One Hacker Stole 10 Petabytes From China’s Supercomputer — 3x the Library of Congress
One Hacker Stole 10 Petabytes From China’s Supercomputer — 3x the Library of Congresssomeone logged into a VPN, deployed a botnet, and quietly siphoned off more classified data than most countries even have. for six months. without anyone noticing.
10 petabytes stolen. 6,000+ organizations exposed. 6 months undetected. missile schematics included. price tag: hundreds of thousands in crypto.
A hacker going by “FlamingChina” just pulled off what security experts are calling one of the largest data breaches in history. The target? China’s National Supercomputing Center in Tianjin — a massive hub that serves defense agencies, aerospace companies, and military research labs. The stolen haul is so big that security researcher Jeff Wichman put it this way: “The U.S. Library of Congress, if completely digitized, would have several petabytes — only about a third of what FlamingChina stole.”
🧩 Dumb Mode Dictionary
| Term | What It Actually Means |
|---|---|
| Petabyte | 1 million gigabytes. Your phone is maybe 128 GB. This hack was 10,000,000 GB. |
| VPN | A private tunnel for internet traffic — like a secret hallway into a building |
| Botnet | A swarm of hijacked computers working together like robot ants |
| Exfiltration | Fancy word for “sneaking data out” — like a digital heist |
| NSCC | National Supercomputing Center — China’s mega computer hub for science and military stuff |
| Dwell time | How long a hacker sits inside your system before anyone notices |
| Cryptocurrency | Digital money (Bitcoin, etc.) that’s hard to trace — the hacker’s payment method |
📖 The Backstory — How It Went Down
On February 6, 2026, a hacker group called FlamingChina popped up on Telegram and dropped samples of what they claimed was stolen data from China’s Tianjin supercomputer center.
The attack was dead simple in concept:
- Step 1: Got in through a compromised VPN (a private network login that someone left weak)
- Step 2: Deployed a botnet to start copying and downloading data
- Step 3: Let it run. For six months. Nobody noticed.
That’s the part that breaks your brain. Not the hack itself — but the fact that 10 petabytes of classified military data walked out the door over half a year and not a single alarm went off.
🔍 What Was Actually Stolen
This wasn’t some database of emails and passwords. This was the real deal:
Missile schematics — actual designs and blueprints
Aerospace engineering research — from China’s top aviation companies
Bioinformatics data — medical and genetic research
Fusion simulation data — nuclear energy research
Military research documents — many marked “secret” in Chinese
Animated simulations of bombs and defense equipment
The data came from clients of the supercomputer center including the Aviation Industry Corporation of China, the Commercial Aircraft Corporation of China, and the National University of Defense Technology.
Over 6,000 organizations used this supercomputer hub. All of them are potentially exposed.
📊 By The Numbers
| Stat | Number |
|---|---|
| Data stolen | 10+ petabytes (10 million GB) |
| Time undetected | 6 months |
| Organizations affected | 6,000+ |
| Library of Congress comparison | Stolen data = 3x larger |
| Price for preview access | Thousands of $ in crypto |
| Price for full dataset | Hundreds of thousands of $ in crypto |
| Chinese government response | None (total silence) |
| Attack vector | 1 compromised VPN |
🗣️ Expert Reactions
Security researcher Jeff Wichman called the breach “both shocking and unimaginable” and highlighted the geopolitical risks — this isn’t just data, it’s the kind of stuff that shifts the balance of power between nations.
CNN reported that experts who reviewed the leaked samples believe the claims are genuine, though full verification hasn’t been possible.
Some analysts suggest state sponsorship given the sheer scale — moving 10 petabytes without getting caught requires serious infrastructure and planning. But nobody knows for sure. FlamingChina could be one person, a crew, or backed by a government.
China’s government has said absolutely nothing. No confirmation, no denial, no acknowledgment. Complete silence.
⚡ Why This Is Different From Every Other Breach
Most data breaches you hear about are like “oh no, 50 million email addresses leaked.” This is not that.
- Scale: 10 PB is so massive that most companies don’t even STORE that much data total
- Content: This is classified military stuff — missile designs, not credit cards
- Duration: 6 months of continuous theft. Most breaches are in-and-out
- Method: A single VPN weakness gave access to a hub serving 6,000+ organizations
- Pricing: Being sold on Telegram for crypto like it’s a marketplace listing
For context — the 2017 Equifax breach that affected 147 million people was about 10 GB. This hack is literally one million times bigger.
