Geedge & MESA Leak: Analyzing the Great Firewall’s Largest Document Leak Author: Mingshi Wu Date: September 12, 2025 Chinese version --- Overview On September 11, 2025, the Great Firewall of China (GFW) faced its largest internal document leak ever. Over 500 GB of data including source code, work logs, and internal communications were exposed. Leak reveals key details on GFW’s research, development, and operational strategies. Leak Origin and Scope Leak source: core technical force behind GFW — Geedge Networks (Chief Scientist: Fang Binxing) and MESA Lab at the Institute of Information Engineering (IIE), Chinese Academy of Sciences. Geedge provides services domestically (Xinjiang, Jiangsu, Fujian) and exports censorship/surveillance tech abroad (Myanmar, Pakistan, Ethiopia, Kazakhstan, others under Belt and Road Initiative). Total leaked data size: ~600 GB (with mirror/repo.tar alone at 500 GB). Accessing the Leak Data Provided by Enlace Hacktivista: BitTorrent: https://enlacehacktivista.org/geedge.torrent Direct HTTPS download: https://files.enlacehacktivista.org/geedge/ Detailed usage instructions by David Fifield on Net4People GitHub. Safety Considerations Due to sensitivity and potential risks (surveillance, malware), it is advised to handle leaked files only within isolated, offline virtual machines. Background: Geedge, MESA, and the GFW Ecosystem GFW includes multiple components: R&D, operations, hardware, and coordination between government and contractors. MESA Lab, affiliated with IIE CAS, formed in 2012, grew from the National Engineering Laboratory for Information Content Security founded by Fang Binxing (“Father of the Great Firewall”). Timeline highlights: 2012: MESA team officially named (Processing Architecture Team). 2013-2018: Achievements in cybersecurity projects and talent development. 2018: Geedge Networks (Hainan) established, key personnel linked with MESA. Leak reveals connections between MESA members and Geedge personnel. Leak Content Analysis Non-Source Code Files Multiple teams have analyzed these extensively. David Fifield provides detailed notes on media reports and technical write-ups: Media reports notes Technical write-ups notes Source Code Files Not yet fully analyzed due to volume and complexity. GFW Report will continue updates on the leak’s technical implications: Current analysis page Net4People GitHub discussions Community Engagement Readers are encouraged to share questions, insights, or additional information publicly or privately. Contact details and private communication channels are available on the GFW Report website. --- Additional Resources Related discussions and updates: Net4People Reading Group Related tweets Telegram channel posts Subscription and Contacts Subscribe via: Email: Follow.it subscription RSS: https://gfw.report/index.xml Twitter: @gfw_report Telegram: @GFWReportChannel, @GFWReportGroup Contact: Email: [Provided on GFW website footer] PGP key: B0C6 EB19 DA7C EAA3 GitHub: @gfw-report --- This unprecedented leak offers critical insights into the mechanisms and global reach of China's internet censorship infrastructure. Ongoing analysis will shed light on both technical details