China and Iran Have Their WikiLeaks Moment

A decade ago, the U.S. government had its dirty laundry aired by leakers like Chelsea Manning and Edward Snowden. Now it's the Chinese and Iranian governments' turn. Millions of documents from a Chinese cybersecurity contractor and the Iranian court system revealing how both governments repress dissent abroad have been posted online over the past two weeks.

The techno-libertarian optimism of the early internet has given way to pessimism over the past decade, as governments around the world have developed new tools of surveillance and social control. But the latest leaks show that the internet is still a force that can turn against even the most tightly controlled police states.

After all, new repressive technologies create new paper trails for repression. And it doesn't take much for those files to become public.

On February 16, a trove of documents from Chinese cybersecurity company I-Soon was posted on GitHub, a public platform for programmers. They revealed that dozens of Chinese government agencies, from local police departments to the army, had hired I-Soon to gather information on opponents by hacking into social media platforms and foreign government databases.

The alleged targets included people from a range of regions suffering unrest: Hong Kongers, Tibetans, and Uyghurs. The United Nations has accused the Chinese government of subjecting Uyghurs to sterilization and forced labor in Xinjiang, where hundreds of thousands have been detained in "re-education camps," a process the U.S. government considers genocide.

Where foreigners saw a horror show, security contractors saw a lucrative yet difficult business opportunity. "Everyone thinks of Xinjiang like a nice big cake…but we have suffered too much there," an I-Soon employee complained in one internal email, according to The Guardian.

The Associated Press confirmed the leaks were real. Employees told the A.P. that Chinese police are investigating the identity of the leaker, and Google cybersecurity analyst John Hultquist speculated that the leak could have come from "a rival intelligence service, a dissatisfied insider, or even a rival contractor."

Inside the I-Soon offices, A.P. reporters saw Communist Party posters that read, "Safeguarding the Party and the country's secrets is every citizen's required duty."

Then, on February 20, over 3.2 million files from the Iranian court system were posted to a searchable online database by a group known as Ali's Justice, named for a Shiite Muslim saint. The files included secret orders and instructions on how to deal with some of Iran's most well-known dissidents.

Iranian prosecutors had issued a secret list of Iranian athletes living abroad who should be arrested if they ever returned to Iran, according to Iran International, an opposition TV station based outside the country. Other documents included discussions on the "management" of the family of Mahsa Amini, an Iranian woman who died in police custody after being arrested for "bad hijab" in September 2022, the BBC reported.

"The [Amini] family is still on top of the matter and they have no intention of backing down," a memo read. Iranian authorities have claimed that Amini died of a pre-existing medical condition rather than police mistreatment, and the memo predicted that it would be "very effective" if Amini's father were to "reflect" on her illnesses in a "brief interview."

State media did indeed quote Amini's father stating that his daughter had a pre-existing condition. But soon after, Amini's father publicly said that the government lied about her death. Her name quickly became the rallying cry of a nationwide uprising against religious rule.

The hacked documents also show a fair amount of paranoia and internal discord within the Iranian government, with officials accusing each other of espionage and corruption, according to the BBC and IranWire, an investigative news site based outside the country.

Like the I-Soon leaker, the exact identity of Ali's Justice is unclear. The group previously published security camera footage showing abuses inside Iranian prisoners in August 2021 and February 2022 and hacked into a TV station to broadcast anti-government messages in October 2022.

Over the past few years, Iran has suffered a spate of high-profile cyberattacks by the United States, Israel, and the Mojahedin-e Khalq, a guerrilla group with Saudi ties. In one case, a hack by Ali's Justice came within the same week as a hack by Mojahedin-e Khalq supporters. However, Ali's Justice has been careful not to tie itself to any of these foreign actors and describes itself as a group of concerned Iranian citizens.

Whether the leaks in China and Iran came out of a foreign intelligence operation, a bureaucratic struggle, or a rogue staffer with a conscience, they provide a valuable public service. (The same is true of WikiLeaks, which has been accused of taking information from Russian operatives.) Citizens around the world have gotten a glimpse into the tactics that powerful actors use to track and silence them. The surveillance has been turned against the surveillers.