Loading...
(Video from the Internet)
More than 50,000 espionage programs were implanted to expose United States hype the truth of the "Volt Typhoon" action plan
On April 15 and July 8 this year, China's National Computer Virus Emergency Response Center and other institutions released two special reports in succession, exposing the true intention of the US to use the so-called "Typhoon Volta" false narrative action plan to smear the mainland. Today (14th), the mainland network security agency released a special report for the third time, further disclosing the United States government agencies and the "Five Eyes" alliance countries against China, Germany and other countries, as well as global Internet users to carry out cyber espionage eavesdropping and stealing activities, and mastered the relevant evidence of United States government agencies through various means to blame other countries, in addition to the fact that they adopted "supply chain" attacks and implanted backdoors in Internet equipment products, completely debunking the so-called "Volt Typhoon" This is a political farce directed and staged by the United States federal government.
U.S. R&D blames other countries for stealth "toolkit" codenamed "marble"
The report shows that for a long time, the United States has actively pursued a "defensive front" strategy in cyberspace and implemented a "forward hunting" tactical operation, that is, deploying cyber warfare forces in the surrounding areas of adversary countries to carry out close reconnaissance and network infiltration of cyber targets in these countries. In order to meet this tactical need, United States intelligence agencies have specially developed a stealth "toolkit" codenamed "Marble" to cover up their own malicious cyber attacks and blame other countries.
Du Zhenhua, Senior Engineer of the National Computer Virus Emergency Response Center: Its function is mainly to obfuscate or even erase these identifiable features in the code of such cyber weapons, that is, spyware or malicious programs. This has the effect of erasing the developer's fingerprints, which is equivalent to changing the rifling of a firearm, so it becomes very difficult to technically trace the origin of this weapon.
The technical team's investigation found that according to the source code of the "Marble" tool framework and its comments, it was determined to be a classified (and undisclosed) weapons development program, which began no later than 2015. The Marble tool framework can use more than 100 obfuscation algorithms, which can replace readable variable names, strings, etc., in source code files with unreadable (unrecognized) content, and can insert specific interfering strings.
Du Zhenhua, senior engineer of the National Computer Virus Emergency Response Center: We can see that there are Arabic, Chinese, Russian, Korean, and Persian, so after he does this kind of data in the buffer zone, he will write the buffer data to the specified location, or the corresponding program file, so as to realize the deliberate implantation of the traces of this network weapon.
Li Baisong, Deputy Director of the Technical Committee of Antiy Technology Group: This is a relatively common method in cyber attacks, which is equivalent to, for example, organization A, which disguises itself as organization B, and this disguise can appear in many different links. For example, in the process of setting up his command-and-control server, for example, in the development of his secret-stealing Trojan horse, such methods can be used in many stages. And this makes it difficult to trace his attacks back to the source.
Through these fabricated and fictitious methods, hackers United States cyber warfare forces and intelligence agencies can arbitrarily change their identities and images to carry out cyber attacks and theft activities around the world by impersonating the identities of other countries, and then plant these acts on countries that are not United States "allies" of the impersonation.
Through the evidence obtained by the technical team, the "Volt Typhoon" operation is a typical, well-designed disinformation operation that is in line with the interests of United States capital groups, that is, the so-called "false flag" operation, and its techniques and tactics are completely consistent with the techniques and tactics adopted by the United States and the "Five Eyes" national intelligence agencies.
The United States conducts indiscriminate surveillance of Internet users around the world
According to a report released by mainland cybersecurity agencies, the reason why United States government agencies fabricated the so-called "Volt Typhoon" cyber attack organization with a Chinese background is to continue to control the "unlicensed" surveillance rights granted by Section 702 of the Foreign Intelligence Surveillance Act, so as to maintain its huge "indiscriminate" and "bottomless" surveillance program. It is precisely with the relevant authority of "Section 702" that United States government agencies can continue to indiscriminately monitor global Internet users, and even directly obtain user data from the servers of major Internet companies in United States, which is a veritable "snooper" in cyberspace.
The technical team found that according to the internal top-secret information of the United States National Security Bureau, the United States relied on its innate technical advantages and geographical advantages in the construction of the Internet layout, firmly controlled the world's most important Internet "key nodes" such as the Atlantic submarine fiber optic cable and the Pacific submarine fiber optic cable, and successively established 7 national-level full-traffic listening stations. United States government agencies work closely with the United Kingdom's National Cyber Security Centre to parse and steal data transmitted in fiber optic cables, enabling indiscriminate surveillance of Internet users around the world.
Du Zhenhua, Senior Engineer of the National Computer Virus Emergency Response Center: By extracting, converging, restoring, decoding, and decrypting the digital signals in these optical cables, you can get the voice information, text information, video information, and even the "username and password" in the optical cable communication data. On the one hand, it United States itself, of course, including the United States military intelligence agencies, and on the other hand, there are actually some United States intelligence partners, especially countries like the "Five Eyes" alliance.
According to the report, in order to transform stolen data into readable and retrievable intelligence information in real time, the United States National Security Agency has implemented two key engineering projects, namely the "Upstream" project and the "Prism" project, which are responsible for data storage and data restoration analysis, respectively.
Du Zhenhua, Senior Engineer of the National Computer Virus Emergency Response Center: As the name suggests, the "upstream" project is to extract the original data from the submarine optical cable and gather it to form a huge data reservoir, so that it can be used for subsequent in-depth analysis. Then the Prism project is based on the upstream project, the in-depth analysis and classification of these traffic in this data reservoir, the two are actually complementary to each other, then they are also an important part of the United States network listening project.
