i-Soon leak offers rare glimpse into scale of Chinese State surveillance

A colossal data dump has given a glimpse into the work of Chinese tech firm hired by the Chinese state to spy on foreign dissidents, governments and organisations, ITV News Asia Correspondent Debi Edward reports

A major data leak has revealed the inner workings of one company hired by the Chinese State to hack foreign governments, companies and individuals.

The i-Soon leak gives an unprecedented glimpse into China's cyber spying industry where it appears nowhere, and no-one is off limits.

From talk of hacking the FBI, to stealing the customer databases of foreign telecoms networks, the cache of more than 600 files contains employee chatlogs, draft contracts, sample data and company presentations which appear to vindicate GCHQ warnings of the scale of the cyber threat posed by the Chinese State.

What looks like a shopping list of British government agencies and organisations is shared in one of the files - it names Chatham House and the charity Amnesty among the targets.

In one of the chatlogs the Foreign Office is singled out as a top priority, with the i-Soon employee claiming their team has a '0day' - or an undocumented security hole - which should guarantee they get results within two weeks.

There is no documentation to reveal whether the company has been successful in stealing information from the UK authorities or corporations.

The exterior of the i-Soon office building, also known as Anxun in Mandarin. Credit: AP

The leak provides chatlogs dating back to 2020 and which run up to 2023.

We found conversations which took place in May 2022 in the months following Russia's invasion of Ukraine, regarding getting information on Nato.

One chat takes place on the same day South Korea joined Nato's cyber defence alliance. It appears to suggest that monthly updates could be provided for around £20,000.

There is no follow-up to confirm any hacks took place, but reference is made to information provided in March and April.

The company i-Soon - or AnXun - is headquartered in Shanghai, and its founder and CEO, Wu Haibo, is a well-known patriotic hacker who goes by the alias 'shutd0wn'.

His alias appears in several of the chatlogs, talking to his staff who are complaining about poor pay and other conversations where he is discussing business contracts.

Want a quick and expert briefing on the biggest news stories? Listen to our latest podcasts to find out What You Need To Know…

Most of the communications in the leak appear to come from offices based in Chengdu, in Southern China, and employees there have confirmed that a police investigation is underway into the source of the leak.

Before the company's website was taken down on Tuesday night, it presented an array of cyber-attack services it can provide, and it is clear the company works with China's public security bureaus (PSB) and even its military.

There is a page of thank you letters from bureaus in all parts of China. We calculated that i-Soon's hacking teams were paid to infiltrate national databases in 26 countries.

Hong Kong and Taiwan appear in several documents, and it is clear hackers have supported the Xinjiang authorities to monitor Uyghur Muslims, in China and neighbouring countries.

One text file we found contained information hacked from a telecoms network in Kazakhstan, where there is a large Uyghur diaspora. It had individual phone numbers, bank details, addresses and even GPS data so a person can be tracked down.

Whoever is behind this leak has exposed a competitive cyber spying industry where the Chinese government is the demanding customer.

It appears there are several companies vying for these government contracts and although some appear to cooperate, others appear to be bitter rivals.

If you didn't have the context for some of the conversations you would think they came from just a regular office where the workers are complaining about pay and conditions, talking about what to have for dinner, where to go on holiday and in one chat a man complains about not having enough to buy the handbag his wife wants for her birthday.

You'd have to presume the person or persons who amassed and released this treasure trove of data, would have the knowhow and means to evade detection, most probably uploading the data from outside of China.

That's if it wasn't a foreign entity working to expose the workings of i-Soon. We might never know.

But as the nations, governments, organisations and individuals whose names appear in these files pour over the details, it will serve as another warning about the scale of the threat posed by Chinese espionage.

Cyber experts we spoke to said the significance of this leak is the volume of data it provides to verify the speculation that the Chinese Communist Party is hiring private companies of hackers to do its digital dirty work.

Have you heard our new podcast Talking Politics? Every week Tom, Robert and Anushka dig into the biggest issues dominating the political agenda…