China’s hackers for hire take government officials out for lavish banquets, binge drinking and late-night karaoke with young women to win favor and business, as revealed last month in a highly unusual leak of internal documents from a private contractor linked to Chinese police.
China’s hacking industry is vast in size and scope, but also has shady business practices, disgruntlement over pay and work quality, and poor security protocols, the documents showed.
Private hacking contractors are companies that steal data from other countries to sell to Chinese authorities. Over the past two decades, Chinese state security’s demand for overseas intelligence has soared, giving rise to a vast network of private hackers for hire companies that have infiltrated hundreds of systems outside China.
Photo: AP
Although the existence of these hacking contractors is an open secret in China, little was known about how they operate.
However, the leaked documents from a firm called I-Soon (安洵信息) have pulled back the curtain, revealing a seedy, sprawling industry where corners are cut, and rules are murky and poorly enforced in the quest to make money.
Leaked chat records showed that I-Soon executives are colluding with competitors to rig bidding for government contracts. They pay thousands of dollars in “introduction fees” to contacts who bring them lucrative projects.
I-Soon has not commented on the documents.
Mei Danowski, a cybersecurity analyst who wrote about I-Soon on her blog, Natto Thoughts, said the documents showed that China’s hackers for hire work much like any other industry in China.
“It is profit driven,” Danowski said. “It is subject to China’s business culture — who you know, who you dine and wine with, and who you are friends with.”
Although I-Soon boasted about its hacking prowess in slick marketing PowerPoint presentations, the real business took place at hotpot parties, late night drinking sessions and poaching wars with competitors, leaked records showed.
A picture emerged of a company enmeshed in a seedy, sprawling industry that relies heavily on connections to get things done.
I-Soon founder and CEO Wu Haibo (吳海波) is one of China’s so-called “red hackers” — patriots who offer their services to the Chinese Communist Party. With the spread of the Internet, China’s hacking-for-hire industry boomed, emphasizing espionage and intellectual property theft.
Today, hackers such as those at I-Soon outnumber FBI cybersecurity staff by “at least 50 to one,” FBI Director Christopher Wray said in January at a conference in Munich.
China boasts world-class hackers, many employed by the Chinese military and other state institutions, but documents showed that I-Soon and other hackers for hire often engage in sketchy business practices. I-Soon leadership discussed buying gifts and which officials liked red wine. They swapped tips on who was a lightweight, and who could handle their liquor.
I-Soon executives paid “introduction fees” for lucrative projects, including tens of thousands of yuan to a man who landed them a 285,000 yuan (US$39,659) contract with police in Hebei Province, chat records showed.
To sweeten the deal, I-Soon chief operating officer Chen Cheng (陳誠) suggested arranging the man a drinking and karaoke session with women.
“He likes to touch girls,” Chen wrote.
The source of the I-Soon documents is unclear, and executives and Chinese police are investigating. Although Beijing has repeatedly denied involvement in offensive hacking, the leak illustrates I-Soon and other hacking companies’ deep ties with the Chinese state.
For example, chat records showed that the Chinese Ministry of Public Security gave companies access to proofs of concept of so-called “zero days,” the industry term for a previously unknown software security hole. Zero days are prized because they can be exploited until detected. I-Soon company executives debated how to obtain them. They are regularly discovered and surface at an annual Chinese state-sponsored hacking competition.
Many of I-Soon’s clients were police in cities across China, a leaked contract list showed. I-Soon scouted for databases they thought would sell well with officers, such as Vietnamese traffic data to Yunnan Province in the southeast, or data on exiled Tibetans to the Tibetan regional government. At times, I-Soon hacked on demand.
I-Soon proclaimed their patriotism to win new business. Top executives discussed participating in China’s poverty alleviation scheme — one of Chinese President Xi Jinping’s (習近平) signature initiatives — to make connections.
In interviews with state media, Wu quoted Chinese philosopher Mencius (孟子), casting himself as a scholar concerned with China’s national interest.
Despite Wu’s professed patriotism, the leaked records depict a competitive man motivated to get rich.
“If you don’t make money, being famous is useless,” he wrote in a private message.
