BEIJING (AP) — The hotel was spacious. It had a luxurious feel. There was a karaoke bar. The CEO of a Chinese hacking company thought it would be the perfect venue for a Lunar New Year banquet to curry favor with government officials. There was only one drawback, his chief of staff said.
“Who's going there?” the aide wrote. “The girls are so ugly.”
So too are the dirty games and deals that go on behind the scenes in China's hacking industry, as revealed last month's leak of highly unusual internal documents from a private contractor with ties to the Chinese government and police. is. China's hacking industry is plagued by shady business practices, dissatisfaction with pay and quality of work, and inadequate security protocols, according to the documents.
Private hacking contractors are companies that steal data from other countries for sale to Chinese authorities. Over the past two decades, China's national security demand for foreign information has skyrocketed, creating a vast network of companies that hire private hackers to break into hundreds of systems outside China.
The existence of these hacking contractors is an open secret in China, but little was known about how they operate.but Documents leaked from a company called I-Soon When they pulled back the curtain, they revealed a seedy, sprawling industry where corners were cut to make money and rules were vague and poorly enforced.
Leaked chat records show that executives including Yi-sung were wooing officials over lavish dinners and late-night binge drinking. They collude with competitors to rig bids on government contracts. They pay thousands of dollars in “referral fees” to contacts who bring them lucrative projects. Isun has not commented on the document.
Mae Danowski, a cybersecurity analyst who blogged about I-Soon, said: Natto thoughtsIt said the documents show that Chinese hackers for hire work much like other industries in China.
“It’s profit-driven,” Danowski said. “It depends on China's business culture: who you know, who you dine and wine with, who you are friends with.”
patriotic hacking
China's hacking industry evolved from China's early hacker culture, first emerging in the 1990s when its citizens bought computers and accessed the Internet.
Wu Haibo, founder and CEO of I-Soon, was among them. Wu was a member of China's first hacktivist group, the Green Army. The group is informally known as the “Huangpu Academy,” after China's famous military school.
Wu and the other hackers call themselves “red hackers,” patriots who provide services to the Chinese Communist Party, in contrast to the free-spirited, anarchist, anti-establishment spirit popular among many programmers. We distinguished ourselves by declaring:
In 2010, Mr. Wu founded I-Soon in Shanghai. Interviews he gave to Chinese media paint a picture of a man determined to strengthen his country's hacking capabilities to catch up with his rivals. In a 2011 interview, Wu lamented that China still lags far behind the United States, saying, “There are a lot of technology enthusiasts in China, but very few are enlightened.”
With the spread of the Internet, China's hacking industry has boomed, emphasizing espionage and intellectual property theft.
High-profile hacking by Chinese state institutions, Includes employees of the U.S. Office of Personnel Management. The incident, in which personal data on 22 million existing or prospective federal employees was stolen, was so serious that then-President Barack Obama personally complained to Chinese leader Xi Jinping. They agreed to reduce espionage in 2015.
For several years, the infestations quieted down. However, I-Soon and other private hacking organizations soon became more active than ever, allowing Chinese state security forces to hide and deny. John Hultquist, chief analyst at Google's Mandiant cybersecurity division, said Yisun is “part of an ecosystem of contractors with ties to China's patriotic hacking scene.”
Chinese hackers have become a formidable force these days.
In May 2023, Microsoft revealed A Chinese state-sponsored hacker group affiliated with the People's Liberation Army called “Bolt Typhoon” is targeting critical infrastructure such as communications and ports in Guam and Hawaii, potentially laying the groundwork for chaos in the event of a conflict. The view is that there is.
Hackers like I-Soon now outnumber FBI cybersecurity personnel by “at least 50 to one,” FBI Director Christopher Wray said at a conference in Munich in January. Ta.
Documents reveal shady state-led industry
While Aisun boasted of his hacking prowess in slick marketing PowerPoint presentations, leaked records show that the real business was conducted at hotpot parties, late-night drinking parties, and poaching wars with competitors. It was revealed. The picture emerges of a company caught up in a seedy, sprawling industry that relies heavily on connections to get things done.
Isun's leadership discussed purchasing gifts and which officials preferred red wine. They exchanged opinions about who was a lightweight and who was better at drinking.
Chat records show Yisun executives paid “referral fees” for lucrative projects, including a man who signed a 285,000 yuan ($40,000) contract with police in Hebei province. This includes paying millions of renminbi (several thousand dollars). To sweeten the deal, Chen Cheng, I-Soon's chief operating officer, suggested the men arrange drinking and karaoke sessions with the women.
“He likes to touch girls,” Chen wrote.
It wasn't just officials they courted. Competitors also became targets for advances at late-night drinking parties. Some were partners, subcontractors and collaborators on government projects. There was also a hated rival who was constantly poaching employees. Often they were both.
One company, Chinese cybersecurity giant Qi Anxin, was particularly disliked, despite being one of I-Soon's major investors and business partners.
“Qi Anxin's personnel is a green tea bitch who seduces our young people everywhere and has no morals,” said Chief Operating Officer Chen. wrote a letter to CEO Wu using an internet slur referring to China.
Mr. Yisun also has a complicated relationship with Chengdu 404 (a competitor). US Department of Justice Hack over 100 targets around the world. According to Chinese court records, they worked with 404 and drank with its executives, delayed payments to the company, and were eventually sued over a software development contract.
