China's "Great Firewall in a Box" Export Revealed in Massive Leak
Key Points
- A leak of over 500 GB from Geedge Networks exposed China’s export of DPI technology.
- The “Great Firewall in a box” includes hardware, firmware and proprietary software.
- Exported kits have been traced to Ethiopia, Myanmar, Kazakhstan and Pakistan.
- The DPI engine blocks VPN traffic, filters keywords, and shapes internet traffic in real time.
- Citizens in the receiving countries face tighter online restrictions and increased surveillance.
- VPN providers such as NordVPN and Proton VPN have deployed custom stealth protocols.
- The export marks a shift from domestic control to a commercial censorship model.
A massive data leak of over 500 GB from Geedge Networks exposed China’s export of deep‑packet‑inspection (DPI) technology—dubbed a “Great Firewall in a box”—to at least four authoritarian regimes. The leak includes source code, work logs and internal communications that detail how the DPI engine blocks VPN traffic, filters keywords, and shapes internet traffic. Researchers traced the hardware and software to Ethiopia, Myanmar, Kazakhstan and Pakistan, highlighting a shift from domestic control to a commercial censorship model. The export raises concerns for citizens, activists and journalists as VPNs struggle to bypass the new filters.
Background
China’s Great Firewall relies on a deep‑packet‑inspection (DPI) engine that examines every data packet passing through an ISP. The system matches traffic against constantly updated lists of banned keywords, IP addresses and protocol signatures, then decides whether to allow, throttle, or drop the connection. It also employs DNS tampering, IP blocking, keyword filtering and real‑time traffic shaping to create a comprehensive barrier against foreign news sites, social media platforms and other content deemed politically sensitive.
The Leak
Researchers uncovered a leak of more than 100,000 documents and 500 GB of data originating from Geedge Networks, a company linked to the development of China’s firewall. The leak includes source code, work logs and internal communications that reveal detailed blueprints of the filtering and DPI technology. Geedge’s chief scientist, Fang Binxing, is described as the “Father of the Great Firewall.” The MESA Lab at the Institute of Information Engineering contributed algorithms designed to detect and block VPN and proxy tools.
Export to Authoritarian Regimes
Analysis of the leaked material shows that the same hardware and software have been sold to at least four overseas clients: Ethiopia, Myanmar, Kazakhstan and Pakistan. Researchers traced the export trail through cargo manifests, data‑center footprints and code annotations, confirming that a turnkey “Great Firewall in a box” is being marketed abroad. This commercial export model monetizes censorship and provides authoritarian governments with a ready‑made solution for shutting out foreign media, enforcing state narratives and suppressing dissent.
Implications for Users
The imported DPI kits can instantly block news articles, mute messaging apps or drop video calls, dramatically restricting everyday internet activity for millions of citizens. Constant surveillance erodes privacy and puts activists, journalists and whistle‑blowers at heightened risk for speaking freely. Even the most robust virtual private network (VPN) services encounter growing difficulties as the DPI engine identifies the handshakes used by many commercial VPNs and either throttles speeds or blocks connections outright.
Response from VPN Providers
VPN companies such as NordVPN and Proton VPN have introduced custom stealth protocols and advanced obfuscation tactics to counter the new filters. These measures aim to keep users connected despite the layered defenses, but the situation remains a classic cat‑and‑mouse game as censorship technologies continue to evolve.