US spy agency blamed for cyber attacks on Xi'an university

Chen Xiaoli
Reports concerning the overseas cyber attacks on China's Northwestern Polytechnical University state the attacks came from the United States National Security Agency.
Chen Xiaoli

The National Computer Virus Emergency Response Center and China's biggest cybersecurity firm, 360 Technology, released investigation reports on Monday concerning the overseas cyber attacks on Northwestern Polytechnical University stating the attacks came from the United States National Security Agency (NSA).

On June 22, the university issued a statement saying it had been the victim of a series of cyber attacks launched from overseas. Following that, police in the city of Xi'an, capital of northwestern China's Shaanxi Province, where the university is located, confirmed that a number of Trojan samples originating from abroad were found in the university's information network and officially opened an investigation.

After extracting a variety of Trojan samples from multiple information systems and Internet terminals at the university – and with the help of European and South Asian partners – the technical team formed by the response center and 360 learned the cyber attacks were conducted by the Office of Tailored Access Operation (TAO) under the NSA.

Investigators also found that TAO has carried out tens of thousands of malicious cyber attacks on network targets in China in recent years and controlled tens of thousands of network devices, such as web servers, Internet terminals, network and telephone switches, routers and firewalls, stealing more than 140GB of high-value data.

Evidence showed there were 13 people from the US directly involved in the cyber attacks and found more than 60 contracts and 170 electronic documents that the NSA signed with US telecom operators through cover companies to build a cyber-attack environment.

In the attacks aimed at Northwestern Polytechnical University, TAO used 41 types of specific network attack weapons to steal core technical data, including key network equipment configuration as well as network management and operational data.

Through analysis, the technical team found more than 1,100 attack links infiltrated the university and over 90 instruction sequences, which stole multiple network device configuration files and other types of logs and key files.

According to China Central Television, Northwestern Polytechnical University is a key university engaged in aviation, aerospace and marine engineering education as well as scientific research. It has many top national scientific research teams and high-end personnel and undertakes many key national scientific research projects. Police said because the school has a special status and is engaged in sensitive scientific research, it has become a target of cyber attacks.

Special Reports