However, I-Soon has been hit by the country’s recent economic downturn, leading to thin profits, low pay and an exodus of talent, the leaked documents showed.
Low salaries and pay disparities caused employees to complain, chat records showed.
Leaked employee lists showed that most I-Soon staff held a degree from a vocational training school, not an undergraduate degree, suggesting lower levels of education and training.
Sales staff reported that clients were dissatisfied with the quality of I-Soon data, making it difficult to collect payments.
The company’s troubles reflect broader issues in China’s private hacking industry. The country’s cratering economy, Beijing’s tightening controls and the growing role of the state has led to an exodus of top hacking talent, four cybersecurity analysts and Chinese industry insiders said.
“China is no longer the country we used to know. A lot of highly skilled people have been leaving,” said one industry insider, declining to be named to speak on a sensitive topic.
Under Xi, the growing role of the state in China’s technology industry has emphasized ideology over competence, impeded pay and made access to officials pivotal, the person said.
In the past few years, Beijing has heavily promoted China’s tech industry and the use of technology in government, part of a broader strategy to facilitate the country’s rise, but much of China’s data and cybersecurity work has been contracted out to smaller subcontractors with novice programmers, leading to poor digital practices and large leaks of data.
Despite the clandestine nature of I-Soon’s work, the company has surprisingly lax security protocols. I-Soon’s offices in Chengdu, for example, have minimal security and are open to the public.
The leaked files showed that top I-Soon executives communicated frequently on WeChat, which lacks end-to-end encryption.
Yet at the end of the day, it may not matter, Danowski said.
“It’s a little sloppy. The tools are not that impressive, but the Ministry of Public Security sees that you get the job done,” she said of I-Soon. “They will hire whoever can get the job done.”
Additional reporting by Frank Bajak
CAUTIOUS RECOVERY: While the manufacturing sector returned to growth amid the US-China trade truce, firms remain wary as uncertainty clouds the outlook, the CIER said The local manufacturing sector returned to expansion last month, as the official purchasing managers’ index (PMI) rose 2.1 points to 51.0, driven by a temporary easing in US-China trade tensions, the Chung-Hua Institution for Economic Research (CIER, 中華經濟研究院) said yesterday. The PMI gauges the health of the manufacturing industry, with readings above 50 indicating expansion and those below 50 signaling contraction. “Firms are not as pessimistic as they were in April, but they remain far from optimistic,” CIER president Lien Hsien-ming (連賢明) said at a news conference. The full impact of US tariff decisions is unlikely to become clear until later this month
With an approval rating of just two percent, Peruvian President Dina Boluarte might be the world’s most unpopular leader, according to pollsters. Protests greeted her rise to power 29 months ago, and have marked her entire term — joined by assorted scandals, investigations, controversies and a surge in gang violence. The 63-year-old is the target of a dozen probes, including for her alleged failure to declare gifts of luxury jewels and watches, a scandal inevitably dubbed “Rolexgate.” She is also under the microscope for a two-week undeclared absence for nose surgery — which she insists was medical, not cosmetic — and is
GROWING CONCERN: Some senior Trump administration officials opposed the UAE expansion over fears that another TSMC project could jeopardize its US investment Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) is evaluating building an advanced production facility in the United Arab Emirates (UAE) and has discussed the possibility with officials in US President Donald Trump’s administration, people familiar with the matter said, in a potentially major bet on the Middle East that would only come to fruition with Washington’s approval. The company has had multiple meetings in the past few months with US Special Envoy to the Middle East Steve Witkoff and officials from MGX, an influential investment vehicle overseen by the UAE president’s brother, the people said. The conversations are a continuation of talks that
Alchip Technologies Ltd (世芯), an application-specific integrated circuit (ASIC) designer specializing in artificial-intelligence (AI) chips, yesterday said that small-volume production of 3-nanometer (nm) chips for a key customer is on track to start by the end of this year, dismissing speculation about delays in producing advanced chips. As Alchip is transitioning from 7-nanometer and 5-nanometer process technology to 3 nanometers, investors and shareholders have been closely monitoring whether the company is navigating through such transition smoothly. “We are proceeding well in [building] this generation [of chips]. It appears to me that no revision will be required. We have achieved success in designing
RSS