The blame game: Is the US cyber snooping on China — or vice versa?
- The US National Security Agency’s Office of Tailored Access Operations allegedly carried out the attacks on Northwestern Polytechnical University in China.
- The NSA apparently conducted more than 10,000 “vicious” cyberattacks on Chinese targets in recent years, collecting more than 140 gigabytes of data.
- The US, with its long history of cyberespionage, has also been blaming China for doing the same.
When it comes to cyberespionage, the United States (US) has had a long history — mainly because it was the world’s pre-eminent cyberpower, long before China was. However, since the late 1990s, China has been increasing its economic, technological and military capabilities to become a leader in cyberwarfare. Its decade-long quest has resulted in new tools and tactics that have rapidly become more sophisticated and ambitious, and that has eventually turned them into a cybersuperpower.
In short, over the years, China has transformed itself into the prime cyberthreat to the US, and as that happened, the West began naming and shaming China for an onslaught of cyberespionage. Beijing and Washington are still engaged in an increasingly testy war of words over cyberspying, and now China is becoming more direct and vocal, naming American government agencies in its accusations of cyberespionage.
In the latest round of the blame game, China is accusing the US’ National Security Agency (NSA) of hacking into the email system of a university in Northwest China’s Shaanxi Province – well-known for its aviation, aerospace and navigation studies. The matter even reached the Chinese Foreign Ministry, which responded to the issue at Monday’s press briefing, saying that China has lodged a strong protest to the US over the NSA’s attack and demanded an explanation for it.
China’s National Computer Virus Emergency Response Center released a statement that said a team from the center and 360 Security Technology Inc. had analyzed the university’s information systems after an attack from overseas was reported in June. On June 22, Northwestern Polytechnical University announced that hackers from abroad were caught sending phishing emails with trojan horse programs to teachers and students at the university, attempting to steal their data and personal information.
The following day, a police statement released by the Beilin Public Security Bureau in Xi’an said that the attack attempted to lure teachers and students into clicking links of phishing emails with trojan horse programs, with themes involving scientific evaluation, thesis defense and information on foreign travel, so as to obtain their email login details.
Therefore, as an attempt to look into the attack, China’s National Computer Virus Emergency Response Center and 360 jointly formed a technical team to conduct a comprehensive technical analysis of the case. According to Global Times, “By extracting many trojan samples from internet terminals of Northwestern Polytechnical University, under the support of European and South Asian partners, the technical team initially identified that the cyberattack to the university was conducted by the Tailored Access Operations (TAO) (Code S32) under the Data Reconnaissance Bureau (Code S3) of the Information Department (Code S) of US’ NSA.”
For context, TAO is the largest and most important part of the intelligence division of the NSA. Founded in 1998, the main responsibility of TAO is to use the internet to secretly access insider information of its competitors, including secretly invading target countries’ key information infrastructure to steal account codes, break or destroy computer security systems, monitor network traffic, invade privacy, steal sensitive data, and gain access to phone calls, emails, network communications and messages.
More than just an incident — US via TAO has done more to China
Interestingly, the investigation also found that in recent years, TAO has conducted tens of thousands of malicious attacks against targets in China, controlling large numbers of network devices to steal more than 140 GB of data. Aiming at Northwestern Polytechnical University, TAO used 41 types of weapon to steal core technology data, including key network equipment configuration, network management data, and core operational data.
The technical team, according to the Global Times, discovered more than 1,100 attack links inside the university and more than 90 operating instruction sequences, which stole multiple network device configuration files, and other types of logs and key files.
China vs US: Tit for Tat
Over the years, various institutes and state-affiliated bodies in the US have also exposed China’s cyberespionage activities, both towards them and in other countries. In fact, Bureau of Investigation Director Christopher Wray warned Western companies in July that China aimed to “ransack” their intellectual property so that it can eventually dominate key industries.
Both countries have previously agreed not to condone cybertheft of intellectual property or trade secrets during Chinese President Xi Jinping’s state visit to Washington in 2015. Mandiant, a US-based cybersecurity firm, has released multiple reports detailing cyberattacks by China in the US. Even the US Cybersecurity and Infrastructure Security Agency (CISA) publishes reports on “Chinese Malicious Cyber Activity.” The US also holds publicly broadcasted testimony sessions exploring China’s cyber activities and threats.
One thing seems clear – cyberspying is by no means a one-way affair with these two great powers, despite a great deal of PR effort by each to portray themselves as the more aggrieved and spied-against party. Despite political and cultural differences feeding into the ongoing tension between the two superpowers, there is no moral high ground left to claim in the cyber-wars.
3 February 2023
3 February 2023