Share This

Showing posts with label Stealing. Show all posts
Showing posts with label Stealing. Show all posts

Tuesday, September 6, 2022

Exclusive: Evidence shows US’ NSA behind attack on email system of Chinese leading aviation university

 

U.S. is True Empire of Hacking, Surveillance, Theft of Secrets

 

The US: Empire of Hacking, Surveillance and Theft of Secrets.


As a hacking empire, the US disguises itself as a hacking victim


The email system of a university in Northwest China's Shaanxi Province - well-known for its aviation, aerospace and navigation studies - was found to have been attacked by the US' National Security Agency (NSA), the Global Times learned from a source on Monday.

The Chinese Foreign Ministry responded to the issue at Monday's press briefing, saying that China has lodged a strong protest to the US over NSA's attack and demanded an explanation for it.

On June 22, Northwestern Polytechnical University announced that hackers from abroad were caught sending phishing emails with Trojan horse programs to teachers and students at the university, attempting to steal their data and personal information.

A police statement released by the Beilin Public Security Bureau in Xi'an the next day said that the attack attempted to lure teachers and students into clicking links of phishing emails with Trojan horse programs, with themes involving scientific evaluation, thesis defense and information on foreign travel, so as to obtain their email login details.

To probe into the attack, China's National Computer Virus Emergency Response Center and internet security company 360 jointly formed a technical team to conduct a comprehensive technical analysis of the case.

By extracting many trojans samples from internet terminals of Northwestern Polytechnical University, under the support of European and South Asian partners, the technical team initially identified that the cyberattack to the university was conducted by the Tailored Access Operations (TAO) (Code S32) under the Data Reconnaissance Bureau (Code S3) of the Information Department (Code S) of US' NSA.


TAO is the largest and most important part of the intelligence division of the NSA. Founded in 1998, the main responsibility of TAO is to use the internet to secretly access to insider information of its competitors, including secretly invading target countries' key information infrastructure to steal account codes, break or destroy computer security systems, monitor network traffic, invade privacy and steal sensitive data, and gain access to phone calls, emails, network communications and messages.

The various departments of TAO are composed of more than 1,000 active military personnel, network hackers, intelligence analysts, academics, computer hardware and software designers, and electronics engineers. The entire organizational structure consists of one "center" and four "divisions."

The Global Times learned from the source that the attack was code-named "shotXXXX" by the NSA. Directly involved in the command and action mainly includes the head of TAO, remote operations center (mainly responsible for operational weapons platforms and tools to enter and control target system or network) and infrastructure task division (mainly responsible for development and build a network infrastructure and security monitoring platform for attacks)

In addition, four other divisions were also involved in the operation: the advanced/access network technology division, the data network technology division, and the telecommunications network technology division, which provided technical support, and the requirements and location division, which determined the attack strategy and intelligence assessment.

The Global Times learned from the source that at that time, TAO was headed by Rob Joyce. Born September 13, 1967, he attended Hannibal High School and graduated from Clarkson University with a bachelor's degree in 1989 and Johns Hopkins University with a master's degree in 1993. He joined the NSA in 1989 and served as Deputy Director of TAO from 2013 to 2017. He began serving as Acting US Homeland Security Advisor in October 2017. From April to May 2018, he served as the State Security Advisor to the White House, and then returned to the NSA as the Senior Advisor to the Director of Cybersecurity Strategy of the NSA. He now serves as the Director of Cybersecurity.

The investigation also found that in recent years, TAO has conducted tens of thousands malicious attacks against targets in China, controlling large numbers of network devices (web server, internet terminals, network switches, telephone switches, routers, firewalls, and etc.) to steal a high value of more than 140 GB of data.

Technical analysis also found that TAO had acquired the management authority of a large number of communication network equipment in China with the cooperation of several large and well-known internet enterprises in the US before the attack began, which made it easy for the NSA to continuously invade the important information network in China.

Aiming at Northwestern Polytechnical University, TAO used 41 types of weapons to steal the core technology data including key network equipment configuration, network management data, and core operational data. The technical team discovered more than 1,100 attack links infiltrated inside the university and more than 90 operating instruction sequences, which stole multiple network device configuration files, and other types of logs and key files, the source said.

It was found that 13 people from the US were directly involved in the attack and more than 60 contracts and 170 electronic documents that the NSA signed with American telecom operators through a cover company to build an environment for cyberattacks, according to the source.

The Global Times also learned from the source that TAO has used 54 jumpers and proxy servers in the network attack against Northwestern Polytechnical University, which were mainly distributed in 17 countries such as Japan, South Korea, Sweden, Poland and Ukraine, 70 percent of which are located in the countries surrounding China, such as Japan and South Korea.

Apart from the cyberattack, the US has also conducted surveillance of Chinese mobile users, illegally stealing their text messages and wirelessly locating them, which seriously endangered China's national security and violated the personal data security of its nationals, Chinese Foreign Ministry spokesperson Mao Ning said on Monday, urging the US to immediately stop its wrongdoings.

"What I want to stress it that, cyberspace security is a common problem faced by all countries worldwide. The US, with the world's most powerful cyber technology, should refrain from using such advantages to steal secrets from other countries, and should instead participate in global cyberspace governance in a responsible manner, and play a constructive role in maintaining cybersecurity," Mao said.

