Forum

SIDEBAR: IT Connect...
 
Notifications
Clear all

SIDEBAR: IT Connections Between Guo Wengui, Bannon and China

1 Posts
1 Users
0 Reactions
91 Views
Posts: 1
Admin
Topic starter
(@julio)
Member
Joined: 3 years ago
wpf-cross-image

 

EDITOR’S NOTE: The court information in this article is from the documents and exhibits in the case of Eastern Profit Corporation Limited v. Strategic Vision US, Case No.1:18-cv-02185-LJL (SDNY 2018).

Most of this information was obtained by the litigating parties through subpoenas issued to CloudFlare and Google. Their document production reveals information that would not normally have been available to the general public. If it were not for the lawsuit, this information might never have come to light.

As stated in the main article, there is technical evidence –IP addresses, recovery emails and telephone numbers-- connecting Guo Wengui and Steve Bannon’s organizations to the Chinese government, even though they claim to be anti-Communist and anti-Chinese government.

Guo’s social media operation has close ties to the Mainland [China], with many administrators for his websites and social media accounts operating from the Mainland. Guo’s primary vehicle for spreading his message and for extending his political influence (such as by hiring Bannon), Saraca Media Group (a Delaware corporation d/b/a Guo Media), appears to have administrators in Mainland China. [P. 41]

 

Guo Media is Guo’s personal social media platform. Guo Media’s domain (guo.media) was registered and is controlled by the same tight circle of staff in New York and Hong Kong (as well as at least one person in Mainland China). The use of the same set of individuals in Hong Kong and New York to run the Guo network’s accounts is consistent with Yvette Wang’s testimony that as President of GSNY, she took directions from China Golden Spring Group, Hong Kong Ltd.11 [P. 43]

Eastern Profit –one of Guo Wengui’s businesses-- claims that its assets were frozen by the Hong Kong High Court as of June 2017, and the order it admits [into evidence] is evidence of the seizure. These include China Golden Spring Group (Hong Kong) limited, the entity that Yvette Wang says gave her direction on the Strategic contract. Other frozen assets include Rosy Acme Ventures Limited , an entity which Guo admitted in an interview was being used to pay his employees through China Construction Bank, claiming that he asked CCP officials to resolve his Hong Kong “thing,” that they had frozen his Hong Kong assets, and that a China Construction Bank account with $8M HK used to pay staff “salary” was frozen, which can only refer to the Rosy Acme account with $8.6M HK purportedly frozen. Thus, Guo has claimed not only that his Hong Kong assets were frozen by the CCP, but that his operations have been shut down there. [P. 44]

Yet, Guo Media’s Cloudflare account shows that programmers physically based in Mainland China have open access to its servers.

The Cloudflare account was created by someone based in Hong Kong on November 19, 2017 who was working for China Golden Spring Group, likely Donald Chan or Chan Ka On. See also, Billing Profile Details sheet, showing Chan’s Hong Kong physical address and his email itadman@goldenspringgroup.com, as well as the IP address he used on Nov. 19, 2017). The address is Guo’s family office, whose assets were supposedly frozen along with Eastern Profit’s in an “anti-dissident” crackdown no later than June 2017 [P. 44]

Cloudflare continued sending its invoices to China Golden Spring’s Hong Kong office, at Bank of China Tower, 49F, 1 Garden Road, for most of 2018, long after China Golden Spring’s assets were allegedly frozen; then sent the same invoices to Golden Spring (New York) at 800 Fifth Avenue, 21F, New York, New York and then to Saraca Media Group (which also managed the domain for the Rule of Law Foundation starting in Feb. 2019) at exactly the same address. [P. 44-45]

Cloudflare’s records show that at least four administrators accessing the name servers for the various Guo-affiliated domains, did so using IP addresses that were physically based in Hong Kong, and another three administrators used IPs based inside Mainland China. Excerpts of Cloudflare’s Audit Log for Guo.Media (paired with IP Address Location Reports), show access information for the following Guo.Media users [P. 44-45]:

User 11240210, used IP Address 43.225.106.61 on 11/8/18, in Hong Kong;

User 8468394 (Chan), used the following IP Addresses on the following dates:
IP 61.93.141 on 11/19/2017 in Hong Kong, [ED: incomplete IP address – direct from court docs]
IP 45.112.205.91 on 1/31/2018 from Hong Kong

IP 59.149.73.54 on 2/8/2018 in Hong Kong;

User 11298209, used IP 123.146.04 on 11/14/2018 from Mainland China – [ED: incomplete IP – direct from court docs]
User 9040756 used IP 223.197.179.236 on 2/11/2018 in Hong Kong;

User 10508322 used IP 120.230.160.99 on 10/27/2019 from Mainland China.)

Despite all his activities to “topple” CCP, Guo has been comfortable using personnel in mainland China to manage the IT backend of his ventures. The entities Guo controlled in Hong Kong have never failed to wire money to Guo, which would be unimaginable to other dissidents given MSS’s tight control of the cyberspace in China and financial systems in Hong Kong.

