Data leak at Chinese firm reveals government monitoring

Today

SentinelLabs has uncovered a data leak from TopSec, a Chinese cybersecurity firm, revealing its involvement in monitoring web content at the behest of governmental agencies. SentinelLabs' research indicates that the firm plays a role in helping the Chinese government oversee and censor discussions on sensitive topics.

The research, stemming from an analysis of over 7,000 lines of work logs and code, shows that TopSec provides web content monitoring services to both public and private sectors. This includes coordination with state-owned enterprises during corruption scandals, highlighting how the Chinese state and the Chinese Communist Party (CCP) collaborate with cybersecurity companies to manage such issues.

TopSec, known for services such as Endpoint Detection & Response (EDR) and vulnerability scanning, also offers boutique solutions tailored to government initiatives and intelligence requirements. The leaked data contains scripts that connect to various Chinese government, academic, and news sites, suggesting a comprehensive involvement in national cyberspace oversight.

Leaked documents also reference several public sector organisations associated with TopSec. These include the Municipal Commissions for Discipline Inspection, which enforce party regulations and probe corruption, and the Illegal and Harmful Information Reporting Center, responsible for combating online behaviour deemed harmful by the CCP.

"The analysis of the leak provides insight into how the CCP uses private sector expertise to enhance its system of internet censorship," a SentinelLabs representative stated. "The lines between public policy and private sector service offerings are blurred, illustrating a complex ecosystem of government and private partnerships."

TopSec, established in 1995, focuses on monitoring, IT security solutions, big data, and cloud services, maintaining cybersecurity as a core mission. It serves as a Tier 1 vulnerability supplier to China's intelligence ministry and has provided cloud monitoring services since 2004, extending across all of China's administrative regions by 2020.

The documents reveal a detailed recording of development operations, underscoring the need for organisations globally to assess their own logging practices. SentinelLabs suggests that robust credential management is crucial to protect sensitive environments, advocating for the use of secret managers in CI/CD pipelines to avoid storing sensitive data directly in operational commands.

The findings cast light on the opaque nature of China's cybersecurity market, which often remains elusive to international researchers. By exploring the technological capabilities of a major Chinese tech firm like TopSec, the research elucidates the intricate relationships between the Chinese state apparatus and private cybersecurity companies.

The exact mechanism of the data leak remains unknown, but the incident underscores the importance of stringent data security measures. As cybersecurity continues to be a vital component of international relations, such leaks highlight the ongoing global challenges in managing digital information and infrastructure security in a rapidly evolving tech landscape.

Share on: