China’s hackers for hire take government officials out for lavish banquets, binge drinking and late-night karaoke with young women to win favor and business, as revealed last month in a highly unusual leak of internal documents from a private contractor linked to Chinese police.
China’s hacking industry is vast in size and scope, but also has shady business practices, disgruntlement over pay and work quality, and poor security protocols, the documents showed.
Private hacking contractors are companies that steal data from other countries to sell to Chinese authorities. Over the past two decades, Chinese state security’s demand for overseas intelligence has soared, giving rise to a vast network of private hackers for hire companies that have infiltrated hundreds of systems outside China.
Photo: AP
Although the existence of these hacking contractors is an open secret in China, little was known about how they operate.
However, the leaked documents from a firm called I-Soon (安洵信息) have pulled back the curtain, revealing a seedy, sprawling industry where corners are cut, and rules are murky and poorly enforced in the quest to make money.
Leaked chat records showed that I-Soon executives are colluding with competitors to rig bidding for government contracts. They pay thousands of dollars in “introduction fees” to contacts who bring them lucrative projects.
I-Soon has not commented on the documents.
Mei Danowski, a cybersecurity analyst who wrote about I-Soon on her blog, Natto Thoughts, said the documents showed that China’s hackers for hire work much like any other industry in China.
“It is profit driven,” Danowski said. “It is subject to China’s business culture — who you know, who you dine and wine with, and who you are friends with.”
Although I-Soon boasted about its hacking prowess in slick marketing PowerPoint presentations, the real business took place at hotpot parties, late night drinking sessions and poaching wars with competitors, leaked records showed.
A picture emerged of a company enmeshed in a seedy, sprawling industry that relies heavily on connections to get things done.
I-Soon founder and CEO Wu Haibo (吳海波) is one of China’s so-called “red hackers” — patriots who offer their services to the Chinese Communist Party. With the spread of the Internet, China’s hacking-for-hire industry boomed, emphasizing espionage and intellectual property theft.
Today, hackers such as those at I-Soon outnumber FBI cybersecurity staff by “at least 50 to one,” FBI Director Christopher Wray said in January at a conference in Munich.
China boasts world-class hackers, many employed by the Chinese military and other state institutions, but documents showed that I-Soon and other hackers for hire often engage in sketchy business practices. I-Soon leadership discussed buying gifts and which officials liked red wine. They swapped tips on who was a lightweight, and who could handle their liquor.
I-Soon executives paid “introduction fees” for lucrative projects, including tens of thousands of yuan to a man who landed them a 285,000 yuan (US$39,659) contract with police in Hebei Province, chat records showed.
To sweeten the deal, I-Soon chief operating officer Chen Cheng (陳誠) suggested arranging the man a drinking and karaoke session with women.
“He likes to touch girls,” Chen wrote.
The source of the I-Soon documents is unclear, and executives and Chinese police are investigating. Although Beijing has repeatedly denied involvement in offensive hacking, the leak illustrates I-Soon and other hacking companies’ deep ties with the Chinese state.
For example, chat records showed that the Chinese Ministry of Public Security gave companies access to proofs of concept of so-called “zero days,” the industry term for a previously unknown software security hole. Zero days are prized because they can be exploited until detected. I-Soon company executives debated how to obtain them. They are regularly discovered and surface at an annual Chinese state-sponsored hacking competition.
Many of I-Soon’s clients were police in cities across China, a leaked contract list showed. I-Soon scouted for databases they thought would sell well with officers, such as Vietnamese traffic data to Yunnan Province in the southeast, or data on exiled Tibetans to the Tibetan regional government. At times, I-Soon hacked on demand.
I-Soon proclaimed their patriotism to win new business. Top executives discussed participating in China’s poverty alleviation scheme — one of Chinese President Xi Jinping’s (習近平) signature initiatives — to make connections.
In interviews with state media, Wu quoted Chinese philosopher Mencius (孟子), casting himself as a scholar concerned with China’s national interest.
Despite Wu’s professed patriotism, the leaked records depict a competitive man motivated to get rich.
“If you don’t make money, being famous is useless,” he wrote in a private message.
However, I-Soon has been hit by the country’s recent economic downturn, leading to thin profits, low pay and an exodus of talent, the leaked documents showed.
