Share This

Showing posts with label Tailored Access Operations (TAO). Show all posts
Showing posts with label Tailored Access Operations (TAO). Show all posts

Tuesday 6 September 2022

Exclusive: Evidence shows US’ NSA behind attack on email system of Chinese leading aviation university

 

U.S. is True Empire of Hacking, Surveillance, Theft of Secrets

 

The US: Empire of Hacking, Surveillance and Theft of Secrets.


As a hacking empire, the US disguises itself as a hacking victim


The email system of a university in Northwest China's Shaanxi Province - well-known for its aviation, aerospace and navigation studies - was found to have been attacked by the US' National Security Agency (NSA), the Global Times learned from a source on Monday.

The Chinese Foreign Ministry responded to the issue at Monday's press briefing, saying that China has lodged a strong protest to the US over NSA's attack and demanded an explanation for it.

On June 22, Northwestern Polytechnical University announced that hackers from abroad were caught sending phishing emails with Trojan horse programs to teachers and students at the university, attempting to steal their data and personal information.

A police statement released by the Beilin Public Security Bureau in Xi'an the next day said that the attack attempted to lure teachers and students into clicking links of phishing emails with Trojan horse programs, with themes involving scientific evaluation, thesis defense and information on foreign travel, so as to obtain their email login details.

To probe into the attack, China's National Computer Virus Emergency Response Center and internet security company 360 jointly formed a technical team to conduct a comprehensive technical analysis of the case.

By extracting many trojans samples from internet terminals of Northwestern Polytechnical University, under the support of European and South Asian partners, the technical team initially identified that the cyberattack to the university was conducted by the Tailored Access Operations (TAO) (Code S32) under the Data Reconnaissance Bureau (Code S3) of the Information Department (Code S) of US' NSA.


TAO is the largest and most important part of the intelligence division of the NSA. Founded in 1998, the main responsibility of TAO is to use the internet to secretly access to insider information of its competitors, including secretly invading target countries' key information infrastructure to steal account codes, break or destroy computer security systems, monitor network traffic, invade privacy and steal sensitive data, and gain access to phone calls, emails, network communications and messages.

The various departments of TAO are composed of more than 1,000 active military personnel, network hackers, intelligence analysts, academics, computer hardware and software designers, and electronics engineers. The entire organizational structure consists of one "center" and four "divisions."

The Global Times learned from the source that the attack was code-named "shotXXXX" by the NSA. Directly involved in the command and action mainly includes the head of TAO, remote operations center (mainly responsible for operational weapons platforms and tools to enter and control target system or network) and infrastructure task division (mainly responsible for development and build a network infrastructure and security monitoring platform for attacks)

In addition, four other divisions were also involved in the operation: the advanced/access network technology division, the data network technology division, and the telecommunications network technology division, which provided technical support, and the requirements and location division, which determined the attack strategy and intelligence assessment.

The Global Times learned from the source that at that time, TAO was headed by Rob Joyce. Born September 13, 1967, he attended Hannibal High School and graduated from Clarkson University with a bachelor's degree in 1989 and Johns Hopkins University with a master's degree in 1993. He joined the NSA in 1989 and served as Deputy Director of TAO from 2013 to 2017. He began serving as Acting US Homeland Security Advisor in October 2017. From April to May 2018, he served as the State Security Advisor to the White House, and then returned to the NSA as the Senior Advisor to the Director of Cybersecurity Strategy of the NSA. He now serves as the Director of Cybersecurity.

The investigation also found that in recent years, TAO has conducted tens of thousands malicious attacks against targets in China, controlling large numbers of network devices (web server, internet terminals, network switches, telephone switches, routers, firewalls, and etc.) to steal a high value of more than 140 GB of data.

Technical analysis also found that TAO had acquired the management authority of a large number of communication network equipment in China with the cooperation of several large and well-known internet enterprises in the US before the attack began, which made it easy for the NSA to continuously invade the important information network in China.

Aiming at Northwestern Polytechnical University, TAO used 41 types of weapons to steal the core technology data including key network equipment configuration, network management data, and core operational data. The technical team discovered more than 1,100 attack links infiltrated inside the university and more than 90 operating instruction sequences, which stole multiple network device configuration files, and other types of logs and key files, the source said.

It was found that 13 people from the US were directly involved in the attack and more than 60 contracts and 170 electronic documents that the NSA signed with American telecom operators through a cover company to build an environment for cyberattacks, according to the source.

The Global Times also learned from the source that TAO has used 54 jumpers and proxy servers in the network attack against Northwestern Polytechnical University, which were mainly distributed in 17 countries such as Japan, South Korea, Sweden, Poland and Ukraine, 70 percent of which are located in the countries surrounding China, such as Japan and South Korea.

Apart from the cyberattack, the US has also conducted surveillance of Chinese mobile users, illegally stealing their text messages and wirelessly locating them, which seriously endangered China's national security and violated the personal data security of its nationals, Chinese Foreign Ministry spokesperson Mao Ning said on Monday, urging the US to immediately stop its wrongdoings.

"What I want to stress it that, cyberspace security is a common problem faced by all countries worldwide. The US, with the world's most powerful cyber technology, should refrain from using such advantages to steal secrets from other countries, and should instead participate in global cyberspace governance in a responsible manner, and play a constructive role in maintaining cybersecurity," Mao said.

