600 GB of Source Code and Documents on China’s “Great Firewall” Leaked Online
Researchers from the Great Firewall Report team say the largest known data breach in the history of the “Golden Shield”—better known as the “Great Chinese Firewall”—has occurred. Roughly 600 GB of internal documents, source code, operational logs, and developer correspondence have been leaked online.
The archive also contains package repositories and operational manuals used to build and maintain China’s national Internet filtering system.
Origins of the Leak
The leaked files appear to be tied to the MESA Laboratory at the Institute of Information Engineering (a research division of the Chinese Academy of Sciences) and to Geedge Networks, a company long linked to Fang Binxing, one of the principal architects of the Golden Shield.
According to researchers, the trove includes full build systems for Deep Packet Inspection (DPI) platforms, along with code modules designed to detect and throttle circumvention tools. Much of the software is focused on identifying VPN traffic through DPI methods, SSL fingerprinting, and detailed session logging.
Tiangou: A “Boxed” Great Firewall
Among the leaked materials are documents describing the internal architecture of Tiangou, a commercial platform built for Internet service providers and border gateways. Researchers characterize Tiangou as a “boxed version of the Great Firewall.”
Initial deployments reportedly ran on HP and Dell servers, before later migrating to Chinese-made hardware in response to international sanctions.
One document indicates that Tiangou was deployed across 26 data centers in Myanmar, with real-time dashboards monitoring 81 million concurrent TCP connections. The system was allegedly operated by Myanmar’s state telecom provider and integrated into core Internet exchange points, enabling both broad blocking and selective filtering.
International Reach
According to Wired and Amnesty International, Geedge Networks’ DPI infrastructure extends far beyond Myanmar. Exports reportedly include Pakistan, Ethiopia, Kazakhstan, and other countries, where it is integrated with lawful interception systems.
In Pakistan, Geedge equipment is said to form part of WMS 2.0, a platform capable of real-time surveillance over mobile networks. Wired’s investigation further notes that the leaked documents confirm Geedge systems can intercept unencrypted HTTP sessions.
Unstudied but Significant
Researchers caution that only a fraction of the massive leak has been analyzed so far. Early indications suggest that build logs and developer notes could reveal exploitable flaws in how the Great Firewall and related systems operate—insights that circumvention tool developers may leverage in the future.
For now, the leak is already being mirrored by groups such as Enlace Hacktivista. However, security experts strongly warn that anyone downloading or studying the files should do so with extreme caution, ideally within isolated virtual machines or other secure environments.