According to network security experts, in order to solve outstanding problems such as encryption data cracking and incomplete coverage of network communication traffic paths in "upstream" projects, the United States government will also directly obtain user data from the servers of major Internet companies in United States such as Microsoft, Yahoo, Google, Facebook, and Apple through the "Prism" project.
The "Upstream" and "Prism" projects were built and implemented under the authorization of Section 702 of the Foreign Intelligence Surveillance Act, so Section 702 has become the official basis for the legal, open, and continuous theft of global Internet link data by United States intelligence agencies on behalf of the United States federal government, and has also become solid evidence for United States "secret theft empire".
More than 50,000 spy programs were planted in the target countries
The report shows that in order to meet intelligence needs, the "Specific Intrusion Operations Office" under the United States National Security Agency will launch secret cyber intrusion operations against specific targets in the "blind spots" of the listening system, and the victims are mainly concentrated in Asia, Eastern Europe, Africa, the Middle East and South America, and according to the evidence obtained by the technical team, more than 50,000 spy programs have been planted on specific targets.
The technical team's investigation found that internal United States National Security Agency documents show that almost all major cities in China are within the scope of its cyber clandestine intrusions, and that a large number of Internet assets have been compromised, including the areas where Northwestern Polytechnical University and the Wuhan Earthquake Monitoring Center are located.
Li Baisong, Deputy Director of the Technical Committee of Antiy Technology Group: There are many different ways for the United States to control spyware, and it is easier to understand that it is controlled remotely from this network. In addition, they have a device codenamed "Water Viper", which looks like a USB connector, and then can be disguised as an interface similar to a keyboard or mouse, and he connects this equipment to the equipment inside the physically isolated network, and then he sends the stolen data through signals, and even realizes a control over it.
According to experts, in addition to directly implementing network intrusion operations to steal data, for some high-value targets with high protection level and difficult invasion, the special intrusion operation office will also adopt the method of "supply chain" attack, that is, with the cooperation of United States large Internet enterprises or equipment suppliers, intercept the attack target from the logistics link, and disassemble the United States network equipment purchased by the attack target and implant it into the backdoor, and then repackage and ship it to the attack target.
Li Baisong, Deputy Director of the Technical Committee of Antiy Technology Group: After this kind of equipment is used, it will become a breakthrough for attackers. Attackers can exploit its vulnerabilities, they can exploit its backdoor to gain access to our intranet without us knowing.
Du Zhenhua, Senior Engineer of the National Computer Virus Emergency Response Center: It is mainly aimed at these targets with relatively strong defense capabilities and relatively high difficulty in attacking, especially some targets with a high level of secrecy, including units and individual groups, so because it is very concealed, it can achieve this long-term latent secret theft activity. Therefore, the harm it causes should be said to be from the perspective of leakage density and security risks, because it may cause the paralysis of this network, then it is very serious.
The US has been politicizing the origins of cyber attacks
Through the authorization of the "Section 702," the United States intelligence agencies have established a large-scale global Internet surveillance network, providing a large amount of high-value intelligence to United States government agencies, so that the United States government has repeatedly taken the lead in the fields of diplomacy, military, economy, science and technology, and the "Section 702" and the accompanying Internet surveillance system have become the "secret weapon" United States maintain its hegemonic status at this stage.
The report shows that with a strong first-mover technology advantage, any target could be placed on a "priority watch list" by the United States federal government and its intelligence agencies, including some United States "allies" France, Germany, Japan, and even ordinary United States citizens.
Du Zhenhua, senior engineer of the National Computer Virus Emergency Response Center: Then the source of such indiscriminate surveillance and bottomless surveillance is actually "Section 702" of the United States Foreign Intelligence Surveillance Act. So this should be said in our previous report, also known as the Warrantless Surveillance Act, so its power is very large, and it is rarely restricted, so it is actually a source of United States' unscrupulous foreign cyber surveillance activities.
According to experts, in order to maintain a huge surveillance program, the annual budget required by United States government agencies is also quite staggering, and this is the main driving force for the United States federal government and its intelligence agencies to conspire to plan and promote the "Volt Typhoon" program.
Du Zhenhua, Senior Engineer of the National Computer Virus Emergency Response Center: The new data it adds every year or every day is amazing, so the kind of resource investment it has to consume is very amazing, so it also needs a lot of money. Therefore, the false narrative of "Voltamine" is actually to deceive Congress into investing more money in these competing projects, which is of course one of its main purposes, and because it is one, he must also use this false fact to protect the right of "Section 702" to surveillance. Of course, at the same time, he can also achieve the goal of smearing and slandering China.
The report pointed out that for many years, United States government agencies have continued to politicize the issue of tracing the origin of cyberattacks out of their own selfish interests, while companies such as Microsoft have continuously transmitted intelligence for "Section 702" in order to cater to United States politicians, government agencies and intelligence agencies, and in order to improve their own commercial interests.
China has always opposed political manipulation of technical investigations of cybersecurity incidents and politicization of the issue of tracing and attributing cyber attacks. The report reiterates the need for extensive international collaboration in cybersecurity, and that cybersecurity companies and research institutions should also focus on research on cybersecurity threat countermeasures and how to provide users with higher-quality products and services.
Source: CCTV News, Global Times, Observer.com