Friday, 5 May 2023

US-controlled ‘empire of hackers’ attacking China, other countries

  • Investigators accuse CIA of advanced spy tactics against governments, infrastructure, research institutions, and tech and oil companies since 2011
  • China’s foreign ministry calls on US to stop using cyberweapons for global espionage

Zhang Tong

The CIA has used powerful cyberweapons to attack other countries including China, according to a report released on Thursday in China.

The report, jointly released by China’s National Computer Virus Emergency Response Centre (CVERC) and cybersecurity company 360, accused the US Central Intelligence Agency of secretly orchestrating “peaceful evolution” and “colour revolutions” around the world with the use of superior technology.

According to the report, which was focused on numerous cyberattacks within China, investigators captured and extracted a large number of Trojan programs, functional plug-ins, and attack platform samples that they said were closely associated with the CIA, revealing an “empire of hackers” under US control.

“These cyberweapons have undergone strict, standardised, and professional software engineering management, which is uniquely followed by the CIA in developing cyberattack weapons,” the report said.

The investigators said their analysis revealed that the CIA’s cyberweapons used state-of-the-art espionage technology in attacks that were closely connected and integrated.

“They have now covered almost all internet and IoT [Internet of Things] assets globally, allowing control over foreign networks and theft of important, sensitive data at any time,” the report said.

“Targets of these attacks include critical information infrastructure, aerospace, research institutions, oil and petrochemical industries, large internet companies, and government agencies in various countries. These attacks can be traced back to 2011 and have continued until now.”

It said the information collected from foreign governments, companies and citizens would be provided to US decision-makers for national security intelligence and security risk assessments. At the request of the US president, the CIA also carried out and supervises secret cross-border activities, the report said.

The report also said that, for decades, the CIA had overthrown or tried to overthrow more than 50 legitimate foreign governments – only seven instances of which are acknowledged by the CIA – causing turmoil in the affected countries.

While helping other nations in inciting unrest, the CIA provided various information and communication technologies and even on-site command help, the investigators said.

For example, a US military-affiliated company developed an untraceable TOR technology to help protesters in some Middle Eastern countries maintain communication and evade tracking and arrest, it said. The servers encrypted all information passing through them, ensuring anonymous internet access for specific users, according to the report.

The Rand Corporation had spent years developing “Stampede” software that helped many young people stay connected during protests, greatly improving the efficiency of on-site command, the report said.

“The CIA has long been collecting intelligence information from foreign governments, companies and citizens, and organising, implementing and supervising cross-border secret activities while engaging in continuous espionage and theft,” foreign ministry spokeswoman Mao Ning said on Thursday.

“The international community should be highly vigilant of these activities. The large number of real cases disclosed in the report is yet another example of the CIA’s long-term global cyberattack campaign. The US should pay attention and respond to international concerns, and stop using cyberweapons for global espionage and cyberattacks,” she added.

In recent years, Beijing has increasingly accused the United States of cyberattacks. In June 2022, China’s Northwestern Polytechnical University issued a public statement claiming it had been targeted by overseas cyberattacks.

A report by CVERC that followed in September said the US National Security Agency had carried out tens of thousands of malicious cyberattacks against Chinese targets in recent years, controlling countless network devices including servers, terminals, switches, telephone exchanges, routers and firewalls.

Washington has reciprocated with its own accusations. In October 2022, the Cybersecurity and Infrastructure Security Agency released an advisory on their website emphasising the cybersecurity threat from China.