Blog on Chinese cyber operations, online surveillance, always on the hunt for leaked documents : NetAskari.online | deaddrop.netaskari.online
Joined February 2025
- Tweets 1,267
- Following 113
- Followers 8,873
- Likes 656
462 Photos and videos
Pinned Tweet
May 19
EXCLUSIVE: How the track foreigners in China - We got rare access to demo system developed by the Ministry of Public Security in China for the prefecture of Zhangjiakou, to track and surveil foreigners visiting or being residents ( actually it applies to most nationals as well, but in this case it seems to be aimed at foreigners ). It is officially known as "Dynamic control platform for overseas personnel". 1/12
90
625
1,725
971,960
18h
A while ago we got our hands on documents from the Xinjiang Police College in Urumqi, concerning the requirements on their Cyberspace Security Laboratory to be build in 2025.
The document was quite detailed on what kind of training the authorities are planning to provide to the upcoming members of the "cyber police" and delivers some interesting insights into the capabilities of the security services.
It holds details on what kind of malware and viruses the training setup should include, remote intelligence gathering ( including OSINT and network traffic analysis of targets and suspects ), learning how to use "living off the land" tooling to conduct offensive as well as defensive tactics.
It also holds references to AI capabilities and the procurement of NVIDIA RTX 4090 ( which were on the entity list at the stage of the release of the document ).
3
50
124
16,535
NetAskari retweeted
Jun 13
Story time,
Back in the 90s some of yall may remember the crypto wars. No not apes and NFTs
greater than 40 bit cryptography algorithms weren’t allowed to be exported to non US citizens.
So Netscape had to sell their browser in 128 bit and a crippled 40bit SSL versions, lotus notes held 24bits of a 64bit key in escrow with the NSA
This meant that US firms competed on the global stage with deliberately broken crypto.
It got so wild that the source code for PGP was printed as a book because that was considered free speech under the first amendment, even though exporting it on a disk would have been a felony.
Kind of amusing but those export grade ciphers would go on to become weaponised as freak and logjam vulns 20 years later.
In the meantime, in Australia the ancestor to OpenSSL was being born as SSLeay, by Eric Young. Strong crypto didn’t need the US, it’s just math after all. It was being built everywhere now, and the US gov couldn’t touch it.
Anyway the moral of this story is that the sanctioned RSA, the clandestine PGP and the foreign built OpenSSL are all now ubiquitous now.
Export controls don’t stop the progress for very long.
Short term they just hobble your own companies, and long term they push the rest of the world to build their own, often better, stuff for everyone else.
7
7
52
3,960
20h
Yeah. In urban environments thee days most of those methods probably run into issues, for normal users at least. Running a multi stage IMSI catch-and-analysis system might work better, but let's be serious here.
There was actually an interesting patent filed a while ago by a Chinese company to use "Wifi-probes" to track and monitor a certain physical area for certain target people to enter or leave. It needs though a rather elaborate mass-data analysis system to really work over time plus the fact that nowadays almost everyone is running MAC address spoofing, makes the thing probably pretty useless. But it was an interesting idea. But there is a reason why CN state backed surveillance is still focusing mainly on visuals ( cameras ), as you can't hide your body efficiently enough, a phone or other mobile device, you can just leave at home. netaskari.substack.com/p/big…
Jun 13
the thing here is, you have a scenario where a device may or may not be here, fingerprinting at that level is probably not 100% accurate. and what we are going for really is: does it say something stupid like John's iPhone because the left a hotspot on.
In remote locations its probably an option but if ur in urban its probably massively not worth it vs DOG, CCTV, locks.
1
1
11
3,987
Jun 12
If you have some information to share, some data to show or any other tip-off that deals with the kind of stories we are usually covering, you can use our dead-drop under : deaddrop.netaskari.online .
