The Great Firewall Leaks: A 600GB Trove of Secrets Exposed

China’s internet censorship system, the Great Firewall, has recently suffered the largest data breach in its history, with nearly 600GB of files leaked. The trove includes source code, internal communications, work documents, and complete server images—offering, for the first time, a comprehensive view of how this massive censorship infrastructure operates at an engineering level.

The leak is believed to have originated from the core development teams behind the Great Firewall, including Geedge Networks and the MESA Lab under the Institute of Information Engineering (IIE) at the Chinese Academy of Sciences. GFW Report, a group that has long tracked China’s censorship technology, described the incident as “the largest data leak in the history of the Great Firewall.” It remains unclear whether the disclosure was the result of insider leaks or an external cyber intrusion.

The files are currently available via BitTorrent and HTTPS mirrors. The largest archive, repo.tar, weighs in at 500GB and contains a complete RPM-packaged server image. Other materials include geedge_docs, mesalab_docs, Jira exports, and Git repository backups. Researchers note that the data spans system modules, package dependencies, and version timelines, even allowing for reconstruction of the entire product lifecycle from a supply-chain perspective—a revelation rarely seen before.

Particularly striking is evidence that the Great Firewall is not a monolithic state project, but rather a commercialized solution designed for “repeatable deployment and standardized delivery.” For example, Geedge’s Tiangou Secure Gateway (TSG) integrates deep packet inspection with SSL/TLS traffic visualization, showing for the first time how Chinese censorship technology is packaged and offered as a productized service for both domestic and foreign clients.

The documents even reference projects in Myanmar, Pakistan, Ethiopia, and Kazakhstan, detailing integration with local telecom operators and data centers—providing concrete proof of long-suspected exports of Chinese censorship technology abroad.

The leak also illuminates the relationship between MESA Lab and Geedge, clearly visible in documents and Git commit histories. The files reveal how China’s censorship capabilities evolved from academic research and student projects into commercialized engineering products, later sustained and scaled by private enterprises.

More sensitive still are the meeting notes and strategy papers included in the leak. These discuss research into circumvention tools, the establishment of a Xinjiang branch center, and technical methods for attributing internet traffic to real identities—surfacing for the first time through internal documentation and offering crucial new insights into China’s internet governance practices.

GFW Report has urged researchers analyzing the data to do so only in air-gapped, isolated environments, and to follow strict digital forensics protocols such as read-only mounting, hash verification, and multi-engine scanning to mitigate the risks of executing unknown code.

Beyond its sheer scale, the breach is significant for exposing the engineering architecture and global ambitions of the Great Firewall, providing the outside world with an unprecedented, systematic understanding of China’s censorship apparatus and its evolution.

Related Posts:

• Hacker selling 600GB of Indian police records and court reports
• Censorship as a Service: Leak Exposes Public-Private Collaboration in Chinese Cyberspace Monitoring
• The New Price of AI Chips for China: NVIDIA and AMD Will Give 15% of Revenue to U.S. Governmen