US behind thousands of cyber attacks on Chinese university

119
2
US behind thousands of cyber attacks on Chinese university

A sign for the National Security Agency NSA US Cyber Command and Central Security Service is seen near the entrance to the headquarters of the National Security Agency NSA in Fort Meade, Maryland, February 14, 2018. SAUL LOEB AFP BEIJING -- China released a new investigation report on Tuesday, which said further evidence has been found to show that the US National Security Agency NSA is behind thousands of cyber attacks on a Chinese university.

Chinese experts were able to retrace the technical features and attack weapons used in the cyber attack against China's Northwestern Polytechnical University with the help of technical support from a number of European and Southeast Asian countries, according to a report published by China's National Computer Viruses Emergency Response Center in collaboration with Internet security company 360.

The report showed that the attacks originated from the Office of Tailored Access Operation TAO, which exposed its own technical loopholes and operational missteps during the attack.

The TAO has used 41 types of cyber weapons in the recently exposed cyber attacks against the university, according to a probe.

16 of the 41 types of cyber attack tools are identical to the TAO's weapons that have been exposed by Shadow Brokers, and 23 share a 97 percent genetic similarity with those deployed by TAO, according to the report.

The report added that the homology of the weapons suggests that they belong to TAO, and that the remaining two types need to be used in conjunction with other cyber attack weapons of TAO.

Technical analysis found that the cyber attackers' working time, language and behavior habits, and operation miss have also exposed their links to the TAO.

The report detailed the process of TAO infiltration into the Chinese university's internal network. TAO first used FoxAcid, a man-in-the-middle attack platform, to hack into the university's internal host computer and servers, and then gain control over several key servers with remote control weapons. It then controlled some important network node equipment, including the university's internal routers and switches, and stole authentication data.

TAO stole several key configuration files of network equipment that were used to monitor a lot of network equipment and internet users, which were stolen from the university's operations and maintenance servers.

The Chinese investigation team found that the TAO collected personal information of some people with sensitive identity on the Chinese mainland. The information was sent via multiple jump servers back to the NSA's headquarters.

The true identities of 13 attackers have been found out, according to the report.

The report, which revealed details of the US cyber attacks against the Chinese university, was released to teach countries across the world how to identify and prevent cyber attacks by the TAO.