Recently, Northwestern Polytechnical University was attacked by overseas cyber attacks to attract attention from all parties. According to a report released by the National Computer Virus Emergency Response Center , the mastermind comes from the National Security Agency "Office of Specific Invasion Operations". What kind of institution is this? What are the secrets of the "national hacker" in the United States? This special report is here to uncover the dark side of cyber attack warfare.
Northwest Polytechnical University is a key university engaged in aviation, aerospace, and nautical engineering education and scientific research in my country. In , Xi'an University of Technology Chang'an Campus, there is a huge sculpture: a pair of hands holding a sword and a head that is deeply lowered.
"Forging a sword for the country, hiding his name" is the spirit of Xi'an University of Technology . On June 22, the University of Technology of China issued a public statement saying that recently, the school’s email system has been attacked by cyber attacks initiated by overseas hacker organizations and criminals.
Deputy Director of the Information Construction and Management Office of Northwest Polytechnical University: Recently, our school system discovered Trojan programs and attempted to illegally obtain permissions, which has caused major risks and hidden dangers to the normal work and living order of our school.
Tens of thousands of attacks stole 140GB of data
"The mastermind behind the scenes" finally appeared
September 5, the National Computer Virus Emergency Response Center issued an investigation report on Northwestern Polytechnical University's overseas cyber attacks, locking the mastermind behind it as the "Special Invasion Operations Office (TAO)" under the National Security Agency.
TAO has successively used 41 exclusive cyber attack weapons of the US National Security Agency and launched thousands of attacks and stealing secrets against Western Technology University.
Harvard Kennedy School security technician Bruce Schnell : The NSA has a series of James Bond tools that can hack specific computers and obtain specific data. There is a department called the Office of Specific Invasion Operations (TAO), whose job is to steal valuable secret intelligence, their basic operation is to invade the system, and they have huge budgets that no other hackers have.
TAO was founded around 1998. It is headquartered in the National Security Agency headquarters building in Fort Meade, Maryland. It has more than 2,000 employees, including military and civilian computer hackers, intelligence analysts, computer hardware and software designers , electrical engineers , etc., as well as personnel seconded from the CIA and FBI .
American cybersecurity researcher Chris Sohoan: If you want to knock back a helicopter and shoot someone else’s head, you can join the special forces. Similarly, if you want to legally invade the system, the only player is the (US) government. If you choose another path of life, you may be a criminal, a stalker, and a bad guy, but when you go to NSA , you have the packaging for doing things for the public.
TAO: specializes in foreign intelligence and manufactures cyber weapons
In the headquarters building of the National Security Bureau , TAO is another more special existence. The work area is separated from other departments, a steel door is guarded by armed guards and can only be accessed by entering a password and scanning through retina, even for many NSA employees, TAO is a mystery.
According to the US Foreign Policy magazine, everything about TAO is listed as the "top secret", and few NSA officials can fully obtain access to TAO information.
TAO's mission is mainly to identify, monitor, infiltrate and collect intelligence in computer systems in other countries by secretly invading foreign targets' computers and telecommunications systems, cracking passwords, and destroying security systems.
German "Spiegel" Weekly Investigative Reporter Schindler: You can call them (TAO) experienced plumbers of the National Security Bureau, who can enter various pipes, and their job is to get what others cannot get (intelligence).
Former senior National Security Agency official Thomas Drake: Who cares about the Constitution, who cares about the law, who cares about the human rights in the United States. The slogan is to get data and collect everything so that we can understand everything.
American cybersecurity expert Nick Lewis bluntly stated that TAO is a hacker organization in terms of the goals and means of action. There is a saying within the NSA, "If you want to get promotion or recognition, find a way to transfer to TAO as soon as possible."
Former senior NSA official John Harbour: When I was inside the agency, I once led a team of 8 people, which specializes in solving the most challenging network problems. There are all kinds of people in the team. If you are responsible for the network part, you have to deal with all these things. For example, the leader will come over and say, we have a national event, and I need you to solve it within the next 12 hours.