Voice of Guo Channels are Managed by People with Chinese-run qq.com Email Domains and Chinese Telephone Numbers

Over and above the circumstantial evidence admitted to the court case above, a pattern emerges with respect to Guo’s various social media accounts on YouTube. Guo’s four Voice of Guo Media channels, Guo’s own official “Guo Wengui” channel, and one for the Rule of Law Foundation—are linked to each other’s official YouTube “home” page, presenting them to the public as one cohesive, intertwined network. All these channels are managed by people with qq.com or other Mainland Chinese email domains.

The telephone country code for Mainland China is “86.” Guo Media YouTube Channels 2 and 3, alternate emails for the July 9, 2015 (after Guo left China) nangongsnow@gmail address for manager “Snow Nangong” are both Chinese: 88951176@qq.com and 303014030@qq.com. Finally, a manager for Voice of Guo Channel 1 set up xiaoxiyou1@gmail.com on August 11, 2018, using a recovery number, 8618918215947 that, again, is a Chinese phone number. [P. 46]

Discovery produced by Google about the IT administrators, who manage and update five of those channels, (this excludes Guo’s own “official site”—for which YouTube did not produce a list of “owners” or managers), reflects a backend technical team that is every bit as interconnected. Each of the accounts, four Voice of Guo, and one Rule of Law Foundation account, share administrators in common with at least two other channels. See, Exh. KKKK.

First, all three Voice of Guo Media YouTube accounts (Channels 1-3, as noted in the last citation) were set up with the “manager” as the Gmail address of 654505105@gmail.com. That Gmail address was itself set up on August 21, 2018—long after Guo claimed to be a dissident and to have had his Mainland/Hong Kong operations shuttered—using a “recovery email” address that is Chinese. The recovery email is 654505105@qq.com, and a recovery phone number that is also Chinese: 8613422475313.

Second, yet another Voice of Guo Media account manager (for Channel 2, noted in the last citation), set up the Gmail address yanzhonghuashu1974@gmail.com on March 3, 2018, again, using a recovery email address that is Chinese: 550369674@qq.com.

For the “Voice of Guo” channel, the “qq.com” domain is operated by Tencent, a Chinese company based in Guangdong Province (see image below)

According to an article on the web site “The Record,” --”China’s Great Firewall is blocking around 311k domains, 41k by accident”-- academics tested 534 million domains during a nine-month period between April and December 2020, where they discovered the following [403]:

In the largest study of its kind, a team of academics from four US and Canadian universities said they were able to determine the size of China’s Great Firewall internet censorship capabilities.
[...]
Using GFWatch, researchers said they tested 534 million distinct domains, accessing around 411 million domains on a daily basis in order to record and then verify that the blocks were persistent.

After nine months of compiling data, they found that China’s Great Firewall currently blocks around 311,000 domains, with 270,000 blocks working as intended, while 41,000 domains appear to have been blocked by accident.

Click below screenshots to download the full report

Several damning pieces of evidence that reveal Guo Wengui’s organization is cooperating with Chinese authorities is their ability to access certain domains. China employs a centralized internet traffic blocking system called “China’s Great Firewall” (CGF), which blocks access to certain domains from within China.

An organization called “Great Firewall Watchdog” (GFW ) used a system developed by academics worldwide called GFWatch to survey blocked domains within China. In July of 2021, they published a partial list of domains blocked by China’s Great Firewall [404]. Cloudflare.com is listed among the 26011 blocked domains, including Facebook, Twitter, Google and tibettimes.com.

Any person within China that wants to access any of the above-listed domains will be met with a network block – access denied, in essence.


QQ and WeChat is being monitored by cyber-police 24/7

But, the evidence turned over by Cloudflare and Google to the courts show that internet technicians working for Guo Wengui from within China are able to access some of these blocked domains. Their IP addresses, as shown in the previous section, were recorded as they accessed servers and other resources that they use to spread disinformation. Using an IP geographic locator tool, some of these IPs were shown to be originating from China. In other words, Guo’s technicians were able to access blocked domains, effectively bypassing CGF.

If the GFWatch survey showed these domains as being blocked from within China, how is it be possible that IP addresses originating from China are able to access these domains (like Cloudflare)?

The answer appears simple: a Chinese Communist Party (CCP) organization, such as the MSS (Chinese intelligence service), is tasked with monitoring and filtering all internet traffic to China. They appear to have opened up access to these blocked domains specifically for Guo’s network and his technicians – everyone else is blocked (like the GFWatch group).

If Guo Wengui is a true Chinese dissident, as he claims to be, why would he be coordinating with the CCP? He claims to be virulently anti-Communist, yet evidence suggests he is cooperating with the CCP. Is he truly who he claims to be, or is he part of a covert plan to destabilize US government and society by creating and disseminating disinformation designed to harm the USA?


Sources:

401 - https://www.wsj.com/articles/fundraising-at-company-tied-to-steve-bannon-and-guo-wengui-faces-probe-11597857467?st=oknsi0phklcydcv&reflink=desktopwebshare_permalink
402 - https://www.csis.org/blogs/new-perspectives-asia/who-benefits-chinas-cybersecurity-laws
403 - https://therecord.media/chinas-great-firewall-is-blocking-around-311k-domains-41k-by-accident/
404 - https://github.com/wongsyrone/domain-block-list/blob/master/domains.txt

Share:
Dany Williams

Dany Williams

Typically replies within an hour

I will be back soon

Dany Williams
Hey there 👋
It’s your friend Dany Williams. How can I help you?