CHINA WATCHSpyware as Service: What the i-Soon Files Reveal About China’s Targeting of the Tibetan Diaspora
Governments are increasingly incorporating cyber operations into the arsenal of statecraft. This sophisticated integration combines open-source intelligence, geospatial intelligence, human intelligence, and cyber espionage with artificial intelligence, allowing for the gathering and analysis of ever-expanding data sets. Increasingly, such operations are being outsourced.
The pervasive spread of digital surveillance technologies and their deployment against vulnerable communities has attracted high-level attention from Western governments. Targeted surveillance carried out by entities such as Israel’s NSO Group through Pegasus malware have raised widespread concern. These cases have spotlighted the potential of such technologies to undermine human rights and to erode the democratic fabric of societies.
Governments are increasingly incorporating cyber operations into the arsenal of statecraft. This sophisticated integration combines open-source intelligence, geospatial intelligence, human intelligence, and cyber espionage with artificial intelligence, allowing for the gathering and analysis of ever-expanding data sets. Increasingly, such operations are being outsourced.
Turquoise Roof has released a report on Chinese cyber surveillance of the Tibetan diaspora. The report scrutinizes one instance of outsourced cyber intelligence capabilities, brought to light by the leak of internal documents from a Chinese cybersecurity firm.
Here is the Executive Summary of the report:
Executive Summary
In February 2024 a leak of documents from i-Soon, a Chinese cybersecurity firm tied to the nation’s security apparatus, gave new evidence of People’s Republic of China’s (China or PRC) large-scale and shadowy cyber espionage activities. The data dump provides valuable insight into the priorities of the Party state in hiring hackers to target peripheral communities, including the Tibetan exile administration in Dharamsala, Uyghurs in the diaspora, pro-democracy advocates in Hong Kong, as well as official entities in neighboring countries such as the Mongolian police, and India’s customs agency.
The leak demonstrates both operational continuity and a steady evolution in China’s strategic deployment of targeted surveillance technology. For long-time observers, the leak provides significant evidence confirming that China’s targeting of vulnerable individuals and groups through commercial Chinese cybersecurity companies extends well beyond PRC borders, infiltrating hundreds of official and individual systems.
Examination of the i-Soon files reveals that the Tibetan administration in exile and the Dalai Lama’s Private Office in India were among the targets of sophisticated cyber espionage. i-Soon, whose biggest clients included the Chinese police, the People’s Liberation Army, the Ministry of State Security and the Tibetan regional authorities based in Lhasa, harnessed advanced technological capabilities for data mining and communication pattern analysis.