Click Here Podcast Episode 192: Return to the Leak that Unmasked China’s Hackers-for-Hire

Host: Dina Temple-Raston
Produced by: Recorded Future News
Release Date: December 17, 2024

1. Introduction to the Isoon Leak

In Episode 192 of Click Here, Dina Temple-Raston revisits a pivotal story from the podcast's archives that sheds light on the intricate relationship between Chinese cybersecurity firms and the government. The episode centers around the significant leak of internal documents from Isoon, a prominent Chinese cybersecurity company, which unveiled the structured and corporatized nature of China's hackers-for-hire network.

Dina Temple-Raston [00:14]:
"Earlier this month, the US sanctioned a Chinese cybersecurity company called Sichuan Silence and charged one of its employees with compromising thousands of firewalls. This ties back to our earlier story about a huge leak of internal documents from Isoon, revealing China's formalized hackers-for-hire network."

2. The Surprise of Mei Danowski

Mei Danowski, co-founder of the Substack newsletter nattothoughts and a specialist in China's cybersecurity landscape, becomes a central figure in understanding the impact of the Isoon leak.

Mei Danowski [02:34]:
"It was the long weekend, so I didn't really check a lot, you know, my emails, my chat and stuff."

While enjoying a rare break with her family, Mei discovers a surge of traffic on her blog, signaling widespread attention to her previous coverage on Isoon.

Mei Danowski [02:56]:
"And then I saw people was reading all my Nano Thoughts, the one I wrote about ISO. I was like, what?"

3. Unveiling Isoon’s Government Ties

The leaked documents from Isoon provided undeniable evidence of the company's collaboration with Chinese government agencies. This revelation was a goldmine for researchers like Mei, who had long suspected but lacked concrete proof of such partnerships.

Mei Danowski [03:47]:
"It's huge. I was just so surprised to see the amount of the information came out."

Previously, it was believed that Chinese cyberattacks were fueled by Guanxi—connections and relationships. However, the Isoon leak revealed a much more structured and industrial approach.

Dina Temple-Raston [04:38]:
"The leaked papers included major contracts with government agencies that had clearly been paying Isoon to build hacking tools and surveillance programs."

4. The Evolution of China's Cyber Industrial Complex

The episode delves into how companies like Isoon transitioned from grassroots hacker groups to sophisticated cybersecurity firms collaborating directly with the government.

Mei Danowski [08:02]:
"You can see it's a route because all these hackers later realized you have a patriotic sentiment. That's a good thing. But the thing is they were thinking about their future, how they can grow in this big environment as everybody was."

Isoon's strategic filing of patents for aggressive cyber tools underscores their evolution into a mature industry.

Dina Temple-Raston [08:23]:
"Isoon filed for patents for pretty aggressive techie things. They seemed to be developing the kinds of tools that could help launch cyber attacks."

5. The Chengdu 404 Lawsuit and Further Revelations

An ostensibly routine intellectual property lawsuit between Isoon and Chengdu 404 exposed deeper government ties, as Chengdu 404 was revealed to be a front for the Chinese Ministry of State Security.

Dina Temple-Raston [09:30]:
"To the uninitiated, this court filing looked like your average intellectual property dispute. But to insiders like Mei, the case was a revelation."

The U.S. Department of Justice had previously indicted Chengdu 404 employees for hacking on behalf of the Chinese government.

Michael Horka [10:20]:
"We have unsealed three indictments that collectively charge five Chinese nationals with computer hacking."

6. Insights from Isoon's Internal Communications

The leaked documents included chat logs and contract details that illustrated the competitive and collaborative nature of China's cybersecurity firms.

Mei Danowski [11:37]:
"There's interesting conversations in the leaked document... They often mentioned saying, oh, do you know, so and so. And this company sounds like they got a big contract with the Public Security Bureau. Could we tag along?"

These interactions revealed a network of "drinking buddies" who were both collaborators and competitors, striving to secure lucrative government contracts.

Dina Temple-Raston [12:10]:
"The leaked documents provide a laundry list of pilfered information... It also shows employees of Isoon actually thinking through their plans for future hacks."

7. The Legacy of Shen Wei Guang and Information Warfare

The episode chronicles the contributions of Shen Wei Guang, a dismissed People's Liberation Army (PLA) officer who is considered the father of China's information warfare doctrine.