For a long time, the NSA has been carrying out secret hacking activities against China's leading enterprises in various industries, governments, universities, medical institutions, scientific research institutions and even important information infrastructure operation and maintenance units related to the national economy and people's livelihood.

A latest cybersecurity report released by Anzer, a cybersecurity information platform, on June 13 showed that the US military and government cyber agencies have remotely stolen more than 97 billion pieces of global internet data and 124 billion phone records in the last 30 days, which are becoming a major source of intelligence for the US and other "Five Eyes" countries.

a new vulnerability attack weapon platform deployed by the NSA, which experts believe is the main equipment of TAO, and it targets the world with a focus on China and Russia. The US' move raised wide suspicions that the country might be preparing for a bigger cyberwar, experts noted. 

 
 
RELATED ARTICLES

Thursday 16 June 2022

Exclusive: Report reveals how US spy agencies stole 97b global internet data, 124b phone records in just 30 days

 

Photo: headquarter of NSA in Maryland

 

The US military and government cyber agencies have remotely stolen more than 97 billion pieces of global internet data and 124 billion phone records in the last 30 days, which are becoming a major source of intelligence for the US and other "Five Eyes" countries, a latest cybersecurity report showed.

The report the Global Times obtained from Anzer, a cybersecurity information platform, on Monday, once again revealed the "black hand" operations of Tailored Access Operations (TAO), the cyber warfare intelligence agency under the US National Security Agency (NSA), which has been using advanced cyberattack weapons to indiscriminately "grab" data from internet users around the world.

An exclusive report published by the Global Times in May  disclosed that China captured a spy tool deployed by the NSA, which is capable of lurking in a victim's computer to access sensitive information and was found to have controlled global internet equipment and stole large amounts of user information. The Trojan horse, "NOPEN," is a remote control tool for Unix/Linux computer systems. It is mainly used for stealing files, accessing systems, redirecting network communication, and viewing a target device's information.

According to internal NSA documents leaked by hacking group Shadow Brokers, "NOPEN" is one of the powerful weapons used by the TAO to attack and steal secrets.

Anzer's report revealed another weapon platform, "boundless informant," which is the NSA's exclusive big data summary analysis and data visualization tool system capable of colleting, managing and analyzing data around the world illegally obtained by NSA's remote control system.

According to terminal screenshots from the platform, the NSA has remotely stolen more than 97 billion pieces of global internet data and 124 billion phone records in the last 30 days.

A cybersecurity analyst told the Global Times on condition of anonymity on Monday that TAO is the largest and most important part of the intelligence division of the NSA.

Founded in 1998, the main responsibility of the TAO is to use the internet to secretly access insider information of its competitors, including secretly invading target countries' key information infrastructure to steal account codes, break or destroy computer security systems, monitor network traffic, steal privacy and sensitive data, and access to phone calls, emails, network communications and messages.

TAO also assumes an important role. When US president issues an order to disable or destroy communications networks or information systems in other countries, TAO will provide relevant cyberattack weapons, and the attacks will be carried out by the US Cyber Warfare Command, the report revealed.

According to the report, the various departments of TAO are composed of more than 1,000 active military personnel, network hackers, intelligence analysts, academics, computer hardware and software designers, and electronics engineers. The entire organizational structure consists of one "center" and four "divisions."

The "center" employs more than 600 people and is responsible for receiving, sorting and summarizing account passwords and important sensitive information stolen from around the world by network information systems controlled remotely by TAO.

"The NSA's global indiscriminate intrusion has long been supported by a vast and sophisticated network of weapons platforms, of which TAO is an important weapon maker. Some of these weapons are dedicated to the products of US internet giants such as Apple, Cisco and Dell, and have been developed with the support and full participation of these internet giants," the expert said.

Media reports showed some US internet giants have set up a special government affairs department to cooperate with the NSA in developing cyber attack weapons and provide the NSA with special backdoors and vulnerabilities. Internal information leaked by Edward Snowden showed these weapons could be used to conduct mass traffic monitoring and hacking on any internet user around the world.

According to publicly available information, most of the cyber attack weapons have already been handed over to the US and other "Five Eyes" countries.

The report also showed more than 500 code names for cyber attacks and data theft operations conducted by TAO have been disclosed, which proves that the US is a developed internet country in the world, as well as a major country in cyber intelligence collection and data theft.

In 2013, the US spent $52.6 billion on global intelligence gathering programs, of which two-thirds went to cyber security operations to carry out cyber attacks on foreign countries and domestic targets in the US.

A large number of TAO's cyber attack weapons have also been shared with some allied countries. Media reports showed that GCHQ, the UK's security and intelligence agency, has used NSA's cyberattack weapons to conduct long-term attack control and communications monitoring in the European Union.

"The US is taking highly engineered cyber weapons as the winning advantage in future cyber warfare, and is investing resources and increasing chips regardless of cost, bringing endless hidden dangers to global cyber security," the expert said. 

 Source link

RELATED ARTICLES

It's a threat to national security | The Star

 https://www.thestar.com.my/opinion/letters/2022/06/14/its-a-threat-to-national-security


Related posts:

China captures powerful US NSA cyberspy tool

 

 

 

 

SOURCE: Data protection dept not doing its job

Act swiftly to prevent data breaches

 

 

 

 

Remain vigilant against financial fraud