A Hacker Sat Inside China’s Biggest Supercomputer for 6 Months and Walked Out With 10,000,000 GB
“FlamingChina” slipped in through one busted VPN door, let a swarm of little robot programs quietly copy everything, and is now selling missile blueprints on Telegram like it’s a garage sale.
10 petabytes stolen · ~6 months of quiet downloading · 6,000+ clients on the hacked system · preview price: a few grand · full dump: hundreds of thousands
The target: China’s National Supercomputing Center in Tianjin. Aerospace, fusion research, defense docs — allegedly all in the bag. Full story broke on CNN.

🧩 Dumb Mode Dictionary (read this first, no shame)
| Term | What it actually means |
|---|---|
| Supercomputer | A giant room of thousands of computers glued together to do math a normal PC would choke on. Used for weather, physics, weapons stuff. |
| Petabyte (PB) | 1 million gigabytes. 10 PB ≈ 10 million GB ≈ every photo 50,000 people ever took. It’s a LOT. |
| VPN | A private tunnel into a network. If one tunnel door is left unlocked, you’re basically inside the building. |
| Botnet | An army of small automated programs doing one boring job on repeat — here, “copy this file, now this one, now this one” for months. |
| NSCC Tianjin | The specific target — a rent-a-supercomputer hub in China serving 6,000+ science and defense clients. |
📰 What actually happened (the short version)
Right, so here’s what’s actually happening. A hacker crew calling itself FlamingChina says they found one weak VPN door into China’s Tianjin supercomputing center. They walked in, dropped a botnet (their little copy-everything robots), and let it run.
- Nobody noticed for ~6 months while it siphoned data out.
- Total haul: 10+ petabytes — possibly the biggest data theft in China’s history.
- First teaser posted on an anonymous Telegram channel on Feb 6.
- CNN couldn’t 100% verify it, but multiple experts who looked at the sample said it looks legit. (eSecurity Planet breakdown)
The kicker: they’re not leaking it for glory. They’re selling it. A preview for a few thousand bucks, the full thing for hundreds of thousands.
🔧 How one door brought down a fortress
Right, so here’s what’s actually happening under the hood. Kids these days picture hacking as furious typing and glowing screens. Reality? Way more boring, way scarier.
- Step 1: Find one VPN login that’s exposed or reused. (The digital equivalent of a back gate nobody locked.)
- Step 2: Get inside, plant automated scripts that just… copy files. Slowly. Politely. Under the radar.
- Step 3: Wait. Six months. Let 10 million gigs trickle out so no alarm ever screams “why is the internet on fire.”
The lesson every sysadmin learns the hard way: the flashy firewall doesn’t matter if one forgotten account is propping the door open. This is the stuff that breaks at 3 AM — not a Hollywood breach, just one neglected credential and a lot of patience. Security Magazine has the receipts.
📊 The receipts (numbers that don't feel real)
| Thing | Number |
|---|---|
| Data stolen | 10+ petabytes (~10 million GB) |
| Time spent quietly copying | ~6 months |
| Clients on the hacked system | 6,000+ |
| Preview price | A few thousand $ |
| Full dataset price | Hundreds of thousands $ |
| Fields allegedly included | Aerospace, military, bioinformatics, fusion sim |
| First public teaser | Feb 6, on Telegram |
🗣️ What the timeline's saying
- The paranoid crowd: “10 PB in 6 months means they had a fat pipe out and NOBODY watched the outbound traffic.” Yep. That’s the whole horror story.
- The skeptics: “Anyone can claim petabytes. Show the goods.” Fair — but experts who saw the sample leaned toward real.
- The doomers: If missile and fusion research really walked, this isn’t a data breach, it’s a geopolitics event.
- The sysadmins (me): Quietly nodding. We’ve all seen the one VPN account nobody rotated in three years. This is that, at national scale.
🧠 Why this is bigger than 'China got hacked'
Here’s the part that should make you sit up. This wasn’t a nation-state cyber-army with a billion-dollar budget. It reads like a small crew + one weak door + patience. That’s the scary democratization of this stuff — the tools to copy data are free, the botnet scripts are off-the-shelf, and the only rare ingredient is someone willing to wait six months.
Every big org — hospitals, banks, your employer — is one forgotten login away from the same story. The supercomputer isn’t special. The complacency is universal. That’s the transferable lesson, and it’s why the defensive-security skill below is suddenly worth actual money.