2
16
1,197
Google has filed a lawsuit against a suspected Chinese cybercrime operation alleging that it used AI to send more than 2 million scam text messages bloomberg.com/news/articles/…
12
30
68
20,287
NetAskari retweeted
Jun 12
Vietnam police bust group planning large-scale online scam centre reuters.com/legal/government…
1
7
1,226
Jun 12
Chinese operator sells a "AI box" for running "unrestricted" models locally for the creation of "adult content"...or even more.
1
19
3,000
Jun 12
I feel there will be some major "unintended" consequences with this thing, especially when it comes to the case of "transnational repression". But I guess, time will tell how it will be play out in real life.
Jun 12
This is not coming. IT'S ALREADY HERE.
Apple and the Metropolitan Police have been running this quietly for months. IMEI numbers of stolen phones shared directly with Apple. Apple bricks them remotely. no reactivation without your password. ever.
the results in London are real:
reactivations of stolen iPhones dropped from 80% to under 20%. Westminster saw a 45.8% drop in phone theft. 14,000 fewer stolen phones in a single year.
It works. Nobody is arguing that.
The announcement is just Apple making it the global default. everywhere. for everyone.
now the question nobody is asking:
Apple just confirmed that a system already exists where law enforcement hands them a list of devices and Apple disables them globally. the infrastructure is live. it's proven. it scales.
today the list is stolen phones.
This is the same Apple that will probably scan UK devices on government request. the same Apple that caved to the Online Safety Act. the same Apple that is being pressured by the same government to break Signal-level encryption.
they now have a remote off button for every iPhone on earth. and we know it works because they already used it.
the kill switch is real.
the first use case is always good.
2
20
2,519
NetAskari retweeted
Jun 10
They told the public these cameras were for serious crime.
Now we keep seeing cases where officers are accused of using access to stalk people.
That is the problem with mass surveillance: once the database exists, abuse becomes a feature, not a surprise.
404media.co/cops-keep-gettin…
14
447
959
13,267
Jun 10
This story is making the rounds at the moment but we think there should be applied some caution. The headline packs a punch but the facts in the story are very scarce on what kind of data the built-in device actually transmitted, if it was clandestinely added or if it is a standard component, that was just overlooked by the initial security inspection of the vehicle.
Modern cars are rolling gadgets with several connection-elements. All potential security issues that can be exploited or be part of a supply chain attack. But in this particular case, the article gives the impression it was intentionally placed or was out-of-the-ordinary. If it is just a standard component, that is made in China ( as so many standard components these days ), that poses a general problem but is far less of a "targeted case" as this headline implies.
Jun 10
A Chinese tracking device was discovered in 🇬🇧 Prime Minister's official car. The bug is believed to have been found in a sealed part of the vehicle imported from China.
Its discovery during a sweep first emerged in 2023, sparking fears that Beijing was aggressively spying on ministers in the then-Conservative government.
Now it has been revealed that the device was in fact found in the Prime Minister's car the previous year.
Charles Parton, of think-tank the Council on Geostrategy, told the Commons Business and Trade Committee: “The prime minister's car in 2022 was emanating data to China through the cellular module.”
This device is thought to have allowed it to communicate to others over mobile networks.
It is not clear which of the three Tory prime ministers that year — Boris Johnson, Liz Truss or Rishi Sunak — was being targeted.
Questioned by MPs about this, Parton — who served as a diplomat for almost 40 years, including more than 20 in China, Hong Kong and Taiwan – added: “A very senior member of the government who certainly knows whose car it was told me.”
The part of the car containing the geolocating device had been installed by the vehicle's manufacturer, reports at the time said.
Parton's claim came during a discussion about cellular modules, which he warned are 'in everything' including planes, cars and even smart doorbells.
“The Chinese aim to get a monopoly in the manufacture of cellular modules, and they're doing pretty well at that already,” he told MPs.
“If the Chinese wish to shut off all your vehicles, because they've all got cellular modules, it wouldn't be difficult.”
Security officials have since dismantled government vehicles used by ministers and diplomats while looking for tracking devices.