Low salaries and pay disparities caused employees to complain, chat records showed.
Leaked employee lists showed that most I-Soon staff held a degree from a vocational training school, not an undergraduate degree, suggesting lower levels of education and training.
Sales staff reported that clients were dissatisfied with the quality of I-Soon data, making it difficult to collect payments.
The company’s troubles reflect broader issues in China’s private hacking industry. The country’s cratering economy, Beijing’s tightening controls and the growing role of the state has led to an exodus of top hacking talent, four cybersecurity analysts and Chinese industry insiders said.
“China is no longer the country we used to know. A lot of highly skilled people have been leaving,” said one industry insider, declining to be named to speak on a sensitive topic.
Under Xi, the growing role of the state in China’s technology industry has emphasized ideology over competence, impeded pay and made access to officials pivotal, the person said.
In the past few years, Beijing has heavily promoted China’s tech industry and the use of technology in government, part of a broader strategy to facilitate the country’s rise, but much of China’s data and cybersecurity work has been contracted out to smaller subcontractors with novice programmers, leading to poor digital practices and large leaks of data.
Despite the clandestine nature of I-Soon’s work, the company has surprisingly lax security protocols. I-Soon’s offices in Chengdu, for example, have minimal security and are open to the public.
The leaked files showed that top I-Soon executives communicated frequently on WeChat, which lacks end-to-end encryption.
Yet at the end of the day, it may not matter, Danowski said.
“It’s a little sloppy. The tools are not that impressive, but the Ministry of Public Security sees that you get the job done,” she said of I-Soon. “They will hire whoever can get the job done.”
Additional reporting by Frank Bajak
Three experts in the high technology industry have said that US President Donald Trump’s pledge to impose higher tariffs on Taiwanese semiconductors is part of an effort to force Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) to the negotiating table. In a speech to Republicans on Jan. 27, Trump said he intends to impose tariffs on Taiwan to bring chip production to the US. “The incentive is going to be they’re not going to want to pay a 25, 50 or even a 100 percent tax,” he said. Darson Chiu (邱達生), an economics professor at Taichung-based Tunghai University and director-general of
‘LEGACY CHIPS’: Chinese companies have dramatically increased mature chip production capacity, but the West’s drive for secure supply chains offers a lifeline for Taiwan When Powerchip Technology Corp (力晶科技) entered a deal with the eastern Chinese city of Hefei in 2015 to set up a new chip foundry, it hoped the move would help provide better access to the promising Chinese market. However, nine years later, that Chinese foundry, Nexchip Semiconductor Corp (合晶集成), has become one of its biggest rivals in the legacy chip space, leveraging steep discounts after Beijing’s localization call forced Powerchip to give up the once-lucrative business making integrated circuits for Chinese flat panels. Nexchip is among Chinese foundries quickly winning market share in the crucial US$56.3 billion industry of so-called legacy
Hon Hai Precision Industry Co (鴻海精密) is reportedly making another pass at Nissan Motor Co, as the Japanese automaker's tie-up with Honda Motor Co falls apart. Nissan shares rose as much as 6 percent after Taiwan’s Central News Agency reported that Hon Hai chairman Young Liu (劉揚偉) instructed former Nissan executive Jun Seki to connect with French carmaker Renault SA, which holds about 36 percent of Nissan’s stock. Hon Hai, the Taiwanese iPhone-maker also known as Foxconn Technology Group (富士康科技集團), was exploring an investment or buyout of Nissan last year, but backed off in December after the Japanese carmaker penned a deal
WASHINGTON POLICY: Tariffs of 10 percent or more and other new costs are tipped to hit shipments of small parcels, cutting export growth by 1.3 percentage points The decision by US President Donald Trump to ban Chinese companies from using a US tariff loophole would hit tens of billions of dollars of trade and reduce China’s economic growth this year, according to new estimates by economists at Nomura Holdings Inc. According to Nomura’s estimates, last year companies such as Shein (希音) and PDD Holdings Inc’s (拼多多控股) Temu shipped US$46 billion of small parcels to the US to take advantage of the rule that allows items with a declared value under US$800 to enter the US tariff-free. Tariffs of 10 percent or more and other new costs would slash such