Chinese researchers allege NSA infiltrated local telecoms network and a government backed university, and exported “sensitive identity” data
Chinese researchers have this week added to the allegations made last week against the US National Security Agency, when local media accused the US intelligence agency of infiltrating the country’s telecoms network.
The media reports last week claimed that the NSA had used a phishing attack (a hacking technique where a malicious link is embedded in an email) in order to gain access to the government funded Northwestern Polytechnical University. More details of the attack were promised to be revealed.
Now extra details have been released by Chinese researchers in a report published on Tuesday, which detailed for the first time how the NSA allegedly carried out its attack, CNBC reported.
Tuesday’s report from China’s National Computer Virus Emergency Response Center and cybersecurity company 360 (also based in China), laid out the specific ways the alleged attack was carried out.
The report, published in the state-backed People’s Daily newspaper, claimed the NSA began with a man-in-the-middle attack on the Northwestern Polytechnical University (where a hacker intercepts digital communication between two parties).
According to the report the NSA was then able to access the university’s network, CNBC reported, and obtain the credentials of people who worked there, which allowed the agency to further penetrate the systems.
When in the network, the NSA was able to gain further access to sensitive data, eventually remotely accessing the core data network of a telecommunication infrastructure operator, the report claimed.
As part of the attack, the NSA was able to get access to the data of people in China who have “sensitive identities”, and send that information back to the agency’s headquarters in the US, the report alleged.
The NSA was not immediately available for comment when contacted by CNBC.
The report also cited a number of reasons why the attack was being attributed to the NSA.
Of the various hacking tools used, 16 of them were apparently identical to ones that were dumped online starting in 2016 by a group called the Shadow Brokers, which managed to get access to some of the NSA’s techniques and methods.
In November 2016 hacker collective Shadow Brokers had also dumped online a list of vulnerable Sun Solaris and Linux servers that were used by the allegedly NSA-linked Equation Group cyber criminal gang.
According to the Chinese researchers, the NSA hackers also carried out attacks during US working hours and stopped during public holidays such as Memorial Day, the report claimed.
The report also said that the attackers used American English, the devices associated with the hackers had an English-language operating system and they used an American keyboard for input.
The alleged NSA attack comes after decades of the US and other western nations being subjected to nation-state cyberattacks, many of which have been blamed on China.
In July this year, the heads of the FBI and MI5 in a historic joint meeting in London, warned business leaders that the Chinese government was set on stealing their technology for competitive gain.
The unprecedented speech by the leaders of both the US and UK domestic security services, came after years of concern about China’s cyber activities.
The FBI director told the audience the Chinese government was “set on stealing your technology, whatever it is that makes your industry tick, and using it to undercut your business and dominate your market”.
China has always denied accusations of hacking western targets, even when in 2011 chief research officer Mikko Hyppönen at F-Secure spotted in a Chinese military TV documentary, footage of Chinese military systems actively hacking a US target.
Chinese authorities quickly removed the offending video footage, but it had already been saved by F-Secure.
China in turn has for the past few years, alleged the US of carrying out cyberattacks against it, but has not been specific about particular attacks.
Beijing has been more vocal in attributing particular attacks to the US of late – in a ramping up of tensions between the two nations in the cyber sphere.