China capable of tackling cyberattacks, exec says

China is now able to detect large-scale, sophisticated and sustained cyberattacks launched by overseas organizations and government bodies, such as the National Security Agency and the Central Intelligence Agency of the United States, and secure the evidence of such attacks, the founder of a Chinese cybersecurity company said.

China has become a prominent target in recent years of such cyberattacks, known as Advanced Persistent Threats, so detecting the attacks and finding out who is behind them has been quite a challenge, said Zhou Hongyi, founder of cybersecurity company 360, on Tuesday.

"But we have managed to catch the NSA launching cyberattacks on targets in China at least twice in the past two years, including the attack on the internal servers of Northwestern Polytechnical University. By analyzing the pattern of the attack and the weapons and code names used, we can be certain that the NSA's Office of Tailored Access Operations — a cyberwarfare intelligence-gathering unit — is behind the attack," Zhou said.

Together with the National Computer Virus Emergency Response Center, the company carried out the initial investigation of the cyberattack on the university in Xi'an, Shaanxi province. The university is known for its education and research programs in aeronautics, astronautics and marine technology engineering.

TAO is believed to be one of the world's top cyberattack units. More than 40 weapons targeting different security vulnerabilities in different platforms were used in the attack on the university alone. That hacking was just one of more than tens of thousands of cyberattacks TAO launched against Chinese targets in recent years, Zhou said.

All the evidence has been kept for analysis, he said, which can help China better identify the attackers in the future because the codes of cyberattack weapons may change in different attacks, but the structure of those weapons from certain organizations or government bodies usually remains the same.

"Making the invisible cyberattack visible is a big step forward for China in defending its cybersecurity, which faces grave threats from APTs. Unlike traditional warfare, anytime is wartime in cyberwar. Chinese science, technology and industry for national defense institutes and government bodies must always be on high alert for such threats," Zhou said.

In addition to stealing information, spyware and Trojan horses that APTs plant in computer systems can also be used to paralyze a city's electricity or water supply, because the cities' infrastructure operations now rely heavily on information technology, he warned.

Zhou's company has identified about 50 APTs targeting China, including those launched by the NSA and CIA. Many of them are very active.

According to a report published on Tuesday, the NSA used a cybersniffing weapon code-named "suctionchar" to intercept passwords and login data in the cyberattack on the internal servers of the university in April. Cybersniffing intercepts packets of computer information and can be used repeatedly to spy on and possibly crash or corrupt the system.

Traces of "suctionchar" are also found in the computer networks of other institutes, which means that the NSA may have carried out a large-scale cyberattack against China, according to the report, which was released by the National Computer Virus Emergency Response Center.

Suctionchar mainly targets Unix and Linux platforms and can be easily integrated and used with other cyberweapons and is hard to detect. Besides intercepting passwords and login data, it can theoretically be used to obtain any information the attacker is looking for. It is a powerful cyberattack weapon, according to the report, which also published the codes of "suctionchar".

Foreign Ministry spokeswoman Mao Ning said on Tuesday that China has demanded that the US explain the cyberattack on the university via different channels. So far, the US has failed to respond, she said.