BEIJING: The U.S. National Security Agency (NSA) conducted over 10,000 cyberattacks against China in recent years and is suspected to have stolen 140 gigabytes of valuable data, according to a joint investigation report released on Monday by China’s National Computer Virus Emergency Response Center (CVERC) and internet security company Qihoo 360 Technology Co. Ltd.
The investigation was launched after Northwestern Polytechnical University (NPU), a leading Chinese university in aviation, reported being hacked in April. The investigators have traced the cyberattacks back to the Office of Tailored Access Operations (TAO) of the NSA.
“NPU was targeted because many top-level talents in the country work there,” Jin Qi, deputy head of the local police bureau, told China Media Group (CMG). “Many national-level research projects were conducted there.”
A total of 13 people were found to have directly launched the cyberattacks, with more than 60 contracts signed to cover the malicious activities.
“They first scout the network,” said Bian Liang, a network security expert at Qihoo 360. “Then they create customized tools to target the specific network.”
The hackers used 41 tools to breach the firewalls, plant remote-controlled backdoors, steal critical data and erase the traces of doing so.
“There are four steps in their attack,” said Du Zhenhua, senior engineer at the CVERC. “Break in, establish long-term control, keep stealing data and after everything’s done, clear the scene.”
They also tried to hide their real location and identity using so-called “jump servers.” A total of 54 jump servers were traced by the investigators, which are spread in 17 countries like Japan, South Korea, Sweden, Poland and Ukraine. The IP addresses used to control the jump servers are 209.59.36.*, 69.165.54.*, 207.195.240.* and 209.118.143.*.
Some of the jump servers were “zombie computers” hacked by the NSA without the knowledge of the owners. The hackers mostly target two “zero-day” vulnerabilities in the Solaris operating system developed by Sun Microsystems, which is now a part of U.S. tech giant Oracle Corporation.
–The Daily Mail-CGTN news exchange item