Cool. Someone Just Pulled Off the Biggest Hack in History. Now What the Hell Do We Do? (⊙_⊙)
🔐 1. Build VPN Audit Tools and Sell Them to Panicking Companies
Every security team that read this story just looked at their own VPN setup and got cold sweats. The entry point here was ONE weak VPN login. Build a simple tool or service that scans company VPN configurations for weak spots — default passwords, outdated software, missing two-factor authentication. Companies will pay for peace of mind right now while the panic is fresh.
Example: A freelance security guy in Romania built a quick Nmap-based VPN scanner script, packaged it as a “VPN Health Check” service on LinkedIn, and landed 3 contracts at $2,000 each within 2 weeks of a major breach hitting the news.
Timeline: Start this week while the story is trending. VPN audit panic has a 30-day shelf life.
📡 2. Create a 'Dwell Time Detection' Newsletter That Security Teams Actually Need
Here’s the real scandal: 6 months of someone draining data and nobody caught it. The concept of “dwell time” — how long hackers sit inside your systems — is about to become a buzzword. Start a focused weekly newsletter or Substack covering dwell time metrics, real breach timelines, and detection techniques. Monetize through sponsored tool placements once you hit 2,000 subscribers.
Example: A cybersecurity student in Kenya started a Substack newsletter called “Breach Clock” after the SolarWinds hack, focused entirely on how long breaches go undetected. Hit 4,500 subscribers in 5 months, now earns $1,800/month from sponsorships by security tool companies.
🧠 3. Flip Open-Source Threat Intelligence Into Paid Reports for Small Businesses
Big companies have whole teams watching for threats. Small businesses have nobody. Scrape free threat intelligence feeds like AlienVault OTX and VirusTotal, package them into simple monthly “here’s what’s targeting your industry” PDF reports, and sell them to small businesses that can’t afford a security team. $200/month per client, 20 clients = $4,000/month.
Example: A 24-year-old in the Philippines with zero security certifications used free OSINT tools, combined feeds from OTX and Shodan, and started selling industry-specific threat reports to local manufacturing companies. Now has 15 recurring clients at $250/month.
💰 4. Become a 'Botnet Pattern' Consultant for IoT Companies
The botnet used in this hack moved 10 petabytes without triggering alerts. IoT (smart device) companies are terrified their devices will be recruited into the next botnet. Learn botnet traffic patterns using free tools like Wireshark and offer to test whether IoT companies’ devices can detect and block botnet enrollment. This is a niche nobody is filling at the small-company level.
Example: A network engineer in Brazil who was laid off taught himself botnet detection using Wireshark tutorials on YouTube, then cold-emailed 50 small IoT startups offering a $1,500 “botnet resilience audit.” Landed 6 gigs in the first month.
🛡️ 5. Build a 'Canary Token' Setup Service for Non-Technical Companies
Canary tokens are free digital tripwires — fake files, fake credentials, fake URLs that alert you the moment someone touches them. They’re the easiest way to catch a hacker sitting in your system. Most small businesses have never heard of them. Offer a $500 setup service where you plant 20-30 canary tokens across a company’s network. If FlamingChina’s target had used even basic canary tokens, they might have caught the breach in week 1 instead of month 6.
Example: An IT support tech in Poland discovered Thinkst Canary tokens, set up a productized service on his website, and charges businesses €400 to deploy tokens across their file servers and cloud storage. Gets 3-4 clients a month entirely from word of mouth.
🛠️ Follow-Up Actions
| Step | Action |
|---|---|
| Learn | Read the full CNN report and SC Media breakdown |
| Practice | Set up canary tokens on your own system — it takes 10 minutes |
| Audit | Check your own VPN setup with Nmap |
| Monitor | Follow the story on r/netsec and r/cybersecurity for updates |
| Build | Pick ONE hustle above and start before the news cycle moves on |
Quick Hits
| Want To… | Do This |
|---|---|
 Understand the breach |
Read the eSecurity Planet deep-dive |
| Check your own VPN |
Run Nmap scans on your VPN endpoints today |
| Learn threat intel |
Start with AlienVault OTX — it’s free |
 Start a security side gig |
Deploy canary tokens for local businesses |
 Stay updated |
Watch r/netsec — this story is still developing |
someone hacked a supercomputer with a VPN password and a little patience. sleep tight knowing your company probably uses the same VPN software.
!