---
title: "China’s Great Firewall Exposed in Massive 600GB Data Leak"
date: 2025-09-15
author: "Sofia Ramirez"
featured_image: "https://sqmagazine.co.uk/wp-content/uploads/2025/09/china-s-the-great-firewall-hacked.jpg"
categories:
  - name: "Cybersecurity"
    url: "/cybersecurity.md"
tags:
  - name: "News"
    url: "/tag/news.md"
---

# China’s Great Firewall Exposed in Massive 600GB Data Leak

A major data breach has revealed the inner workings of China’s powerful internet censorship system, exposing 600GB of files that map its operations and global reach.

## Quick Summary – TLDR:

- 600GB of data leaked from China’s Great Firewall infrastructure, including source code, internal documents, and communications
- The leak ties to Geedge Networks and MESA Lab, key developers of China’s censorship technology
- Documents reveal export of surveillance tools to Myanmar, Pakistan, Ethiopia, Kazakhstan and others
- The leak offers rare insight into how China builds, manages, and sells its internet control systems worldwide

## What Happened?

A hacking group called **Enlace Hacktivista** released what experts say is the **[largest data breach](https://sqmagazine.co.uk/data-breach-statistics/)** ever linked to China’s Great Firewall. Nearly **600GB of internal files** from two key Chinese organizations were dumped online, revealing the inner machinery of China’s internet censorship and surveillance infrastructure. The files are already under analysis by cybersecurity researchers and digital rights groups around the world.

> Massive “Great Firewall” data leak exposes China’s censorship system  
>   
> Over 500 GB of internal documents, source code, logs, and messages have been made public. The leak includes materials from Geedge Networks, linked to the “father” of the firewall, Fang Binxing, and the MESA lab… [pic.twitter.com/YSld8MfwsH](https://t.co/YSld8MfwsH)
> 
> — Visegrád 24 (@visegrad24) [September 15, 2025](https://twitter.com/visegrad24/status/1967532460398223519?ref_src=twsrc%5Etfw)

 ## Origins of the Leak

The leaked data was traced back to **Geedge Networks** and the **MESA Lab** at the **Chinese Academy of Sciences’ Institute of Information Engineering**, both critical players in China’s censorship architecture. Geedge is led by **Fang Binxing**, often referred to as the **“Father of the Great Firewall”**, who also served as MESA Lab’s early mentor.

The files include:

- **Source code repositories**
- **Technical documentation and internal communications**
- **JIRA project management data**
- **Chat logs, development notes, and reimbursement files**
- A massive **500GB RPM packaging server archive**

These internal documents, spanning several years, show how **routine, bureaucratic, and organized** China’s digital censorship system has become.

## Technical Insights From the Leak

The structure of the archive tells a story on its own. Files like *geedge\_docs.tar.zst* and *mesalab\_docs.tar.zst* contain **thousands of technical documents**, including project specs tied to China’s **Belt and Road Initiative (BRI)** and specific regional projects like **CPEC**.

Documents such as:

- **CTF-AWD.docx**
- **BRI.docx**
- **CPEC.docx**
- **geedge\_jira.tar.zst**
- **chat.docx**
- **打印.docx (Print)**

show the **depth of operational planning**, suggesting that censorship isn’t just enforced by policy but **systematically engineered** like any large software operation.

## Exporting the Firewall

Perhaps most concerning is the confirmation that **China’s censorship tools are being exported** beyond its borders. The leaked deployment logs and internal notes show Geedge’s equipment used in:

- **Myanmar**: Operating across **26 data centers** and monitoring **81 million simultaneous TCP connections**
- **Pakistan**: Integrated into a **real-time surveillance system** called **WMS 2.0**
- **Ethiopia and Kazakhstan**: Running Geedge’s **deep packet inspection (DPI)** tools
- **Unidentified countries** under the **BRI framework**

The documents show installations at **internet exchange points** and within **state telecoms**, enabling **blanket filtering, selective blocking**, and **real-time monitoring** on a national scale.

## Inside MESA and Geedge

The [leaked files](https://gfw.report/blog/geedge_and_mesa_leak/en/) provide a **detailed history** of how MESA and Geedge came to dominate China’s censorship tech landscape:

- **MESA Lab**, founded in **2012**, started as a small team under the name **Processing Architecture Team for “Massive Effective Stream Analysis”**
- By **2016**, MESA was managing over **35 million yuan** in annual projects and receiving national recognition in [cybersecurity](https://sqmagazine.co.uk/cybersecurity-statistics/)
- **Geedge Networks** launched in **2018**, recruiting top MESA researchers and becoming a **core private partner** in building and maintaining the Great Firewall

## Security and Research Implications

Security analysts are urging **extreme caution** when interacting with the leaked files. Due to their sensitivity, the risk of **embedded malware or tracking scripts** is high. Experts recommend accessing the archives only in **isolated virtual environments without internet connectivity**.

Research collectives like **GFW Report**, **Hackread**, **Net4People**, and **Amnesty International** are already dissecting the data to understand the **architecture, strategy**, and **export model** of Chinese censorship systems.

## SQ Magazine’s Takeaway

Honestly, this is one of the most **jaw-dropping tech leaks** I’ve ever seen. It’s not just a peek behind the curtain, it’s a **full blueprint** for how China censors, surveils, and **sells those capabilities** to other governments. What used to be rumors or vague suspicions is now sitting in code and documentation. It’s a massive wake-up call about how internet freedom is being compromised not just within China, but globally. If this doesn’t get people asking harder questions about the global trade of surveillance tech, I don’t know what will.