China’s Great Firewall Leak Exposes Global Surveillance Technology Exports
Sep 16, 2025
Key Takeaways
A 500 GB leak from Geedge Networks, a developer behind China’s Great Firewall, has exposed internal source code, engineering logs, and export records.
The data shows surveillance and censorship technologies being exported to multiple countries, including Myanmar, Pakistan, Ethiopia, and Kazakhstan.
Leaked tools include advanced firewalls, monitoring platforms, and systems designed to identify and track individuals online.
What Happened
On 9 September 2025, an anonymous source leaked more than 500 GB of data from Geedge Networks to Enlace Hacktivista, a leak-publishing platform.
The files contained:
Internal technical documents, including source code and deployment details.
Infrastructure records from Jira, Confluence, and GitLab.
Operational logs showing how censorship and surveillance tools were deployed in client countries.
Who’s Involved
Geedge Networks – A company presenting itself as a network security provider, but heavily involved in censorship and monitoring systems.
MESA Lab, Institute of Information Engineering, Chinese Academy of Sciences – Research partner in the development of Great Firewall technologies.
Government clients – Countries identified as users include Myanmar, Pakistan, Ethiopia, and Kazakhstan.
Civil society groups – Amnesty International, Tor Project, Justice for Myanmar, and InterSecLab are among those analyzing the leaked dataset.
Exposed Capabilities
The leak revealed several advanced tools and monitoring systems:
Tool / System | Capabilities |
|---|---|
Tiangou Secure Gateway (TSG) | A carrier-grade firewall similar to the Great Firewall, capable of deep packet inspection, blocking VPNs, throttling traffic, and identifying individual users. |
Cyber Narrator | A monitoring platform with SIEM-like functionality, capable of real-time network surveillance, user behavior analysis, and mobile subscriber location tracking. |
TSG Galaxy | A data warehouse system designed to aggregate and analyze user data across networks. |
Additional features include detection of circumvention tools like Tor and Psiphon, geofencing, construction of social relationship graphs, and support for hardware resilient to sanctions.
Global Impact
Pakistan – The country has adopted a system called Web Monitoring System 2.0 (WMS 2.0) and a Lawful Intercept Management System (LIMS), which integrate Geedge’s technology with foreign hardware suppliers, including a German vendor and companies in the UAE.
Myanmar – The leaked files reveal the junta’s widespread access to internet traffic, involving ISPs, data centers, and international gateways.
Ethiopia and Kazakhstan – Both countries appear to be recipients of surveillance infrastructure, enabling expanded state control over communications.
China – Evidence suggests that even within China, regional variations of the firewall exist, with provinces running their own censorship configurations.
Why It Matters
The leak confirms that surveillance and censorship technologies are not confined within China’s borders. Instead, they are packaged as export products and deployed internationally, often in states with authoritarian regimes.
This has three major implications:
Commoditization of surveillance – These systems are developed, standardized, and sold like any other IT product.
Global influence – Exported technologies allow China to extend its model of internet control abroad.
Transparency and accountability – Until now, little was known about how these tools functioned, leaving citizens and rights groups with limited ability to challenge their use.
What’s Next
Technical analysis of the leaked source code may reveal exploitable flaws or backdoors in the exported systems.
Diplomatic consequences could follow if countries are pressured to halt deployment of these technologies.
Digital rights concerns will likely grow as civil society organizations document the impact of these tools on freedom of expression and privacy.
Sanctions monitoring may intensify, as the leak suggests that foreign hardware has been integrated into sanctioned censorship systems.
Conclusion
The Geedge Networks leak shines a spotlight on the global spread of China’s surveillance and censorship technology. What was once viewed as a uniquely Chinese infrastructure is now a global export business, reshaping internet governance and civil liberties worldwide.
Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.
