CyberWire Daily Root access to the great firewall. [Research Saturday]
9 snips
Dec 13, 2025 Daniel Schwalbe, Head of Investigations and CISO at DomainTools, dives deep into an extraordinary 500GB leak revealing the inner workings of China's Great Firewall. He discusses the techniques used to analyze this massive dataset, including clustering and keyword searches. Schwalbe explains the firewall's architecture and how it employs deep packet inspection to monitor encrypted traffic. The conversation also touches on the implications of the leak for enterprise monitoring and the cat-and-mouse game between censorship and circumvention tools.
AI Snips
Chapters
Transcript
Episode notes
Massive Leak Reveals Internal Firewall Design
- A 500–600GB leak revealed detailed internal documentation of China's Great Firewall, exposing architecture and tooling.
- The dump provided unprecedented clarity beyond prior empirical observations, enabling deeper technical analysis.
Central Control With Regional Enforcement
- The Great Firewall is a centrally controlled but regionally distributed system balancing central policy with local enforcement.
- Its scale and design achieve substantial censorship while preserving general internet usability and fault tolerance.
DPI At Scale Faces Encryption Limits
- Deep packet inspection inspects packet contents in real time to inform blocking and surveillance decisions.
- Encryption complicates DPI, but metadata and other techniques still reveal destinations and behaviors.