A major data breach has revealed the inner workings of China’s powerful internet censorship system, exposing 600GB of files that map its operations and global reach.
Quick Summary – TLDR:
- 600GB of data leaked from China’s Great Firewall infrastructure, including source code, internal documents, and communications
- The leak ties to Geedge Networks and MESA Lab, key developers of China’s censorship technology
- Documents reveal export of surveillance tools to Myanmar, Pakistan, Ethiopia, Kazakhstan and others
- The leak offers rare insight into how China builds, manages, and sells its internet control systems worldwide
What Happened?
A hacking group called Enlace Hacktivista released what experts say is the largest data breach ever linked to China’s Great Firewall. Nearly 600GB of internal files from two key Chinese organizations were dumped online, revealing the inner machinery of China’s internet censorship and surveillance infrastructure. The files are already under analysis by cybersecurity researchers and digital rights groups around the world.
Massive “Great Firewall” data leak exposes China’s censorship system
— Visegrád 24 (@visegrad24) September 15, 2025
Over 500 GB of internal documents, source code, logs, and messages have been made public. The leak includes materials from Geedge Networks, linked to the “father” of the firewall, Fang Binxing, and the MESA lab… pic.twitter.com/YSld8MfwsH
Origins of the Leak
The leaked data was traced back to Geedge Networks and the MESA Lab at the Chinese Academy of Sciences’ Institute of Information Engineering, both critical players in China’s censorship architecture. Geedge is led by Fang Binxing, often referred to as the “Father of the Great Firewall”, who also served as MESA Lab’s early mentor.
The files include:
- Source code repositories
- Technical documentation and internal communications
- JIRA project management data
- Chat logs, development notes, and reimbursement files
- A massive 500GB RPM packaging server archive
These internal documents, spanning several years, show how routine, bureaucratic, and organized China’s digital censorship system has become.
Technical Insights From the Leak
The structure of the archive tells a story on its own. Files like geedge_docs.tar.zst and mesalab_docs.tar.zst contain thousands of technical documents, including project specs tied to China’s Belt and Road Initiative (BRI) and specific regional projects like CPEC.
Documents such as:
- CTF-AWD.docx
- BRI.docx
- CPEC.docx
- geedge_jira.tar.zst
- chat.docx
- 打印.docx (Print)
show the depth of operational planning, suggesting that censorship isn’t just enforced by policy but systematically engineered like any large software operation.
Exporting the Firewall
Perhaps most concerning is the confirmation that China’s censorship tools are being exported beyond its borders. The leaked deployment logs and internal notes show Geedge’s equipment used in:
- Myanmar: Operating across 26 data centers and monitoring 81 million simultaneous TCP connections
- Pakistan: Integrated into a real-time surveillance system called WMS 2.0
- Ethiopia and Kazakhstan: Running Geedge’s deep packet inspection (DPI) tools
- Unidentified countries under the BRI framework
The documents show installations at internet exchange points and within state telecoms, enabling blanket filtering, selective blocking, and real-time monitoring on a national scale.
Inside MESA and Geedge
The leaked files provide a detailed history of how MESA and Geedge came to dominate China’s censorship tech landscape:
- MESA Lab, founded in 2012, started as a small team under the name Processing Architecture Team for “Massive Effective Stream Analysis”
- By 2016, MESA was managing over 35 million yuan in annual projects and receiving national recognition in cybersecurity
- Geedge Networks launched in 2018, recruiting top MESA researchers and becoming a core private partner in building and maintaining the Great Firewall
Security and Research Implications
Security analysts are urging extreme caution when interacting with the leaked files. Due to their sensitivity, the risk of embedded malware or tracking scripts is high. Experts recommend accessing the archives only in isolated virtual environments without internet connectivity.
Research collectives like GFW Report, Hackread, Net4People, and Amnesty International are already dissecting the data to understand the architecture, strategy, and export model of Chinese censorship systems.
SQ Magazine Takeaway
Honestly, this is one of the most jaw-dropping tech leaks I’ve ever seen. It’s not just a peek behind the curtain, it’s a full blueprint for how China censors, surveils, and sells those capabilities to other governments. What used to be rumors or vague suspicions is now sitting in code and documentation. It’s a massive wake-up call about how internet freedom is being compromised not just within China, but globally. If this doesn’t get people asking harder questions about the global trade of surveillance tech, I don’t know what will.
