This week someone claiming to be a whistleblower leaked a large cache of documents on GitHub outlining the operations of one particular hacking company in China. The company is called I-Soon and it’s apparently just one of many “patriotic hacking” companies that have sprung up over the past couple decades. Patriotic in this case means they have declared allegiance to defending the Chinese Communist Party from enemies foreign and domestic.
These hacking start-ups offer their services to local police, state security or anyone else looking to defend China and steal information from its enemies. According to the information leaked this week, I-Soon offered a list of services at different prices and targeted sites at home and abroad.
One spreadsheet listed 80 overseas targets that iSoon hackers appeared to have successfully breached. The haul included 95.2 gigabytes of immigration data from India and a 3 terabyte collection of call logs from South Korea’s LG U Plus telecom provider. The group also targeted other telecommunications firms in Hong Kong, Kazakhstan, Malaysia, Mongolia, Nepal and Taiwan…
Most of the targets were in Asia, though iSoon received requests for hacks further afield. Chat logs included in the leak describe selling unspecified data related to NATO in 2022. It’s not clear whether the data was collected from publicly available sources or extracted in a hack…
Another file shows employees discussing a list of targets in Britain, including its Home and Foreign offices as well as its Treasury. Also on the list were British think tanks Chatham House and the International Institute for Strategic Studies.
There are two ways to view this both of which seem to be true at once. On one hand, the scope and scale of China’s hacking operations dwarf those of any other government.
Last weekend in Munich, Christopher A. Wray, the F.B.I. director, said that hacking operations from China were now directed against the United States at “a scale greater than we’d seen before.” And at a recent congressional hearing, Mr. Wray said China’s hacking program was larger than that of “every major nation combined.”
“In fact, if you took every single one of the F.B.I.’s cyberagents and intelligence analysts and focused them exclusively on the China threat, China’s hackers would still outnumber F.B.I. cyberpersonnel by at least 50 to one,” he said.
U.S. officials said China had quickly built up that numerical advantage through contracts with firms like I-Soon, whose documents and hacking tools were stolen and placed online in the last week.
On the other hand, the flood of money poured into hacking by the government has created stiff competition among various private groups who are forced to market their services widely in order to stay in business.
That has fueled a new industry of contractors like I-Soon. Although a part of the cloak-and-dagger world of Chinese cyberespionage, the Shanghai company, which also has offices in Chengdu, epitomized the amateurishness that many of China’s relatively new contractors bring to hacking. The documents showed that at times the company was not sure if services and data it was selling were still available. For instance, it noted internally that the software to spread disinformation on X was “under maintenance” — despite its $100,000 price tag.
As in any competitive marketplace, there is a certain amount of marketing hype which isn’t always backed up by actual performance. In the case of I-Soon, the leaked documents depict a company whose underpaid employees are often unhappy and whose clients are often disappointed.
the iSoon files contain complaints from disgruntled employees over poor pay and workload. Many hackers work for less than $1,000 a month, surprisingly low pay even in China, said Adam Kozy, a former FBI analyst who is writing a book on Chinese hacking.
The leaks hint at infighting and dissatisfaction in the network of patriotic Chinese hackers, despite the long-standing collaboration between groups.
The leaker presented themselves on GitHub as a whistleblower exposing malpractice, poor work conditions and “low quality” products that iSoon is using to “dupe” its government clients. In chats marked as featuring worker complaints, employees grumbled about sexism, long hours and weak sales.
China’s government is paranoid and absolutely committed to stealing everything it possibly can via hacking. It’s a real threat on a global scale. On the other hand, the companies scrambling for the scraps of this market in stolen information are sometimes forced to turn to ransomware as a way to keep themselves in the black, possibly because of corruption in the system.
U.S. officials say this shows a critical weakness in the Chinese system. Economic problems in China and rampant corruption there often mean that money intended for the contractors is siphoned off. Strapped for cash, the contractors have stepped up their illegal activity, hacking for hire and ransomware, which has made them targets for retaliation and exposed other issues.
Hopefully this won’t be the last case of a whistleblower leaking information on Chinese hackers. Most Americans probably have no concept of what a big business this is in China.