A massive data leak has exposed the inner workings of China’s Great Firewall, laying bare over 500GB of confidential files used to operate one of the world’s most extensive digital censorship systems.
Quick Summary – TLDR:
- More than 500GB of internal data from Chinese censorship infrastructure was leaked in September 2025.
- The exposed files reveal the technical systems and human networks behind China’s Great Firewall.
- Over 100,000 documents include source code, operational logs, blueprints, and real-time monitoring tools.
- The leak shows China’s surveillance tools are not only used domestically but also exported to other countries.
What Happened?
In September 2025, a massive leak exposed over 500GB of internal documents, source code, and communications from companies tied to the Great Firewall of China. The data breach, considered one of the largest in digital surveillance history, revealed not only technical operations but also personal information about the engineers and organizations running the censorship apparatus.
Massive 500GB Leak Exposes China’s Censorship Data
— Secwiser (@Secwiserapp) October 31, 2025
In September 2025, over 500GB of internal data from Chinese censorship firms linked to the Great Firewall was leaked, with estimates nearing 600GB. A single archive accounts for about 500GB. The breach exposes extensive… pic.twitter.com/CX1Y7RmvLg
Inside the Great Firewall’s Data Dump
The leak, believed to be orchestrated by either a highly placed insider or an advanced external operation, provided cybersecurity experts with an archive of nearly 600GB of sensitive information. Researchers discovered more than 100,000 files detailing the censorship technology used to monitor, block, and redirect internet traffic across China.
Among the most revealing contents:
- Source code, emails, configuration files, and runbooks used in developing censorship tools.
- Internal Jira and Confluence exports showing bug reports, deployment logs, and testing against tools like VPNs, Tor, Psiphon, V2Ray, and Shadowsocks.
- RPM packaging server files used to deploy censorship control software across Chinese networks.
- Real-time packet captures (PCAPs) and IP logs from major state-run ISPs like China Telecom, China Unicom, and China Mobile.
These elements offered a comprehensive view of how the system tracks online behavior, flags suspicious activity, and blocks traffic deemed subversive or foreign. Tools deployed at the application layer were tested against popular circumvention methods, revealing the extent of China’s technological capabilities in deep packet inspection (DPI) and SNI fingerprinting.
Human and Organizational Exposure
The breach also revealed the human infrastructure behind the technology. Thousands of Office documents, Visio diagrams, and configuration files retained metadata with usernames, affiliations, and document edit histories, directly linking engineers and contractors to censorship operations.
Internal files exposed:
- Naming conventions and departmental hierarchies.
- Machine hostnames and internal IP addresses used for test environments.
- Real-time session logs, server CPU/memory usage, and sandbox results.
These insights allowed researchers to build attribution clusters connecting state-run telecom firms, government agencies, and academic institutions. Notably implicated are:
- China Telecom, China Unicom, and China Mobile.
- Research arms like Tsinghua University, the Chinese Academy of Sciences, and CNCERT.
- Contractors including Huaxin, Topsec, and Venustech, some with suspected Ministry of State Security ties.
Exported Surveillance and Global Implications
Beyond China’s borders, the leak confirms that censorship systems and software have been exported to countries such as Myanmar, Ethiopia, Kazakhstan, and Pakistan, indicating China’s growing role in global surveillance infrastructure.
Diagrams and deployment records show the Great Firewall’s architecture is not centralized but distributed across provincial and regional nodes, with core rule authors in Beijing and localized operations elsewhere. This fragmented model contributed to regional enforcement gaps and delays in rule propagation, some of which allowed foreign IPs to bypass censorship briefly.
SQ Magazine Takeaway
Honestly, this leak is a game-changer. For years, the Great Firewall has been a black box. Now we have a detailed map of not just the code and configurations, but the real people and processes behind China’s digital censorship machine. What hits hardest for me is how deeply this system is entrenched, not just technically but socially and politically. And while the breach reveals a few cracks, it also shows the sheer scale of surveillance control China has built. If you’ve ever wondered how censorship at this level works, this leak pulls the curtain all the way back.
