I-S00N leak: constitutional protectors publish analyses
Espionage as a service: The Office for the Protection of the Constitution processes internal documents from Chinese service provider and publishes its analyses.
(Image: Herr Loeffler/Shutterstock.com)
When a Github repository called "I-S00N" was published in mid-February 2024, alarm bells started ringing at many security authorities around the world. A flurry of activity set in: The documents provided an insight into the inner workings of a Chinese service provider that is said to work for state security and other interested agencies in the People's Republic. As part of its new "Cyber Insight" series, the Federal Office for the Protection of the Constitution (BfV) has now published its own analysis of the documents.
Even if the I-S00N leak has no direct links to Germany, it is extremely instructive, according to the analysis now published: it offers "insights into the working methods of private hacker companies and the links between malware providers and the Chinese state" and how the groups operate and work together.
Espionage as a service
BfV Vice President Sinan Selen had already explained in June how interesting the findings were for German counterintelligence. According to the data, a total of 70 people are to carry out attack campaigns for I-Soon, divided into three penetration teams, a security research team and a support team.
According to the BfV, the targets are generally in line with the Chinese state agenda: Networks of government agencies, international organizations and companies that are relevant. The documents included target entities, as well as information and contract details on specific products and services used for attacks. Prices are also mentioned in the documents - for example, that access to data for the FBI network would cost between 13,000 and 20,000 euros.
What was surprising about the I-S00N leak - also for the constitutional protectors - was that the market is obviously very competitive for the Chinese players, and even seemingly high-value targets by no means naturally met with customer interest. For example, it contains chat histories relating to data on NATO Secretary General Jens Stoltenberg, who was still in office until October, which apparently did not trigger any major interest among I-S00N's potential customers.
Shopkeeper NATO chief
"Employees' wages are low and stagnating, competition with competitors is described as intense and, in some cases, apparently no buyers are found for captured documents," writes the BfV in its publication.
The BfV does not comment on the source of the documents published on GitHub. There are indications that either a competitor, a former employee or another intelligence service published the internal documents.
In the coming weeks, the Federal Office for the Protection of the Constitution intends to make more of its evaluations of the I-S00N leak publicly available - on the links to the Chinese security apparatus, the attack targets in the target countries and the individual products and users of the "APT-as-a-Service" company's services.
(vbr)
