{"id":91375,"date":"2025-11-25T12:00:00","date_gmt":"2025-11-25T09:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=91375"},"modified":"2025-12-04T06:47:01","modified_gmt":"2025-12-04T03:47:01","slug":"exporting-the-cudgel","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/exporting-the-cudgel\/","title":{"rendered":"\u00a0How China’s Next-Gen DPI Powers Global Digital Control"},"content":{"rendered":"

Leaked data confirm that Beijing has shifted from domestic censorship to the active export of control tools. Chinese contractors are delivering turnkey infrastructure to suppress dissent in Pakistan<\/a>, Ethiopia and Myanmar<\/a>.<\/p>\n

The main takeaway from the recent leaks, however, is not political but personal: the vulnerability of every user\u2019s privacy to a new generation of deep packet inspection (DPI<\/a>).<\/p>\n

ForkLog examined the leaked documents of Chinese technology companies Geedge Networks and KnownSec.<\/p>\n

Anatomy of the leak<\/h2>\n

In the autumn two large troves entered the public domain. The first\u2014100,000 documents from Geedge Networks<\/a>, a firm specialising in network monitoring and censorship. The second\u201412,000 files from KnownSec<\/a>, which is linked to China\u2019s state security.<\/p>\n

The dump offers a rare look under the hood of the cyber\u2011surveillance industry. Where experts once merely suspected export versions of the Great Chinese Firewall, they now have technical specifications, architecture and named clients.<\/p>\n

Geedge Networks is not just an IT company. It is closely tied to MESA Lab (a state laboratory in China) and to Fang Binxing, often called the father of the Chinese firewall. The leaks show that tools honed for years on China\u2019s population have been packaged into a commercial product for overseas sale.<\/p>\n

The Great Firewall in a box<\/h2>\n

Geedge\u2019s flagship is the Tiangou Secure Gateway (TSG), a hardware\u2013software stack installed in ISPs\u2019 data centres. It can analyse, filter and block traffic at nationwide scale.<\/p>\n

Its architecture is modular and highly efficient:<\/p>\n

    \n
  1. Cyber Narrator \u2014 a real-time monitoring system.<\/strong> It records every user action: visited sites, DNS queries, IP addresses, timestamps and data volumes. It is an activity log of an entire population.<\/li>\n
  2. TSG Galaxy \u2014 the analytics hub.<\/strong> Data from Cyber Narrator flow here. The system builds user profiles, detects patterns and social graphs.<\/li>\n
  3. Tiangou \u2014 the control console<\/strong>. It lets operators (intelligence or police personnel) add keywords to blacklists, and block domains and specific users.<\/li>\n<\/ol>\n

    The system does not rely only on IP addresses. It uses DPI. If traffic is encrypted (HTTPS), it examines metadata and behavioural patterns to infer the type of information transmitted.<\/p>\n

    The Myanmar case: technology against protest<\/h2>\n

    The leak confirmed the geography of sales. China is exporting a turnkey model of state control. The documents list project codes for different countries:<\/p>\n

      \n
    1. K18\/K24 (Kazakhstan): active rollout;<\/li>\n
    2. P19 (Pakistan): used to police social unrest;<\/li>\n
    3. M22 (Myanmar): deployed to suppress protests after the 2021 military coup.<\/li>\n<\/ol>\n

      The last case is the most telling\u2014confirming the role of Chinese technology in quelling civic discontent. After the coup, the new authorities faced the imperative of controlling the information space.<\/p>\n

      Geedge documents confirm that the company supplied infrastructure to Myanmar\u2019s providers. The system simultaneously monitors 81 million internet connections.<\/p>\n

      What the system does in Myanmar:<\/p>\n