked around in a U.S.-based machine the group had infected.

“We’re going to analyze your brain with a bullet — and your family’s, too,” read a message that popped up on his computer screen. “You like playing the spy and going where you shouldn’t, well you should know that it has a cost — your life!”

That’s rare behavior among professional hackers, perhaps indicating little fear of criminal prosecution, said Morgan Marquis-Boire, one of the researchers.

In November, the group attempted to infect the computer of an Associated Press reporter, who was also investigating it, with a phishing attack aimed at stealing his Google password.

READ FULL STORY