China alleges U.S. spy agency hacked key infrastructure and sent user data back to headquarters
China accused a top U.S. spy agency of stealing Chinese user data and infiltrating the country’s telecommunications infrastructure, according to a report published Tuesday, which lays out details of the alleged cyberattack method.
Chinese state media last week first reported on an alleged attack by the U.S. National Security Agency on China’s government funded Northwestern Polytechnical University and promised that more details would follow.
Tuesday’s report from China’s National Computer Virus Emergency Response Center and cybersecurity company 360, lays out the specific ways the alleged attack was carried out.
The report adds further tension between the U.S. and China in the cyber sphere. Beijing has for years accused Washington of carrying out cyberattacks, but rarely discloses details of specific incidents. This new report is a change in approach from China.
The report, published in the state-backed People’s Daily newspaper, claims the NSA began with a man-in-the-middle attack on the Northwestern Polytechnical University. This is where a hacker intercepts digital communication between two parties. The NSA was able to get into the university’s network, get the credentials of people who worked there, which allowed the U.S. agency to further penetrate the systems, the report alleged.
When in the network, the NSA was able to get further access to sensitive data, eventually remotely getting into the core data network of a telecommunication infrastructure operator, the report claimed.
As part of the attack, the NSA was able to get access to the data of people in China with “sensitive identities” and send that information back to the agency’s headquarters in the U.S., the report alleged.
The NSA was not immediately available for comment when contacted by CNBC.
The report from China’s National Computer Virus Emergency Response Center and 360 lays out several reasons why the attack is being attributed to the NSA.
Of the various hacking tools used, 16 of them were identical to ones that were dumped online starting in 2016 by a group called the Shadow Brokers, which managed to get access to some of the NSA’s techniques and methods. NSA hackers also carried out attacks during U.S. working hours and stopped during public holidays such as Memorial Day, the report claims.
The report also said that the attackers used American English, the devices associated with the hackers had an English-language operating system and they used an American keyboard for input.
Allegations of the NSA’s activity toward Chinese infrastructure is another point of conflict in the technology and cyber arena between the U.S. and China. Competition between the world’s two largest economies in areas from semiconductors to artificial intelligence has ramped up over the last few years.
For its part, the U.S. has accused China of massive hacking operations. Federal Bureau of Investigation Director Christopher Wray said in February that China’s cyberattacks have become “more brazen, more damaging, than ever before.”
Wray accused China of trying to steal U.S. information and technology.