US responsible for cyberattack on Xi'an university, report says
China strongly condemned on Monday the cyberattack launched by the United States on the email system of Northwestern Polytechnical University in Xi'an, Shaanxi province, saying that the attack severely endangered national security.
According to a report published on Monday, there is clear evidence that the US National Security Agency was responsible for the cyberattack launched on April 12 against the university, which is known for its education and research programs in the fields of aeronautics, astronautics and marine technology engineering.
The university said it found that phishing emails with Trojan horse programs, which pretended to be research reviews, invitations to academic events and opportunities to study abroad, were sent to teachers and students at the university in an attempt to steal their data and personal information.
The emails attempted to trick students and teachers at the university into clicking on links and giving away their sign-in information, thereby resulting in potential data leaks. The university said it reported the case to local police.
The initial investigation jointly conducted by the National Computer Virus Emergency Response Center and internet security company 360 has shown that the case is just one of more than tens of thousands of cyberattacks launched by the NSA's Office of Tailored Access Operations — a cyberwarfare intelligence-gathering unit — on targets in China in recent years, according to the report published by the center and the security company.
Furthermore, these malicious attacks have resulted in the leak of more than 140 gigabytes of data of high value, it added.
Foreign Ministry spokeswoman Mao Ning said on Monday that besides cyberattacks, the US also has been monitoring voice and text communications of Chinese cellphone users for a long time. Such moves should be strongly condemned, as they have severely endangered national security and personal data security, she said.
Mao urged the US to immediately stop stealing information from other countries and launching cyberattacks, saying that it should instead play a constructive role in maintaining cybersecurity.
According to the investigation, the technical team — by extracting Trojan samples from the university's internet terminals, with the support of European and South Asian partners — initially identified that the cyberattack on the university was conducted by the NSA's Office of Tailored Access Operations of the Data Reconnaissance Bureau of the NSA's Information Department.
According to the report, the cyberattack operation was code-named "shotXXXX" by the NSA and was directly commanded by the then head of the Office of Tailored Access Operations, Robert Joyce, who is now the NSA's director of cybersecurity.
Furthermore, over 40 cyberattack weapons were used to steal core technology data, including key network equipment configuration, network management data and core operational data in the attack targeting the university's computer network, the report said.
It was found that 13 people from the US were directly involved in the attack, and more than 60 contracts and 170 electronic documents were signed by the NSA and US telecom operators through a cover company to build an environment for cyberattacks. In addition, 54 jump servers and proxy servers in 17 countries were used in the attack, of which about 70 percent were based in countries near China, such as Japan and South Korea.
According to internet security company 360, the NSA focuses on stealing information from Chinese scientific research institutes, government bodies, military scientific research institutes and universities.
Zhou Hongyi, founder of 360, said national-level hacker armies and organizations have become the biggest threat to China's cybersecurity.
"Cyberattacks launched by a country have clear targets. Hackers may first penetrate key information systems in China and wait for the right opportunities to steal information," Zhou said.
According to the report, the case has exposed the fact that the NSA has been carrying out cyber espionage activities in China for a long time.