Mei Danowski [15:20]:
"He was computer illiterate. He didn't really know how to use a laptop, a computer."

Despite his lack of technical prowess, Shen's foresight in predicting the future of warfare shifted Chinese military strategy towards information and cyber domains.

Dina Temple-Raston [16:08]:
"He wrote a book in 1985. Future wars, Shen said, would be fought with information."

8. China's Advancements and U.S. Countermeasures

Under President Xi Jinping, China intensified its cyber capabilities, shifting from discovering and disclosing vulnerabilities to hoarding zero-day exploits for offensive use.

Michael Horka [18:42]:
"They don't use a whole lot of custom tooling... They'll use things that the typical network administrators often use for remote management of servers."

This strategy made Chinese cyberattacks more sophisticated and harder to detect.

Volt Typhoon – An Escalating Threat:
The state hacking group Volt Typhoon emerged as a particularly aggressive entity, targeting critical infrastructure such as water and electric utilities, transportation, and maritime sectors.

Michael Horka [19:24]:
"Your water utilities, electric utilities, transportation, maritime, stuff like that."

In response, the Biden administration has been pushing for not only defensive measures but also contingency plans to mitigate the impact of potential breaches.

Ann Neuberger [20:04]:
"Different sectors are at different places of maturity."

9. Diplomatic Efforts and the Search for Norms

Ann Neuberger, the Biden administration's Deputy National Security Advisor for Cyber and Emerging Technology, highlighted ongoing high-level discussions with China to establish agreed-upon norms for information warfare.

Ann Neuberger [21:13]:
"To discuss rules of the road."

However, she was cautious about revealing specific outcomes or concessions from these discussions.

10. The Unique Chinese Approach to Hacking-for-Hire

Unlike Russia or Iran, which rely on cyber gangs for their operations, China has cultivated a privatized yet state-controlled cybersecurity industry. This model ensures a balance between control and deniability, allowing the government to maintain plausible deniability while leveraging private companies for cyber operations.

Mei Danowski [22:09]:
"Their goal to become a superpower is on par with United States. Then the United States do have offensive capability. That's well known, right?"

Dina Temple-Raston [22:31]:
"The Isoon papers suggest that China has developed a kind of hacking with Chinese characteristics. They've chosen something they're good at, running a business, so they've opted to recruit private industry instead of private gangs."

11. Conclusion: The Future of Cyber Warfare

The episode underscores the maturation of China's cyber capabilities and the sophisticated integration of private companies into national cyber strategies. This evolution presents significant challenges for global cybersecurity, necessitating coordinated international responses and robust defensive mechanisms.

Dina Temple-Raston [23:24]:
"Using outsiders to help you hack isn't a Chinese invention. Russian cyber gangs have been targeting Moscow's adversaries for years. Iranian hacktivists do too."

The structured and corporatized approach of China's hackers-for-hire network marks a distinctive and formidable presence in the global cyber landscape, highlighting the need for continued vigilance and innovation in cybersecurity defenses.

Notable Quotes with Timestamps

• Dina Temple-Raston [02:34]:
  "It was the long weekend, so I didn't really check a lot, you know, my emails, my chat and stuff."

• Mei Danowski [03:47]:
  "It's huge. I was just so surprised to see the amount of the information came out."

• Dina Temple-Raston [04:38]:
  "The leaked papers included major contracts with government agencies that had clearly been paying Isoon to build hacking tools and surveillance programs."

• Michael Horka [18:42]:
  "They don't use a whole lot of custom tooling... They'll use things that the typical network administrators often use for remote management of servers."

• Ann Neuberger [21:13]:
  "To discuss rules of the road."

Production Credits

• Produced by: Sean Powers and Dina Temple-Raston
• Edited by: Karen Duffin
• Fact-Checked by: Darren Ancrum
• Original Music by: Ben Levinston
• Staff Writer: Lucas Riley
• Illustrator: Megan Gough

Click Here is a production of Recorded Future News, dedicated to unraveling the true stories behind the digital world's creation and disruption.

For more insights into cybersecurity news and policies, consider subscribing to Cyber Daily from Recorded Future News.