According to the latest report released by my country's National Computer Virus Emergency Center on September 13, the types of tools used by TAO in the attack activities of Xi'an University of Technology can be divided into four categories: vulnerability attack breakthrough weapons, which carry out attack breakthroughs on Xi'an University of Technology's border network equipment, gateway servers, office intranet hosts, etc.; persistent control weapons, which provide hidden and persistent control of Xi'an University of Technology's network; sniffing weapons to sniff the account passwords, command line operation records used by Xi'an University of Technology staff when operating and maintaining the network, steal sensitive information and operation and maintenance data, etc.; concealing traces of weapons to eliminate their behavior within the Xi'an University of Technology network, and hide and conceal their malicious operations and stealing behaviors.
In order to cover up the real IP, TAO uses 49 springboard machines and 5 proxy servers distributed in 17 countries including Japan, South Korea, Sweden , Poland , Ukraine, etc. All IPs belong to non-" Five Eyes Alliance " countries.
National Computer Virus Emergency Response Center Senior Engineer Du Zhenhua: With these springboard machines, TAO can hide behind these springboard machines to carry out network attacks to achieve the effect of killing people with a knife.
analysis report points out that a sniffing and stealing weapon called "Drinking Tea" is one of the most direct "culprits" that have caused the theft of a large amount of sensitive data. "Diancha" contains components such as "verification module", "decryption module", "decoding module", "configuration module", and "spy module". Its main function is to steal remote access accounts and passwords on the target host.
TAO implanted "drinking tea" into the internal network server of Xi'an University of Technology, stealing the login password of remote management and remote file transfer services such as SSH (Secure Shell Protocol), and thus obtaining access rights to other servers in the intranet.
National Computer Virus Emergency Response Center report shows that in recent years, the National Security Agency's TAO has carried out tens of thousands of malicious cyber attacks on China's domestic network targets, controlled tens of thousands of network devices, and stole more than 140GB of high-value data.
China Foreign Ministry Cyber Affairs Coordinator Wang Lei: The United States has not abide by any international rules in cyberspace and has completely abandoned the bilateral cybersecurity agreement reached by China and the United States in 2015. It can be said that the existing consensus between China and the United States in the field of the Internet has undergone subversive changes.
The US National Security Agency launched a large-scale cyber attack on a global scale, which is inseparable from the support of a huge and complex cyber weapon platform. TAO is also an important cyber weapon maker.
British Investigative Reporter Gallagher: TAO is doing the most radical work of the NSA. The traditional eavesdropping method is wired and eavesdropping on the phone line. We call it passive surveillance. Now it has actually given way to the so-called active surveillance, which is attack and invade the system.
There are clues that some American Internet giants will provide special backdoors and vulnerabilities to the NSA, and most of the cyber weapons developed have been handed over to the United States and other "Five Eyes Alliance" countries for use.
Former employee of the National Security Agency contracting company, , which exposed the "Prism Project", Snowden , once released a "top secret" document confirming that in May 2010, TAO successfully invaded the key email server of the Mexican president's domain name and entered the email address of then-Mexican President Felipe Calderon. The email domain is also used by Mexican government officials and includes diplomacy, economic information, and communications between leaders.
Snowden also revealed that in 2013, British intelligence agencies successfully invaded the computers of Belgacom's employee computers, and it is believed that they also received technical support from TAO.
German hacker Guanieri: What is the legal target? The NSA ultimately only needs to be responsible to the U.S. government. They do not respect any foreign institutions. Therefore, they snoop on United Nations Children's Fund . They snoop on foreign governments, snoop on private companies, sitting for energy companies. What makes them think they are legally attacking certain targets and organizations, we don't know.
According to the US Foreign Policy magazine, in addition to research and development and stealing secrets, TAO has another responsibility, which is to accept the president's orders and collect intelligence to destroy or even destroy foreign computers and telecommunications systems through cyber attacks.
"Shock Network": Use virus to attack key facilities in other countries
In 2010, a worm virus called "Shock Network" (Stuxnet) attacked the nuclear facility of Iran using system security vulnerabilities. At Iran's Natanz uranium enrichment base, at least one-fifth of centrifuge was damaged due to infection with the "Shock Net".
Symantec Internet Security technician Eric Qian: Natanz 's centrifuge usually operates at 1000 Hz, and the virus can accelerate the centrifuge to 1400 Hz. When running at speed, the centrifuge vibrates out of control and then crushes, and crushes aluminum pieces in the room fly around, which may have a domino effect. The centrifuges turn over one after another, and uranium gas leaks everywhere.
