China's Internet censorship system, the Great Firewall, has recently experiencedLargest data breachThe total amount of leaked files is close to 600GB, including source code, internal communication records, work documents and complete server image data. For the first time, the outside world can fully examine how this huge blocking mechanism works from an engineering perspective.
The source of the leak points to the core development team of the Great Firewall, including Geedge Networks and the MESA laboratory under the Institute of Information Engineering (IIE) of the Chinese Academy of Sciences.GFW ReportThis incident was called "the largest data leak in the history of the Great Firewall", and there is still no clear evidence to show that it was an internal leak or a hacker attack.
The leaked content is currently available for download via BitTorrent and HTTPS mirrors. The largest file, repo.tar, is a whopping 500GB and contains a complete RPM-packaged server image. It also includes geedge_docs, mesalab_docs, Jira exports, and Git repository backups. Researchers point out that this data not only covers system modules, package dependencies, and version timelines, but can even restore the entire product lifecycle from a supply chain perspective, which is extremely rare in the past.
Even more striking, the leaked documents reveal that the Great Firewall is not a single national project, but rather a commercial solution with repeatable deployment and standardized delivery. For example, the Tiangou Secure Gateway (TSG), launched by Jizhi, integrates deep packet inspection and SSL/TLS encrypted traffic visualization, offering the first glimpse of Chinese internet censorship technology being packaged as a product and service offering both domestically and internationally.
The document even mentions Myanmar, Pakistan, Ethiopia, Kazakhstan and other countries, and lists the integration plans of local telecommunications and data centers, providing clear evidence for past speculation about China's Internet censorship technology being "exported overseas."
Furthermore, the connection between the MESA lab and Jizhi is clearly demonstrated through documents and Git commit logs. The leaked content shows how China's internet censorship technology has evolved from academic research and student projects to commercially viable engineering products, and then been adopted and operated by businesses.
More sensitive parts also include meeting records and strategy documents covered in the leaked materials, which discussed the research of circumvention tools, the establishment of a branch center in Xinjiang, and the technical details of attributing Internet traffic to real identities. These were exposed for the first time in the form of internal files, becoming an important new clue for the outside world to study China's Internet governance.
GFW Report calls on researchers interested in analyzing this data to do so in an offline, isolated environment and follow digital forensics security procedures, such as read-only mounting, hash matching, and multi-engine scanning, to avoid executing unknown code and reduce potential risks.
The leak attracted attention not only for its staggering scale, but also for revealing the engineering design and global layout of the Great Firewall, allowing the outside world to systematically understand the overall picture and evolution path of China's Internet censorship technology for the first time.
