More content exposure!Northwestern Polytechnical University was released by the US NSA network attack event survey report

Today (September 5), the National Computer Virus Emergency Treatment Center and 360 Company released a survey report on Northwestern Polytechnical University. The survey found that the "Specific Invasion Action Office" (TAO) under the National Security Agency (NSA) has implemented tens of thousands of malicious network attacks on the domestic network targets in my country for many years, controlled related network devices, and suspected that high value had been stolen. data.

In April of this year, Xi'an Public Security Organs received an alarm of online attacks, and the information system of Northwestern Polytechnical University found traces of network attacks.

Xi'an Public Security Organs attach great importance to this, and immediately organized police forces and network security technology experts to set up a joint task force to investigate the case. The National Computer Virus Emergency Treatment Center and 360 Company jointly formed a technical team to participate in the technical analysis of the case throughout the process. The technical team has extracted a number of Trojan samples from multiple information systems and Internet terminals from Northwestern University of Technology, comprehensively uses domestic data resources and analysis methods, and has received the support of partners in Europe and South Asia. The overall summary, technical characteristics, attack weapons, attack paths, and attack source of related attack events, and the initially determined that related attack activities originated from the National Security Agency (NSA) "specific invasion action office" (Office of Tailored Access Operation (TAO) (TAO) Essence

This survey also found that in recent years, the National Security Agency (NSA) under the Specific Invasion Action Office (TAO) has implemented tens of thousands of malicious network attacks on China's domestic network targets, and controlled tens of thousands of network devices , Including: network server, Internet terminal, network switch, telephone switch, router, firewall, etc., stealing more than 140GB of high value data.

After complex technical analysis and traceability, the joint technical team restored the process of being attacked and stolen by the Northwestern Polytechnical University. Related evidence of the network attack and data theft of the network involves 13 people who directly launch cyber attacks in China in the United States, and the National Security Agency (NSA) signed with the company to build a network attack environment and signed with US telecommunications operators to build a network attack environment. There are more than 60 contracts and more than 170 electronic documents.

Use 41 types of network attack weapons to steal data

The survey found that in the network attack of Northwest Adhexa, the "Specific Invasion Action Office" (TAO) under the National Security Agency (NSA) uses 41 different exclusive network attack weapons to continue to attack Northwestern Polytechnical University. Stealing secrets, stealing core technical data such as the school's key network equipment configuration, network management data, and operation and maintenance data.

Northwestern Polytechnical University, which is attacked, is located in Xi'an, Shaanxi. It belongs to the Ministry of Industry and Information Technology. It is a multi -subject, research, and open university.

The survey report shows that in the National Security Agency (NSA) in the network attack operation of Northwestern Polytechnical University, 41 special network attack weapons and equipment have been used. There are 14 different models of the back door tools "cunning different criminals" (NSA naming). Version.

Through the analysis of evidence, the technical team has accumulated a total of more than 1,100 attack links that attackers penetrated within Northwestern University of Technology, more than 90 instruction sequences of operation, and positioned multiple stolen networks from the invaded network devices. Equipment configuration files, sniffing network communication data and passwords, other types of logs and key files, and other main details related to attack activities.

The technical team divided the weapon categories used in this attack event into four categories, including vulnerabilities attacks breakthrough weapons, persistent control weapons, sniffing keys, and hidden removal weapons.

The investigation report disclosed that the National Security Agency (NSA) used a large number of network attack weapons to conduct secret hacking activities for leading enterprises, governments, universities, medical care, scientific research and other institutions in various industries in my country.

The survey also found that the National Security Agency (NSA) also used its controlling network attack weapon platform, "zero -day loopholes" and network devices to conduct non -difference voice monitoring of Chinese mobile phone users for a long time, illegally stealing mobile phone users SMS content and wireless positioning.

Preparation for long -time preparations carefully pretending to be online attack traces

The survey report disclosed that the National Security Agency (NSA) made long -term preparation work in order to hide its conduct of network attacks such as Northwestern Polytechnical University and other Chinese information networks, and carefully disguised.

The technical team analysis found that the "Specific Invasion Action Office" (TAO) under the National Security Agency (NSA) will carry out long -term preparations before starting the operation, mainly anonymous attack infrastructure construction. The specific invasion action office (TAO) uses the two "zero vulnerabilities" use tools for the SUNOS operating system to use the use tools to choose a server with more network applications such as educational institutions and commercial companies in China as the attack target; After success, the NOPEN Trojan program is installed to control a large number of springboard.

The "Specific Invasion Action Office" (TAO) has used 54 springboard machines and proxy servers in network attack operations for Northwestern Polytechnical University, mainly distributed in 17 countries including Japan, South Korea, Sweden, Poland, Ukraine, of which 70% Located in Chinese countries, such as Japan, South Korea, etc. Among them, a springboard used to cover up the real IP is carefully selected, and all IP belongs to the non -"five -eye alliance" country. In response to the network resources used by the Northwest University of Technology's attack platform, the Agency Services Series, the National Security Agency (NSA) has purchased IPs from Egypt, the Netherlands, and Colombia through the secret establishment of the secret establishment, and rented a batch of servers.

In order to protect its identity security, the National Security Agency (NSA) used the anonymous protection service of the US privacy protection company. The relevant domain names and certificates were pointed at the unrelated personnel in order to cover up the real attack platform to the Northwest Polytechnical University and other Chinese information networks. Rotation of continuous attack and stealing operations.

The technical team also found that before the start of the relevant network attack activities, the National Security Agency (NSA) cooperated with many large -scale Internet companies in the United States to provide the management authority of a large number of Chinese communications network devices that can be grasped to the National Security Agency and other information Institutions, the door to the important information network that continues to invade China.

TAO: The tactical implementation unit of Internet attack secret activities

The survey report shows that the "Specific Invasion Action Office" (TAO) under the National Security Agency (NSA) not only conducts malicious network attacks on various key enterprises and institutions in China, but also has a long -term free voice on mobile phone users in China for a long time Surveillance, illegally stealing the text message content of mobile phone users, and positioning it wirelessly. So what kind of institution is this "specific invasion action office" of TAO?

After technical analysis and online traceability survey, it was found that the implementation of the "Specific Invasion Action Office" (TAO) department of the National Security Agency (NSA) of the National Security Agency (NSA) was established in 1998. Its power deployment mainly relies on the National Security Agency (NSA) Card centers in the United States and Europe. The six password centers that have been announced are:

1. Midalburg Headquarters of the National Security Bureau;

2. The National Security Bureau of Wahu Island at the Shawai Code Center (NSAH);

3. Georgia Password Center (NSAG) of the Guoan Bureau of Gordonburg;

4. San Antonio's National Security Bureau Dexus Password Center (NSAT);

5. The National Security Bureau of the National Security Bureau of the Markley Air Force Base of Denver (NSAC);

6. The European Code Center (NSAE) of the National Security Bureau of Diam Stert in Germany.

"Specific Invasion Action Office" TAO is currently a tactical implementation unit specializing in the US government's implementation of large -scale network attacks on other countries. It consists of more than 2,000 soldiers and cultural personnel. The person in charge of the attack theft of Northwestern Polytechnical University is Robert Edward Joyce. This person was born on September 13, 1967, and entered the National Security Agency in 1989. He has served as deputy director and director of the "Specific Invasion Action Office" (TAO). He is currently the head of network security of the National Security Agency (NSA).

Experts call for improvement of network security prevention

The survey report shows that for a long time, the National Security Agency (NSA) has conducted long -term secret hacking activities for leading enterprises, governments, universities, medical institutions, medical institutions, scientific research institutions, and even important information infrastructure operation and maintenance units related to the country, government, and scientific research institutions. Its behavior may have serious harm to my country's defense security, key infrastructure security, financial security, social security, production safety, and personal information of citizens, which is worthy of our deep thoughts and vigilance.

This time, Northwest University of Technology and China National Computer Virus Emergency treatment Center and 360 Company have comprehensively restored a series of attacks launched by the National Security Agency (NSA) in the past few years, breaking the unidirectional transparency of the United States to our country to my country for several years. Advantage. In the face of strong opponents of the national background, we must first know where the risks are, what kind of risks and when the risks.

The survey report believes that the Northwestern University of Technology has publicly issued a statement that has been attacked by overseas network attacks. Based on the determination of seeking truth from facts and never tolerate, it is resolutely checked and actively adopted defense measures to be worthy of the global US National Security Agency (NSA). Victims of online attack activities will become a strong reference for the effective prevention of the National Security Agency (NSA) subsequent network attack behavior in various countries in the world.

Source: CCTV

- END -