"Shock Network" is regarded as the world's first online weapon to be put into actual combat, and there is no conclusion yet behind the "Shock Network" virus . David Sanger, a senior national security reporter from The New York Times , once speculated in the report that the "Shock Network" was jointly developed by the National Security Agency and Israeli intelligence agencies. As part of a top-secret project code-named the "Olympic Games", the goal of the project is to "use cyber weapons to block the Iranian uranium enrichment process."
National Security Reporter David Sanger: When President Obama met his ex-Handle George Bush as usual, Bush told him that there are two plans that must be preserved, one is the drone program and the other is the "Olympics" program, which is the plan to deal with Iran.
However, the U.S. government has admitted to developing cyber weapons, but has never admitted to using them. Former NSA Director Keith Alexander once told reporters that he had never heard of "Shock Net" or "Olympics". Former U.S. National Intelligence Director James Clapper also refused to disclose relevant information to reporters.
However, some people accidentally said that they missed it.
Former CIA Director Michael Hayden: As the head of the CIA, it is definitely a good thing for people like me to destroy 1,000 centrifuges from Natanz.
Senior researcher at the Hoover Institute of Stanford University Amy Zegat: Attacking Iran with earthquake virus is the first time that a great power has used powerful cyber weapons in an extremely aggressive way.
"Shocknet" virus is an important reason why it is attacking " zero-day vulnerability ".
"zero-day vulnerability" refers to a security vulnerability that has not been developed yet or has not been disclosed. Usually, the vulnerability will be widely known and software manufacturers can start making patches after an attacker launches an attack. The attacker can take advantage of this time difference and cause huge damage. Because of this, the "zero-day loophole" has become a hot commodity in the online black market.
In 2015, Reuters pointed out in a report that the US government is the largest buyer of the "zero-day loophole".
Reporter: Who should the US government use zero-day vulnerability to attack?
US cybersecurity researcher Chris Sohoan: It depends on the situation. For the US National Security Agency, it may attack foreign leaders or foreign companies.
"Hunting for the Front": The United States admitted to launching multiple cyber attacks to "support" Ukraine
In June this year, Paul Miki Nakasone, commander of the US Cyber Command and director of the National Security Agency, publicly admitted that after the outbreak of the Russian-Ukrainian conflict, the United States launched an offensive cyber campaign against Russia to "hunting for the Front".
"hunt forward" is one of the concepts of "cyber warfare" proposed by the United States and was deployed in 2018. It refers to the active attack by sending elite cyber warfare forces overseas, taking the form of active pursuit, discovering and identifying opponents' cyber actions, and conducting active attacks.
Former US Secretary of State Hillary Clinton: That's what we did during the Arab Spring. At that time, I was Secretary of State, and I think we could also attack the network of (Russian) government agencies.
Impressively, while the United States frequently launches cyber attacks on the outside world, it claims to be a "cybersecurity guard" and often labels other countries as "cybersecurity threats".
From the end of June to early July 2020, Russia held a referendum on constitutional amendment. The website of the Russian Central Election Commission was subject to fierce cyber attacks from the United States and its allies.
Vladimir Shin, deputy director of the International Information Security Bureau of the Russian Ministry of Foreign Affairs: At that time, the official website of the Russian Constitution 2020 was visited 240,000 times per second. These attacks came from the United States, Germany, the United Kingdom and Ukraine. Two weeks after the constitutional amendment referendum, then-U.S. President Trump publicly admitted that he approved a cyber attack on the Russian Internet Institute as early as 2018. Russian military expert Leokov pointed out that from the turbulent situation in Venezuela in 2019 to the Belarus riots in 2020, there are also behind the scenes of US cyber force . Who is
frequently conducting cyber attacks and stealing secrets around the world, and who opened the magic box of cyber warfare? The answer is self-evident.
The United States regards cyberspace as a new position in geopolitical games, trying to maintain its hegemony through attacks and stealing secrets, brutally destroying the global cyber governance system, posing a threat to global cybersecurity. It is a veritable "Matrix" and "secret empire". Faced with American cyber hegemony, more and more countries have recognized their essence and work together to build community with a shared future in cyberspace , which is gradually becoming a global consensus.
(Source: CCTV News)
