193 Developers Identified in China’s ‘Great Firewall’ Leak

Udumbara Udumbara
Sep 29, 2025 - 09:50 Updated: Sep 29, 2025 - 00:55
0
193 Developers Identified in China’s ‘Great Firewall’ Leak

.

Internet freedom company Dynamic Internet Technology has identified 193 developers behind the recent leak of 100,000 documents that shed light into how China is exporting mass surveillance and censorship tools to authoritarian clients.

The documents originated from Chinese company Geedge Networks and MESA laboratory, a research institute under the state-controlled Chinese Academy of Sciences.

Developers referenced the Great Firewall that the Chinese communist regime uses to censor the internet in China, but the project that was leaked deals with commercial sales of such technology to other clients.

The documents revealed that Geedge has sold technology used to suppress citizens to the governments of Kazakhstan, Ethiopia, Pakistan, Burma, Xinjiang, and at least one other unknown government.

The files included correspondence, internal minutes, technical details of their products, logistical arrangements with external parties, expense reimbursement procedures, and personnel management documents, Bill Xia, CEO of Dynamic Internet Technology, previously told The Epoch Times. His company has created tools such as Freegate to allow people in China to bypass the regime’s firewall.
The files were comprehensive enough that Dynamic Internet Technology was able to create a tool identifying the individual developers and their respective contributions, see just many lines of code each developer contributed, and see whether those developers have contributed to other open source projects.
“Our tool shines a light on the hidden architecture of censorship,” Xia said in a press release issued Sept. 26.

“The Great Firewall affects not only the freedom of Chinese citizens, but also the openness of the international internet economy,” Xia said. It forces foreign businesses working in China to adhere to censorship demands, he added.

“More gravely, the blocking of uncensored information facilitates the Chinese Communist Party’s human rights atrocities, by silencing independent voices and concealing the truth from its own people,” Xia said.

Xia said he hoped the tool can help researchers and journalists, as well as support potential policy responses. Identifying those responsible for creating these repressive tools could lead to accountability, he said.

100,000 Files

Researchers with InterSecLab and several human rights organizations on Sept. 9 published a report detailing the tools sold by Geedge and how the authoritarian clients implemented them.

“These systems empower client governments to conduct both broad-scale population monitoring and internet shutdowns, while simultaneously enabling granular surveillance of internet users and targeted blocking and censorship,” the InterSecLab report reads.

The granular services include allowing government clients to identify specific individuals accessing certain websites or using virtual private networks or other tools, blocking access to specific tools or apps, and even infecting users with malware, according to the report.

One such tool is Cyber Narrator, which allows clients to find the geographic location of specific people linked to their cell identifiers. It is technology that can be used to identify protest gatherings and their participants in real time, the report notes.

A screenshot of a Cyber Narrator map shows population clusters that identify individual users as locals, visitors, or potential threats, such as “terrorist.”

Tiangou Secure Gateway (TSG) is a firewall that allows clients to monitor user traffic for an entire country, track specific users, and block access to specific tools and sites.

TSG Galaxy is a platform that stores and analyzes a significant amount of collected data.

The capability to identify and track specific users dovetails with another capability that allows for assigning social credit-style scores to specific users and cutting off internet access for people whose scores fall below a certain level.
Clients were also able to request new features and capabilities.

Among those discussed were the ability to construct relationship graphs of internet users, the ability to identify individuals who frequently change SIM cards or make international calls, and even cyberattack services.

InterSec lab researchers noted that some of this technology needed to be installed inside Internet Service Provider (ISP) data centers, making it impossible for these providers to be unaware that this digital repression is occurring.

“We are publishing this report at a critical moment for internet freedom worldwide,” the researchers wrote.

.

Read More