The source of the Isun documents is unknown, and senior officials and Chinese police are investigating. And while the Chinese government has repeatedly denied any involvement in offensive hacking, the latest leaks demonstrate the deep ties between I-Soon and other hacking companies and the Chinese state.
For example, chat records show that China's Ministry of Public Security provided companies with access to so-called “zero-day” proofs of concept, an industry term for previously unknown security holes in software. . Zero-days are highly valued because they can be exploited until detected. Icen executives debated how to obtain them. These are regularly discovered in hacking contests sponsored by the Chinese government every year.
Other records show executives discussed sponsoring hacking contests at Chinese universities to discover new talent.
According to a leaked list of contracts, many of Yisun's customers were police forces in cities across China. Mr. Yisun searched for databases that could be sold to officials, such as traffic data of Vietnamese people to southeastern Yunnan province and data on Tibetans exiled to the Tibetan local government.
From time to time, I-Soon performed hacks upon request. One chat shows two parties discussing a potential “long-term customer” interested in data from multiple government agencies related to an unspecified “prime minister.”
The Chinese Academy of Sciences, a Chinese government agency, also owns a small stake in Aisun through a Tibetan investment fund, Chinese company records show.
Isun declared his patriotism to win new business.Top management discuss participation China's poverty alleviation plan Making connections is one of Chinese leader Xi Jinping's signature efforts. Mr. Wu, I-Soon CEO, suggested that the COO become a member of the Chengdu People's Political Consultative Conference, a government advisory body made up of scientists, entrepreneurs, and other prominent members of society. And in an interview with state media, Wu quoted Chinese philosopher Mencius and positioned himself as a scholar concerned with China's national interests.
But despite Wu's professed patriotism, leaked chat records tell a more complicated story. They portray competitive men with a drive to get rich.
“You cannot be Lei Feng,” Mr. Wu wrote in a private message, referring to long-dead communist workers who have been subjected to generations of propaganda as models of selflessness. “There's no point in being famous if you don't make money.”
Lax security and low pay for hacking workers
China's booming hacker-for-hire industry is taking a hit the country's recent economic downturnLeaked documents reveal that this has led to low profits, high sales, low wages, and a loss of human resources.
I-Soon was losing money, failing to pay subcontractors, and was suffering from cash flow problems. In the past few years, The pandemic has hit China's economy, the police withdrew the expenditures that hurt Yi-sun's profits. “The government has no money,” I-Soon's COO wrote in 2020.
Staff salaries are often low. Salary documents dated 2022 show that most staff in I-Soon's safety assessment and software development team receive monthly salaries of just 5,600 yuan ($915) to 9,000 yuan ($1,267) and more. There were only a handful of them. In the document, I-Soon officials acknowledged the low pay and said they were concerned about the company's reputation.
Low pay and pay disparities led to employee dissatisfaction, according to chat records. A leaked employee list shows that most I-Soon employees have vocational school degrees rather than bachelor's degrees, suggesting a low level of education and training. The sales staff reported that the customer was dissatisfied with the quality of his I-Soon data, making it difficult to collect payments.
I-Soon is part of China's hacking ecosystem. The country is home to world-class hackers, many of whom are employed by the Chinese military and other state institutions. But the company's problems reflect broader problems in China's private hacking industry. This country's crater economy, Tightening of Chinese government regulations and The growing role of the state Four cybersecurity analysts and Chinese industry officials told The Associated Press that the move is leading to an exodus of top hacking talent.
“China is no longer the country we knew. A lot of highly skilled people are leaving,” said one industry source, who declined to be named to discuss a sensitive topic. The official added that under Xi, as the state's role in China's technology industry has grown, ideology has become more important than competency, salaries have been hampered and access to officials has become crucial.
The big problem, people say, is that most Chinese officials lack the technical literacy to verify contractors' claims. As a result, hacking companies prioritize gaining favor over delivering superior results.
In recent years, the Chinese government has focused heavily on the use of technology in China's technology industry and government as part of a broader strategy to promote the country's rise. However, much of China's data and cybersecurity work is outsourced to small subcontractors employing novice programmers, with poor digital practices, and Massive data breach.
Despite the secretiveness of I-Soon's work, the company's security protocols are surprisingly lax. For example, Mr. Yisun's office in Chengdu has minimum security and is open to the public, but a sign on the office wall reads: “Protecting the secrets of the country and the party is the duty of every citizen.'' It remains open to the public despite posters warning employees. Leaked files show that the I-Soon executive frequently communicated on his WeChat, which does not have end-to-end encryption.
Documents show that officials are being screened for political credibility. For example, one indicator shows that I-Soon checks whether employees have relatives overseas, while another indicator categorizes employees according to whether they are members of China's ruling Communist Party. It is shown that there is.
Still, Danowski, the cybersecurity analyst, said many of China's standards are often “just a facade.” But in the end, that may not matter, she added.
“It's a little sloppy. The tools aren't that impressive. But the Ministry of Public Security sees that you get the job done,” she said of Yi-sun. “They will hire anyone who can do the job.”
___
Hsu reported from Hong Kong. AP Technology Writer Frank Bajak contributed to this report.