Electronic vehicle parts are said to be embedded with SIM cards before being sent to manufacturers as sealed units, with these capable of sending data back to state-owned suppliers in China.
It is understood the Prime Minister's car is run by the Metropolitan Police.
dailymail.com/news/article-1…
3
8
35
6,856
NetAskari retweeted
Spoke to @daryna_antoniuk from @TheRecord_Media about Russia's new SORM regulation.
These new mass surveillance rules are aimed at ensuring that the Russian people do not dare to express their critical views online out of fear of being identified and prosecuted.
1
3
14
902
Jun 9
Just a PSA and a general reminder: Don't use ZOOM for any form of video call that holds any confidential information ( even if you think it is just minor ), especially in the context of China stories. Even if you are based outside of China and have your account registered there. If you are "key personnel" or have the suspicion you are on the watchlist with Chinese security organs, rather find some alternative as a default.
1
24
75
8,515
NetAskari retweeted
Jun 9
As the conflict in the Middle East intensifies, here are a few articles you may want to read
Iran has actively jammed Starlink signals to prevent people from accessing the Internet, while patrols have reportedly searched for visible rooftop equipment using heat-detection technology. We covered some of the equipment involved and gave recommendations on how to conceal the fact that you are using Starlink.
Starlink: hackers-arise.com/signals-in…
While Starlink may not be an option for everyone, we also have a series on off-grid communications. In it, we cover the equipment needed and different ways to secure your communications. These devices are affordable!
Start here: hackers-arise.com/off-grid-c…
Recently @DI0256 tested it. Check out her post: x.com/DI0256/status/20582752…
Be safe out there!
I conducted a small experiment today.
Recently, I wrote some posts about Meshtastic and how it can be used. Today, I put it to the test.
I took the device with me on a short hike through the woods to see if it would help our group to stay in touch over long distances, despite the many physical barriers presented by the trees. We didn't use cellular or internet connections, we only used the Lilygo T-Echo.
As a result, we were able to communicate with each other within a range of 3–4 kilometres. However, there was a problem. The effective signal range decreased if the forest was very dense, and it also depended on the altitude above sea level: the higher you were, the better. We used the antenna that came with the device, but if you need a longer range, there are more powerful antennas available.
In conclusion, I can say that the Lilygo T-Echo is a really cool device and that it actually works. Today, we had a great time doing a simulation, but this technology isn’t just for entertainment - it's for survival, when you need to stay connected with nothing else available.
Materials I used to set up the device hackers-arise.com/?s=Meshtas…
10
21
1,823
Jun 9
"This is what Advanced Persistent Threats actually look like in 2026 — not smash-and-grab ransomware, not noisy phishing. Quiet, patient, multi-year campaigns designed to sit undetected inside critical infrastructure and exfiltrate whatever matters: call records, subscriber metadata, lawful intercept systems, and the communications of senior government officials." hackers-arise.com/chinese-ap…
4
29
6,006
Jun 8
This Ft article makes it sound as the technology that Iran owned was some sort of cutting edge, future tech that was unseen before. But that shows just a very limited knowledge of the journalist(s) who wrote this piece on the technological state 1/8: ft.com/content/6f4d806c-eb22…
1
3
41
7,551
Jun 8
Over the period of ten years, the system could be refined, new technological breakthroughs tested etc. Did id always succeed ? No. It can't be said that despite all the investment of time and money, China's mass surveillance system doesn't have gaps and issues. It is a daunting task and the human element in the chain often fails as much as the automatized systems is glitching out. But the cracks are getting smaller faster... 7/8
1
8
757
Jun 8
Despite being still heavily reliant on visual surveillance via cameras on street level, stores or venues, the system gets slowly expanded to take in mobile phone data, GIS coordinates, mass-analyzes social media accounts in an attempt to get a real time, holistic information portrait of any subject picked up by the system. Maybe the system will never reach its final stage of perfection but they for sure try. And there is still potentially a growing export market. 8/8
10
710