As Cybersecurity Week begins, Beijing claims US attacked Uni doing military research
National Security Agency apparently has tools that crack Solaris boxes
China has accused the United States of a savage cyber attack on a university famed for conducting aerospace research and linked to China's military.
The National Computer Virus Emergency Response Centre (NCVERC) made its accusation on September 5, claiming that the Office of Tailored Access Operations at the USA's National Security Agency (NSA) has unleashed over 10,000 attacks in China, some using zero-day exploits, and lifted 140GB of "high value data".
A June attack on Northwestern Polytechnical University is said to have seen the NSA deploy over 40 cyber weapons to learn details of the educational institution's network and computing infrastructure. NCVERC assets that attackers sniffed passwords, read log files, and relentlessly probed the University in the hope of lifting useful data. Thousands of devices were hijacked, the organization asserts.
As the University long ago absorbed People's Liberation Army Military Engineering Institute, and is home to aerospace research, China suggests the US sought strategic info.
Chinese 'Aoqin Dragon' gang runs undetected ten-year espionage spreeREAD MORE
NCVERC alleges the NSA used tools that target both x86 and Sun Solaris environments using SPARC silicon and stated that attacks have occurred for "a long time". The agency has promised to reveal more details real soon now.
On the same day that NCVCERC announced it had detected the attack, Chinese journalists asked about it in the daily press conference staged by Foreign Ministry.
The daily event is famous for featuring blunt rhetoric, and seldom departing from topics that allow officials to deliver it. China makes sure the world can hear that rhetoric by publishing transcripts of the event in several languages.
Monday's event was notable for featuring a new spokesperson: former diplomat Mao Ning.
While the press conference had a new person up front, the tone remained the same: Mao strongly criticized the NSA's alleged actions.
- Ex-NSA trio who spied on Americans for UAE now banned from arms exports
- NATO investigates after criminals claim to be selling its stolen missile plans
- Don't ditch PowerShell to improve security, say infosec agencies from UK, US, and NZ
"The US's behavior poses a serious danger to China's national security and citizens' personal information security," she said. "As the country that possesses the most powerful cyber technologies and capabilities, the US should immediately stop using its prowess as an advantage to conduct theft and attacks against other countries, responsibly participate in global cyber space governance and play a constructive role in defending cyber security."
The next question came from the China News Service, and asked "What measures will China take to better protect its cyber security?"
Mao's response was to mention China's many efforts to improve its security, among them education of its citizens including – as luck would have it – an annual Cybersecurity Week that commenced on the very same day that the NCVERC detailed the attack on the University!
What are the chances of that coincidence happening?
The US and China signed a no hack pact in 2015, but that document is widely thought not to be worth the paper on which it was printed. The FBI rates China as the worst cyber threat faced by the US and claims to open an investigation into Beijing-driven attacks every twelve hours – adding to the 2,000 such incidents it was already probing as of February 2022.
In July 2022, the FBI joined with UK intelligence agency MI5 to assert that China conducts a "coordinated campaign on a grand scale" to steal secrets from the US and the UK.
There is doubtless some truth in China's claims that the US uses information warfare to seek valuable information. But such activities are surely to be expected as just another tool of modern tradecraft, rather than an example of escalated belligerence.
That fact does not, however, give any government anywhere a good way to kick off a Cybersecurity Week. ®