Threat Insight

The Great Firewall of China

Recently leaked Information from the Chinese enterprise Geedge has shed light on some of the frightening aspects of China’s internet surveillance system, sometimes known as “the Great firewall of China”.

  • Insight

The surveillance system includes several components that allows the government of China to inspect, censor and modify all internet data in the country. The system’s capabilities include:

  • Deep Packet Inspection, that allows reading of content under TLS.
  • Censoring web sites based on url or key words in the text.
  • Blocking TOR, VPN and other methods of circumventing the system.
  • Assigning “reputation scores” to individual users.
  • Blocking internet access for individual users.
  • Throttle traffic to web sites, rather than block them, to slow down traffic.
  • Redirecting traffic to DDOS web sites.

Especially alarming is that the system can also inject malware directly into an internet stream, putting backdoors on machines even if they only visited safe content.

The information also showed that China has sold this technology to a number of other countries for a considerable sum of money. Other nations operating the Geedge system includes:

  • Kazachstan
  • Pakistan
  • Myanmar
  • Ethiopia

The Geedge system has far more advanced surveillance capabilities than legal intercept used in Western nations, with the corresponding increased potential for abuse. There are also no technical privacy guards in the system.

Recommendations

This information reinforces Truesec assessment that protecting sensitive data in China is essentially impossible. The governments surveillance capabilities, as well as a legal framework that gives the government full control over all data located in China, makes it virtually impossible to protect it from government inspection.

The ability to inject malware directly into internet streams is especially alarming, as that means that any device that is used in China can be backdoored by the Geedge system.

For many enterprises that do business in China, government surveillance may be a price they are willing to pay to do business, but organizations that are concerned about Chinese government espionage against, for example, intellectual property are advised to use the following guidelines:

  • Treat all machines, including mobile devices, that have been in China as compromised.
  • If possible, use burner phones and similar when visiting China.
  • Segment networks to separate entities in China from the rest of the network.

These recommendations also apply to personnel that visit other countries that have bought the Geedge surveillance system. This includes Kazakhstan, Pakistan, Myanmar and Ethiopia

References

[1] https://interseclab.org/wp-content/uploads/2025/09/The-Internet-Coup_September2025.pdf

Stay ahead with cyber insights

Newsletter

Stay ahead in cybersecurity! Sign up for Truesec’s newsletter to receive the latest insights, expert tips, and industry news directly to your inbox. Join our community of professionals and stay informed about emerging threats, best practices, and exclusive updates from Truesec.