Best of AP — First Winner


A leaked trove of documents opens a rare window into Chinese hacking practices

The front desk of the I-Soon office, also known as Anxun in Mandarin, is seen after office hours in Chengdu in southwestern China's Sichuan Province on Tuesday, Feb. 20, 2024. Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to China’s top policing agency and other parts of its government. AP PHOTO / DAKE KANG


China has long used hacking as a political and law-enforcement tool to put eyes on dissidents, governments and other people it wants to watch. Because of Associated Press reporting efforts, the picture of how that is done — and what it might mean — is a bit clearer now.

On Feb. 19, multiple sources alerted China investigative correspondent Dake Kang to a newly discovered leak of documents from a Chinese police contractor that revealed the company was hacking the networks of over a dozen foreign governments for the Chinese Ministry of Public Security. The documents revealed in unprecedented detail how these hackers-for-hire operations worked, which systems they targeted, what tools they used and how they assisted police in the surveillance and harassment of dissidents and oppressed ethnicities even outside China’s borders. The documents had been published online by an unknown source, and no other major media outlet had picked up on it yet.

There was, however, one big issue: verification. Even though the documents appeared to line up with information from Kang’s experience reporting on Chinese tech firms, it still wasn’t 100% verified. Especially on a leak of such sensitive data, verification would be key. Kang, who at the time happened to be in the western Chinese city of Chengdu, was en route to the airport to return to Beijing when he was browsing the contractor’s website. One of their addresses was right there, just a 40-minute drive from the airport. Kang, in consultation with news leaders, canceled his flight, hopped into a cab and headed straight to the company’s offices.

With speed of the essence on such a competitive story, U.S.-based technology reporter Frank Bajak simultaneously jumped on the story, contacting cybersecurity analysts for comment, many of whom said they were going through the leak and that they thought it was authentic. The first draft of the story was written overnight Asia time by Bajak. The following morning, Kang returned to the company where two employees confirmed the leak. One of them said the company leadership couldn’t take interviews. But it was enough to confirm that the leak had happened. Kang updated Bajak’s draft with the confirmation, details of the company and interviews with China analysts. With effective communication and swift editing, the story made it to the wire during U.S. daytime.  

The cross-continental teamwork and speed paid off. The AP was first among major competitors to put the story out. Five hours after the AP story, The Washington Post topped its homepage with its own story on the documents. The New York Times followed suit, as did NPR, CNN, BBC, AFP, Bloomberg and a host of other news outlets. None were able to match the level of AP’s verification or Kang’s exclusive photos and video. Some of the outlets credited the AP with confirming the leak and the company and police investigations. Significantly, several of the news outlets, including The New York Times, The Washington Post and CNN, prominently used AP’s exclusive photos.  

For a quick and concerted scramble that leveraged differing forms of AP expertise, touched multiple continents and delivered precision on deadline, Kang and Bajak are this week’s Best of AP — First Winner.

Visit to request a trial subscription to AP’s video, photo and text services.

For breaking news, visit

Contact us