![[podcast] L’Intelligence artificielle : utopie dystopique](https://www.radiofrance.fr/pikapi/images/c3fa27d4-1615-4438-8ac0-faa742fa8c39/200x200?webp=false)
Censorship as a Service - Leak reveals public-private collaboration to monitor Chinese Cyberspace
Censorship as a Service - Leak reveals public-private collaboration to monitor Chinese Cyberspace • SentinelLABS has analysed a data leak containing infrastructure details and work logs from employees of a state-affiliated private sector security firm in China • The leaked data contains references to web content monitoring services used to enforce censorship for public and private sector customers • Work logs reveal that the firm provided bespoke monitoring services to a state-owned enterprise when a corruption scandal impacted this organisation, providing insights into how the state and CCP coordinate with some cybersecurity companies to manage fallout from corruption scandals - Opinion
SentinelLABS has analysed a data leak from Topsec (北京天融), a Chinese cybersecurity firm offering services such as Endpoint Detection & Response (EDR) and vulnerability scanning, while offering boutique solutions to align with government initiatives and intelligence requirements.
The data leak includes a document with 7,000+ lines of work logs and code used to orchestrate infrastructure for the firm's DevOps practices and downstream customers and includes scripts that connect to several Chinese government hostnames, academic institutions and news sites.
Work logs and system features were identified that indicate TopSec is likely enabling content moderation for internet censorship purposes, a key strategy used by the Chinese Communist Party (CCP) to monitor and control public opinion on issues that the state deems contentious or antisocial.
Further, there was evidence found indicating that TopSec provided bespoke services to a state-owned enterprise on the date that a corruption investigation was announced targeting the organisation's top official.
The Chinese cybersecurity market has long been a mystery for many researchers in the west. Unlike Europe and parts of the Middle East, which foster some degree of collaboration, the Chinese cybersecurity market is obscured behind the wall that divides China from the global internet. This finding reveals not only the types of technologies that are used by a prestigious Chinese tech firm, but how they are providing security services to private and public sector customers inside China.
TopSec
TopSec is a provider of monitoring and IT security solutions, as well as big data and cloud services. Established in 1995, TopSec prides itself on its long history and prioritises national cyberspace security as a core element of its mission statement.
The company is a Tier 1 vulnerability supplier to China's civilian intelligence ministry. According to TopSec's 2024 annual corporate report for shareholders, the company has been offering cloud monitoring services – including IT security monitoring capabilities – since 2004. By 2020, these TopSec services were in use across all 31 of China's administrative regions.
The leaked documents that were analysed reference multiple organisations in both the private and public sectors, likely customers or otherwise associated with TopSec.
Public sector organisations referenced in the documents include entities integral to China's political system, such as the Municipal Commissions for Discipline Inspection, which enforce party regulations and investigate corruption. Another example is the Illegal and Harmful Information Reporting Center, an entity dedicated to combating what the Chinese Communist Party (CCP) considers illegal and harmful behaviour in the online space.
Conclusion
These leaks yield insight into the complex ecosystem of relationships between government entities and China's private sector cybersecurity companies. The nature of how this data was leaked remains unclear, but the materials show that TopSec engineers were documenting their work in a highly granular way that included entire commands used to perform the outlined tasks.
Considering the types of information in this leak, organisations should evaluate how their systems and infrastructure engineers are logging work. Proper credential management is essential to securing sensitive environments. Infrastructure engineers should rely on a secrets manager that integrates with the CI/CD pipeline rather than running commands from playbooks that include hardcoded credentials. This results in only variable names being stored in commands instead of sensitive credentials and lowers the likelihood that an unexpected disclosure could result in further compromise.
