Be careful of "drinking tea"!American NSA special network weapon surface

On September 13, the National Computer Virus Emergency Treatment Center released the "Analysis Report of the American NSA Web Web" Tea Drinking ".

The analysis report pointed out that during the investigation of Northwestern Polytechnical University by an overseas network attack (see previous reports), the National Security Agency (NSA) special network weapon "tea drinking" (NSA "(NSA" was found on Western Institute of Technology's network server device. Named "SuctionChar").

The National Computer Virus Emergency Treatment Center combined with the Beijing Qi'an Pan Gu Lab conducted a technical analysis of "drinking tea". The analysis results showed that the network weapon was "sniffing the stealing weapon", which was mainly aimed at the Unix/Linux platform. Steal the remote access password on the target host.

"Tea Drinking" contains a number of components such as "Authenticate", "Decrypt", "Decode", "Configuration Module", "Agent", "Agent".

Based on the results of relevant analysis, the technical analysis team believes that "tea drinking" is complicated, highly modular, supports multi -threaded, and has a wide range of adaptation of the operating system environment, including FreeBSD, Sun Solaris system, and Debian, RedHat, CentOS, Ubuntu and other Linux Linux The distribution version reflects the advanced software engineering capabilities of developers.

"Drinking Tea" also has good openness, which can be effectively integrated and linked with other network weapons. It uses encryption and verification to enhance its own safety and concealment. Extract information such as login username passwords. In theory, you can also extract all the information you want to obtain. It is a powerful network weapon tool with advanced functional and concealed highly concealment.

US National Security Agency (NSA) Headquarters: IC Photo

In this attack on Northwestern Polytechnical University, the U.S. NSA's Specific Invasion Action Office (TAO) uses "tea drinking" as a sniffing secret tool to implant it into the internal network server of Northwestern Polytechnical University, stealing SSH, Telnet, FTP, FTP , SCP and other remote management and login passwords for remote file transmission services, so as to obtain access permissions from other servers in the internal network, realize the horizontal movement of the internal network, and send other high -value servers to other sniffing secrets, persistent control categories and durable control categories The concealed disappearance network weapon has caused large -scale and persistent sensitive data theft.

With the gradual deepening of the survey, the technical team also discovered the "tea drinking" attack traces in other institutions outside Northwestern Polytechnical University. It is likely that TAO uses "tea drinking" to launch large -scale network attack activities to China. Essence

- END -