Cybersecurity & Tech

The Lawfare Podcast: The i-Soon Leaks with Winnona DeSombre Bernsen

Eugenia Lostri, Winnona DeSombre Bernsen, Jen Patja
Tuesday, March 5, 2024, 8:00 AM
Discussing the massive data leak against Chinese cybersecurity firm i-Soon.

Published by The Lawfare Institute
in Cooperation With
Brookings

In mid-February, Chinese cybersecurity firm i-Soon appeared to suffer a massive data leak, which offered unprecedented insight into the operations of the company, known to contract for many Chinese government agencies. The more than 500 documents include conversations between employees, sales pitches, and internal documents, and expose the firm’s hacking methods, tools, and victims. They also show in what ways the offensive cyber industries in China and the U.S. are surprisingly similar.

Eugenia Lostri, Lawfare’s Fellow in Technology Policy and Law, sat down with Winnona DeSombre Bernsen, nonresident fellow at the Atlantic Council, to talk through the leaks and her research into the key similarities and differences between the Chinese companies and their counterparts. They talked about how the Chinese government hoards vulnerabilities, the similar contracting headaches that firms in the U.S. and China suffer from, and how the findings from this leak can be used to develop better norms.

You can listen to the podcast conversation, “China’s Approach to Software Vulnerabilities Reporting,” with Dakota Cary and Kristin Del Rosso here. The conversation, “Rules for Civilian Hackers in War with Tilman Rodenhäuser and Mauro Vignati” is here.


Eugenia Lostri is a Senior Editor at Lawfare. Prior to joining Lawfare, she was an Associate Fellow at the Center for Strategic and International Studies (CSIS). She also worked for the Argentinian Secretariat for Strategic Affairs, and the City of Buenos Aires’ Undersecretary for International and Institutional Relations. She holds a law degree from the Universidad Católica Argentina, and an LLM in International Law from The Fletcher School of Law and Diplomacy.
Winnona DeSombre Bernsen is a nonresident fellow with the Atlantic Council. She spent five years in the cyber threat intelligence industry tracking nation-state and criminal cyber threats (at Google and Recorded Future), and helps organize policy content at DEFCON. She is currently an MPP/JD Candidate at Harvard Kennedy School and Georgetown Law, focusing on counter-proliferation of offensive cyber capabilities.
Jen Patja is the editor and producer of the Lawfare Podcast and Rational Security. She currently serves as the Co-Executive Director of Virginia Civics, a nonprofit organization that empowers the next generation of leaders in Virginia by promoting constitutional literacy, critical thinking, and civic engagement. She is the former Deputy Director of the Robert H. Smith Center for the Constitution at James Madison's Montpelier and has been a freelance editor for over 20 years.

Subscribe to Lawfare