Leak Reveals Inner Workings of China’s Censorship System

Researchers from Great Firewall Report have confirmed the discovery of an archive exceeding 500 GB in size, containing internal documents, source code, and work logs of China’s internet censorship system, widely known as the “Great Firewall.” The leak also included package repositories and manuals for maintaining the national traffic filtering infrastructure.

Links to Developers and Commercial Projects

The files are believed to belong to Geedge Networks and the MESA laboratory at the Institute of Information Engineering, Chinese Academy of Sciences. The materials include build systems for DPI platforms, modules for detecting VPNs, and SSL session logging. According to experts, they describe the architecture of a commercial platform called “Tiangou” — a ready-made “firewall-in-a-box” used by internet providers.

Deployment Beyond China

According to Amnesty International and Wired, such systems have been used not only in China but also abroad. Geedge infrastructure was deployed in Myanmar, where it controlled up to 81 million simultaneous TCP connections. Additionally, equipment was supplied to Pakistan, Ethiopia, and Kazakhstan, where it was integrated with mass interception systems.

Potential Vulnerabilities and Risks

Experts argue that access to the source code and build logs opens the possibility of identifying weaknesses in the system’s architecture, which could be exploited by developers of censorship-circumvention tools. However, researchers warn of potential risks when analyzing the archive and recommend using virtual machines and isolated environments.

Recent Outages and Updates

In August, China made headlines after testing new equipment for the “Great Firewall,” which resulted in the country being disconnected from much of the global internet for 74 minutes. Earlier, in 2020, it was reported that the system began blocking HTTPS traffic using TLS 1.3 and ESNI.