Cool. A Hacker Just Robbed a Country’s Brain… Now What the Hell Do We Do? (⊙_⊙)

You’re not gonna hack a supercomputer, relax. But this breach just made a bunch of boring, unsexy skills very fundable. Here’s where the honest money hides.
🚪 The Forgotten-Door Auditor
Every company has old VPN accounts, dead employee logins, and test doors nobody closed. That’s exactly what FlamingChina walked through. You become the person who finds those doors before the bad guys do — legally, with permission.
Free starting tools: Nuclei (scans for known weak spots) and Shodan (shows what a company accidentally left facing the internet). Learn the basics free on TryHackMe.
Example: A 24-year-old IT guy in Nigeria spends weekends running authorized scans for small local law firms, hands them a one-page “here’s your unlocked doors” report. Charges $150/report, does 4 a week.
Timeline: First paid audit in ~3 weeks once you can read a scan. Market stays hot for years — nobody’s closing these doors fast enough.
📡 The Outbound-Traffic Watchdog
The wild part of this hack: 10 million GB left the building and nobody watched the exit. Small businesses have zero clue what data is leaving their network right now. You set up simple “is weird stuff leaving?” monitoring for them.
Free/cheap starter kit: Wireshark to see traffic, Zeek or Security Onion for the always-watching layer. All free.
Example: A 27-year-old in the Philippines installs Security Onion on a cheap mini-PC at a local accounting firm, charges a monthly “we’ll tell you if data starts leaking” retainer. 6 clients × $80/mo = quiet rent money.
Timeline: First client in a month if you can demo one caught anomaly. Recurring income, low churn — people don’t cancel security once they’ve seen it work.
🕳️ The Leak-Sample Verifier
When a breach like this drops, journalists, researchers, and companies scramble to answer one question: is this dump real or fake? Verifying leaked samples (file structure, metadata, plausibility) is a genuine skill almost nobody markets themselves for.
Learn the craft free via Bellingcat’s OSINT guides and practice on public breach corpuses like Have I Been Pwned’s writeups.
Example: A 22-year-old in India builds a rep on X (#OSINT) doing free quick-take threads on whether new “leaks” are legit. Within months, a threat-intel newsletter pays him per verified writeup.
Timeline: Reputation build is 2-3 months of free work. Then inbound. Fades only if you stop being first — speed is the moat.
🪟 The Patch-Window Sprint
Every time a breach headline hits, thousands of small companies suddenly care about the exact weak spot involved (here: exposed VPNs) — for about 3 weeks. That panic window is a paid gig if you move fast. Be the person who shows up with a checklist while everyone’s scared.
Grab the free CISA VPN hardening guides and OpenVPN’s own hardening docs, package them into a “lock your VPN in one afternoon” service.
Example: A 25-year-old freelancer in Brazil emails 40 local clinics the week this news breaks: “Same door that leaked China’s supercomputer — I’ll audit yours for $200.” Books 9 jobs off the fear alone.
Timeline: Cash in days if you email during the news cycle. Window closes in ~3-4 weeks when the headline fades. Rinse-repeat next breach.
📖 The Breach Dictionary Guy
Every huge breach spawns new jargon and confused people googling “what is a botnet / VPN domain / petabyte.” Be the first clear, plain-English explainer for the specific incident and you become the SEO anchor everyone links to. Not a generic blog — a laser-focused “FlamingChina breach explained for normies” resource.
Publish free on GitHub Pages or Notion, get found via clean titles. Add an affiliate link to a password manager at the bottom, naturally.
Example: A 23-year-old in Pakistan writes one tight “10 Petabyte Hack, Explained Simply” page the day it breaks, ranks on Google in a week because nobody else wrote plainly, pulls steady ad + affiliate clicks.
Timeline: Ranks in 1-2 weeks while competition is thin. Traffic tapers as the story ages, but the SEO authority carries to your next breach post. Compound it.
🛠️ Follow-Up Actions
| If you want to… | Do this |
|---|---|
| Understand the breach | Read the CNN report |
| Learn hacking legally | Start TryHackMe (free) |
| See what’s exposed online | Poke around Shodan |
| Watch your own traffic | Install Wireshark |
| Check if YOU’VE been leaked | Search Have I Been Pwned |
Quick Hits
| You want… | Do this |
|---|---|
| Kill old VPN/logins, turn on 2FA everywhere | |
| Learn defensive security free | |
| Study Bellingcat OSINT | |
| Sell traffic monitoring with Security Onion | |
| Read the eSecurity Planet writeup |
The firewall cost millions. The unlocked door cost nothing. Guess which one lost the war.
!