By Staff Writer
The National Security Agency (NSA) and its cyber-warfare intelligence-gathering unit, the Office of Tailored Access Operations (TAO), are accused by China of a series of cyber-attacks on Xi’an’s Northwestern Polytechnical University, a university the US says conducts extensive military research.
China’s National Computer Virus Emergency Response Center (VERC) has issued a report detailing the cyber-attack earlier this year that they say was one of tens of thousands of “malicious network attacks” the US intelligence agency conducted against Chinese targets, stealing over 140GB of high-value data in the process.
The report followed a long-running investigation by VERC and Qihoo 360 Technology Co, a Beijing-based commercial security provider.
“TAO continues to expand the scope and scope of cyber-attacks by leveraging its cyber-attack weapon platform, zero-day vulnerabilities, and the network devices it controls,” says the statement. The NSA declined to comment to MySecurityMedia on the matter.
Referring to the alleged attacks on the university, VERC says TAO used more than 40 different NSA-specific cyberattack weapons to steal key network equipment configuration, network management data, operation and maintenance data and other core technological data.
“Through forensic analysis, the technical team found that the attacker penetrated more than 1,100 attack links and operated more than 90 instruction sequences inside Northwestern Polytechnical University, and located several stolen network devices from the intruded network equipment.”
The public research university specialises in aeronautical, astronautical and marine engineering research and works closely with China’s defence industry. The US government says the university is involved in the development of unmanned aerial vehicles, autonomous underwater vehicles and missile proliferation projects.
“Since 2001, the U.S. Department of Commerce has designated NWPU on its Entity List for national security reasons,” said a Department of Justice statement.
VERC says TAO conducted a long period of preparation before starting operations, mainly building anonymized attack infrastructure, to cover its attack operations. The Chinese cyber-agency says TAO used two zero-day vulnerability exploiting tools for the SunOS operating system which it mastered, and selected servers with a lot of network application traffic.
“China strongly condemns this and asks the US side to offer an explanation and immediately stop its unlawful moves,” says Foreign Ministry spokesperson Mao Ning. “As the country that possesses the most powerful cyber technologies and capabilities, the United States should immediately stop using its prowess as an advantage to conduct theft and attacks against other countries.”
China-originated cyber-attacks on entities located in the US and elsewhere have long been a source of friction between the US and Chinese governments.
The US often accuses China of directly and indirectly sponsoring malicious cyber-attacks. More recently, China has reversed the trend and started to level accusations against the US.
The US has never denied its grey zone cyber-activity, saying it mostly occurs for national security reasons, whereas Chinese cyber-attacks are primarily concerned with industrial espionage and intellectual property theft.
VERC says their report confirms the “truth” that the NSA has long conducted cyber-attacks against Chinese information network users and important Chinese entities. They add that further technical details concerning the Northwestern Polytechnical University cyber-attack will be released in due course.