For a long time, the NSA has been carrying out secret hacking activities against China's leading enterprises in various industries, governments, universities, medical institutions, scientific research institutions and even important information infrastructure operation and maintenance units related to the national economy and people's livelihood.

A latest cybersecurity report released by Anzer, a cybersecurity information platform, on June 13 showed that the US military and government cyber agencies have remotely stolen more than 97 billion pieces of global internet data and 124 billion phone records in the last 30 days, which are becoming a major source of intelligence for the US and other "Five Eyes" countries.

a new vulnerability attack weapon platform deployed by the NSA, which experts believe is the main equipment of TAO, and it targets the world with a focus on China and Russia. The US' move raised wide suspicions that the country might be preparing for a bigger cyberwar, experts noted. 

 
 
RELATED ARTICLES

Thursday, August 21, 2014

HSBC Bank officer charged for stealing money from victims of missing flight MH370




KUALA LUMPUR: A couple pleaded not guilty in the Sessions Court to multiple charges involving theft from the bank accounts of four passengers aboard the missing Malaysia Airlines Flight MH370.

Bank officer Nur Shila Kanan and her mechanic husband Ba­­sheer Ahmad Maula Sahul Hameed, both 33, were accused of making illegal transfers and withdrawals, amounting to RM85,180 in total, from the accounts.

Nur Shila faces 12 principal charges in relation to transferring money from the HSBC Bank accounts to other bank accounts, theft, getting approval for a debit card and making a new Internet banking application with intent to cheat, and using forged documents at the HSBC branch in Lebuh Ampang from May 14 to July 14.

Basheer faces four main char­ges, including one for allegedly using a debit card and an ATM card to withdraw cash from the bank accounts.

He allegedly committed the offences at the bank’s ATM centre at Ampang Point here between May 15 and June 29.

Each of them also face four alternative charges of stealing from the HSBC Bank accounts.

The money was reported missing from the accounts of two Chinese nationals, Ju Kun and Tian Jun Wei, and Malaysians Hue Pui Peng and flight steward Tan Size Hiang.

Deputy Public Prosecutor Fadhli Mahmud applied to the court to set bail for each at RM20,000 in one surety and asked that the couple be made to surrender their passports to the court.

Lawyer Abdul Hakeem Aiman Mohd Affandi, who appeared for the couple, asked that bail be set at RM10,000 in one surety for each and said that they were willing to surrender their passports.

Judge Mat Ghani Abdullah set bail at RM12,000 in one surety for each and impounded their passports.

He fixed Aug 25 for the case to be brought before him again.

The Star/Asia News Network

MH370: Couple claim trial to illegal withdrawals


KUALA LUMPUR: A bank officer and her husband pleaded not guilty in the sessions court today to multiple charges involving illegal transfer and withdrawal of money, amounting to RM110,643, from the accounts of four passengers of the missing Malaysia Airlines flight MH370.

Nur Shila Kanan and her husband, Basheer Ahmad Maula Sahul Hameed, both 33, face multiple charges under the Computer Crimes Act, 1997, and Sections 379, 465 and 471 of the Penal Code.

Judge Mat Ghani Abdullah allowed them to be tried jointly. He set bail at RM12,000 each in one surety and ordered that their international passports be surrendered to the court.

Nur Shila faces 12 principal charges of illegal transfer of money from HSBC Bank, thefts, cheating and forging documents.

She also faces three alternative charges for theft, all of which she allegedly committed at HSBC Lebuh Ampang branch between May 14 and July 8.

Basheer faces four principal charges of using an ATM card and debit card to make illegal withdrawals and four alternative charges for theft, all of which had been allegedly committed at the HSBC ATM at Ampang Point between May 15 and June 29.

DPP Ahmad Fadli Mahmud asked the court to set bail at RM20,000 each in one surety.

Defence counsel Abdul Hakeem Aiman Mohd Affandi, however, requested for the bail to be reduced to RM10,000 on grounds that Nur Shila is a staff in HSBC earning RM3,000 a month, while Basheer, a mechanic, earns RM2,000 a month and have five people under their care, including three children aged between five years and six months old.

Mat Ghani fixed Aug 25 for mention before Judge Norsharidah Awang.

It was earlier reported that money had been missing from the bank accounts of four passengers of MH370 – Chinese nationals Ju Kun and Tian Jun Wei, and Malaysians Hue Pui Heng and flight steward Tan Size Hian.

Initial investigations reportedly revealed that the suspect had transferred funds from three passengers’ bank accounts into the account of a fourth passenger through Internet banking, and together with the fourth passenger’s account, the amount totalled RM110,643.

It was also reported that the missing money came to light on July 18 when a bank officer from a foreign bank detected a series of suspicious transactions and transfers from the four accounts.

Flight MH370 disappeared from radar screens on March 8 as it flew from Kuala Lumpur to Beijing with 227 passengers and 12 crew members on board. The plane has yet to be found, even after an exhaustive search in the southern Indian Ocean where it is believed to have gone down.

By Karen Arukesamy newsdesk@thesundaily.my

Related posts:

Hackers target information on MH370 probe The computers of high-ranking officials in agencies involved in the MH370 investigation were ha...


Malaysia is poised to escape the middle-income trap, but also ready to fall back into it. Normally the middle-income trap refers to count...


Related articles: