U.S.net attacks Western Gong University's technical details exposure

"Global Times" reporter learned from the relevant departments on the 13th that in the National Security Agency (NSA) network attack incident in Northwestern Polytechnical University, the sniffing secret network weapon named "tea drink" is One of the most direct "culprits". In this regard, network security experts suggested that in the process of informatization, domestic products and "zero trust" security solutions were selected.

On September 5th, relevant Chinese departments announced that the "real murderer" attacked by Northwestern Polytechnical University was the NSA Specific Invasion Action Office (TAO). Since then, the National Computer Virus Emergency Treatment Center and Beijing Qi'an Pan Gu Lab have further analyzed the invasion. In the latest survey report, the technical details of the US's attack on attack were made public: that is, among the 41 network weapons, it is called "" "Tea Drinking" Sniches The Stealing Trend Network Web weapon is one of the most direct "culprits" that lead to a large amount of sensitive data.

According to technical analysis and research, "tea drinking" can not only steal the account password of a variety of remote management and remote file transmission services on the server, but also have strong hiddenness and environmental adaptability. The network security experts in the above said that after the "tea drinking" is implanted into the target server and network equipment, it will disguise itself into a normal background service process, and use a modular method to send malicious loads in stages. Hiddenness, it is difficult to find. "Tea Drinking" can be operated hidden on the server, monitor the user's input on the terminal program of the operating system console in real time, and intercepts various user names and passwords, like the "voyer" standing behind the user. Cyber ​​security experts introduced: "Once these username passwords are obtained by TAO, they can be used to attack the next stage. Even if these usernames password access to other servers and network devices, they will steal files on the server or send other delivery of other. Network weapon. "

According to experts, TAO uses "tea drinking" as a sniffing tool, implanted it into the internal network server of Northwestern Polytechnical University, stealing the login password of remote management and remote file transmission services such as SSH, so as to obtain access to other servers in the internal network Perseverance, realize the horizontal movement of the intranet, and send other high -value servers to other high -value servers, other sniffing secrets, persistence controls, and hidden disappearance network weapons, causing large -scale and continuous sensitive data theft.

Technical analysis shows that "tea drinking" can effectively integrate and link with other NSA network weapons to achieve "seamless docking". In February of this year, Beijing Qi'an Pan Ancient Laboratory publicly disclosed the technical analysis of the top weapon "Electric Screen Operation" (BVP47), exclusive to the "Formula" (BVP47), which is a hacker organization affiliated to NSA. In the attack activities of the curtain action. In TAO's incident of cyber attacks on Northwestern Polytechnical University, the "Tea Drinking" sniffing theft tools and BVP47 Trojan Programs were cooperated with other components to implement joint attacks. According to reports, the BVP47 Trojan has extremely high technical complexity, architecture flexibility, and ultra -high -intensity analysis and evidence collection and confrontation characteristics. It is used to peep and control the information network of the victims with the "tea drinking" component, secretly stealing important data. Among them, "Tea Drinking" sniff the hippocampus secretly lurking in the information system of the victims, and is responsible for listening, recording, and returning the "results of the war" -the account number and password used by the victims, whether it is in the inner network or the external network Essence

The report also pointed out that with the gradual deepening of the survey, the technical team also found the "tea drinking" attack traces in other institutions outside Northwestern Polytechnical University. Network attack activities.

It is worth noting that in the multiple cyber attack activities implemented by the United States, the US IT industry giants have repeatedly appeared. For example, in the "Prism" plan, the US love department has the authority of senior administrators and can enter the servers of Microsoft, Yahoo, Google, Apple and other companies at any time, and the long -term secrets are tailored. In the hacking tools used by the "Formula" organization announced by the "Shadow Broker", Microsoft, Cisco, and even some Chinese Internet service providers' "zero vulnerabilities" (0Day) or back doors appeared. "The United States is using its technical dominance in the field of software and hardware in the network information system. With the comprehensive cooperation of the IT industry giant in the US IT industry, using a variety of cutting -edge network weapons to launch non -different network attacks worldwide in the world, and continuously steal Internet devices around the world. The account password is prepared to log in to the victim's information system at any time to implement a larger scale stealing or even destroying activities. The server is reinforced, the administrator passwords of the server and network devices are regularly changed, and the audit of the network network traffic is strengthened, and the abnormal remote access request is found in time. At the same time, in the process of information construction, it is recommended to choose a domestic product and "zero trust" security solution ("zero trust" is a new generation of network security protection concepts. Essence

This expert further pointed out that whether it is data stealing or system destruction and paralysis, network attack behavior will cause huge damage to network space or even the real world, especially for attack behavior for important key information infrastructure.The mapping, the characteristics of network activities easily across the border, make it a pioneer of continuous struggle. Without network security, there is no national security. Only by developing our asymmetric competition in the field of science and technology can we establish a China, independent and independent network protection in ChinaAnd confrontation ability ".▲ This newspaper special reporter Yuan Hong

- END -