A leak of more than 100,000 documents shows that a little-known Chinese company has been quietly selling censorship systems seemingly modeled on the Great Firewall to governments around the world.
Geedge Networks, a company founded in 2018 that counts the “father” of China’s massive censorship infrastructure as one of its investors, styles itself as a network-monitoring provider, offering business-grade cybersecurity tools to “gain comprehensive visibility and minimize security risks” for its customers, the documents show. In fact, researchers found that it has been operating a sophisticated system that allows users to monitor online information, block certain websites and VPN tools, and spy on specific individuals.
Researchers who reviewed the leaked material found that the company is able to package advanced surveillance capabilities into what amounts to a commercialized version of the Great Firewall—a wholesale solution with both hardware that can be installed in any telecom data center and software operated by local government officers. The documents also discuss desired functions that the company is working on, such as cyberattack-for-hire and geofencing certain users.
According to the leaked documents, Geedge has already entered operation in Kazakhstan, Ethiopia, Pakistan, and Myanmar, as well as another unidentified country. A public job posting shows that Geedge is also looking for engineers who can travel to other countries for engineering work, including to several countries not named in the leaked documents, WIRED has found.
The files, including Jira and Confluence entries, source code, and correspondence with a Chinese academic institution, mostly involve internal technical documentation, operation logs, and communications to solve issues and add functionalities. Provided through an anonymous leak, the files were studied by a consortium of human rights and media organizations including Amnesty International, InterSecLab, Justice For Myanmar, Paper Trail Media, The Globe and Mail, the Tor Project, the Austrian newspaper Der Standard, and Follow The Money.
“This is not like lawful interception that every country does, including Western democracies,” says Marla Rivera, a technical researcher at InterSecLab, a global digital forensics research institution. In addition to mass censorship, the system allows governments to target specific individuals based on their website activities, like having visited a certain domain.
The surveillance system that Geedge is selling “gives so much power to the government that really nobody should have,” Rivera says. “This is very frightening.”
Digital Authoritarianism as a Service
At the core of Geedge’s offering is a gateway tool called Tiangou Secure Gateway (TSG), designed to sit inside data centers and could be scaled to process the internet traffic of an entire country, documents reveal. According to researchers, every packet of internet traffic runs through it, where it can be scanned, filtered, or stopped outright. Besides monitoring the entire traffic, documents show that the system also allows setting up additional rules for specific users that it deems suspicious and collecting their network activities.
For unencrypted internet traffic, the system is able to intercept sensitive information such as website content, passwords, and email attachments, according to the leaked documents. If the content is properly encrypted through the Transport Layer Security protocol, the system uses deep packet inspection and machine learning techniques to extract metadata from the encrypted traffic and predict whether it’s going through a censorship circumvention tool like a VPN. If it can’t distinguish the content of the encrypted traffic, the system can also opt to flag it as suspicious and block it for a period of time.
