U.S. hacked China 10,000 times, stole 140GB of critical data: Report
Updated 18:49, 05-Sep-2022
The U.S. National Security Agency conducted over 10,000 malicious cyberattacks on China in recent years, a report said on Monday. /CFP

The U.S. National Security Agency conducted over 10,000 malicious cyberattacks on China in recent years, a report said on Monday. /CFP

The U.S. National Security Agency (NSA) conducted over 10,000 cyberattacks against China in recent years and is suspected to have stolen 140 gigabytes of valuable data, according to a joint investigation report released on Monday by China's National Computer Virus Emergency Response Center (CVERC) and internet security company Qihoo 360 Technology Co. Ltd.

The investigation was launched after Northwestern Polytechnical University (NPU), a leading Chinese university in aviation, reported being hacked in April. The investigators have traced the cyberattacks back to the Office of Tailored Access Operations (TAO) of the NSA.

"NPU was targeted because many top-level talents in the country work there," Jin Qi, deputy head of the local police bureau, told China Media Group (CMG). "Many national-level research projects were conducted there."

A total of 13 people were found to have directly launched the cyberattacks, with more than 60 contracts signed to cover the malicious activities.

"They first scout the network," said Bian Liang, a network security expert at Qihoo 360. "Then they create customized tools to target the specific network."

The hackers used 41 tools to breach the firewalls, plant remote-controlled backdoors, steal critical data and erase the traces of doing so.

"There are four steps in their attack," said Du Zhenhua, senior engineer at the CVERC. "Break in, establish long-term control, keep stealing data and after everything's done, clear the scene."

They also tried to hide their real location and identity using so-called "jump servers." A total of 54 jump servers were traced by the investigators, which are spread in 17 countries like Japan, South Korea, Sweden, Poland and Ukraine.

The IP addresses used to control the jump servers are 209.59.36.*, 69.165.54.*, 207.195.240.* and 209.118.143.*.

Some of the jump servers were "zombie computers" hacked by the NSA without the knowledge of the owners. The hackers mostly target two "zero-day" vulnerabilities in the Solaris operating system developed by Sun Microsystems, which is now a part of U.S. tech giant Oracle Corporation.

The NSA tried to hide their identity by buying assets anonymously or through dummy companies like Jackson Smith Consultants and Mueller Diversified Systems. But investigators managed to trace their real identity.

"As long as we can sense the attacks," said Zhou Hongyi, founder of Qihoo 360. "We can clear them up, trace the origin and patch the loopholes."

The investigators said they will reveal more details of U.S. hacking and spying technologies in the future.

China's Ministry of Foreign Affairs has responded to the findings. Spokesperson Mao Ning told reporters that China strongly condemns such activities, adding that the U.S. side should stop the cyberattacks immediately.

"China wishes to work with the international community to keep the network safe," she said during a routine press briefing on Monday.

(Cao Qingqing contributed to the story.)

Search Trends