Intensive attacks by cyber spies on our computers are increasingly threatening China’s security.

2024年4月26日 | admin | xwxq






    Taiwan Province cyber spy Li Fangrong who has not yet been brought to justice.


    Intensive attacks on our computers, rampant spying on state secrets


    Cyber espionage threatens China’s security.


    ● Global Times reporter Cheng Gang


    "There are more and more cyber espionage attacks against China, and China’s national security has never been so closely related to the network." A person from the relevant state department recently said in an exclusive interview with Global Times. The following situation may be quite surprising to ordinary people: at present, there are tens of thousands of Trojan horse control IP’s keeping an eye on Chinese mainland’s controlled computers, thousands of botnet control servers are also aimed at mainland China, and even overseas spy agencies have set up dozens of network intelligence strongholds, madly using "wolf pack tactics" and "frog leaping attacks" to steal secrets and infiltrate information on the Internet. Li Fangrong, a Taiwan Province spy, took control of computers and networks in hundreds of continents in a crazy crime. So far, this spy has not been brought to justice. According to reports, the network of mainland military, military industrial units and important government departments is the focus of attack. "Sensitive units with confidentiality responsibilities must pay attention to network security protection, otherwise, it is tantamount to opening the door to state secrets to overseas cyber spies." This person told the Global Times reporter.


    Wanted Taiwan Province cyber spy Li Fangrong


    According to the reporter of Global Times, at present, overseas intelligence agencies have set up special cyber espionage agencies, and professional cyber spies often work directly. The Internet computers or servers of important departments and secret-related units in China are all their interested targets.


    Not long ago, the relevant departments discovered a large-scale cyber-stealing operation carried out by foreign spy agencies. The targets of the attack were all the government and army of China, national defense scientific research institutions and military enterprise networks. The units attacked were all over most provinces, autonomous regions and municipalities directly under the Central Government, and even more than a dozen foreign institutions in China. According to the identified situation, hundreds of computers and networks were controlled by overseas intelligence departments in this case, and the contents of stealing secrets involved political, military, diplomatic, economic, medical and health fields. According to our reporter’s understanding, the specific operator of this activity is Li Fangrong. Li Fangrong, who is less than 30 years old, seems to be a weak scholar, but his real identity is a professional spy stationed in Moscow by taiwan military intelligence bureau. He used hacking technology to control a number of servers in the mainland, and then implanted Trojans into computers he was interested in through these servers, and carried out sabotage activities such as network stealing. Now Li Fangrong has returned to the island of Taiwan Province, where she specializes in network stealing activities in the Military Intelligence Bureau. The person in charge of the relevant departments told this reporter that Chinese mainland has also mastered a lot of other Taiwan Province spies engaged in such activities, and this time, Li Fangrong has been locked up by the mainland state security organs and issued a wanted order. As long as he is arrested and brought to justice, he will decide hell to pay.


    In another cyber espionage investigation, the relevant departments detected many special Trojan programs from the computer network of a government department and its counterpart local units. The detection results show that all the connections of the invading Trojans point to specific spy agencies abroad. When the professional department carried out the inspection, many detected Trojans were still downloading and disseminating information, and the professionals immediately took measures to stop further harm.


    Trojan horse and botnet


    China’s National Computer Network Security Emergency Technology Processing Coordination Center recently released the network security report for the first half of 2007, which specifically mentioned that "Trojans" and "botnets" have caused serious harm to national security. The report pointed out that in the first half of this year, a large number of hosts in mainland China were implanted with Trojan horses abroad. According to a network security technology expert, Trojan horse is not only a common tool for hackers, but also a major means of online intelligence spying. According to the expert, Trojan horse refers to the backdoor program of computer, which usually includes two parts: the control end and the controlled end. Once the controlled end is implanted in the victim’s computer, the operator can monitor all the operations of the user in real time at the control end, steal important files and information with a targeted aim, and even remotely control the victim’s computer to launch attacks on other computers.


    In the first half of this year, Chinese mainland hosts with Trojan horse control terminals were most distributed in Shanghai, Beijing and Jiangsu. At the same time, there were tens of thousands of Trojan horse control terminals IP outside mainland China, of which Taiwan Province was the largest, accounting for 42% of the total, and the United States also accounted for about 25%.


    There are also many IP infected by bots in Chinese mainland. Thousands of computers infected by bots can be centrally controlled by controlling the server, but users don’t know it, just like zombies without self-consciousness. Once such a botnet is activated under the unified command, and attacks a certain node in the network at the same time, whether it is online stealing or malicious destruction, the energy is terrible. At present, authorities have found that thousands of overseas botnet control servers are controlling computers in mainland China, of which 32% are located in the United States and 15% in Taiwan Province.


    There are many kinds of cyber spies.


    The reporter learned from the relevant departments that infiltration and stealing secrets through the Internet are increasing in the espionage activities of overseas intelligence agencies against China. Tang Lan, a network expert, said in an interview with Global Times that the Internet in China is in a period of massive expansion, so the current network security is relatively fragile, and people’s security awareness can’t keep up. People from relevant departments said that many overseas intelligence agencies have seen this clearly, set up specialized agencies for China’s network, and frequently deployed spying operations. For example, Taiwan Province’s spy agency has formulated a series of special network plans, and set up dozens of network intelligence work strongholds around the world, taking neighboring countries as the main positions, and adopting wolf pack tactics to steal secrets and infiltrate information online.


    The reporter learned that the current cyber espionage attacks are more and more diverse and more concealed. The staff of a secret-related unit received an email from the "superior organ", the content of which was "virus Trojan detection program". At first glance, it was one of our own, and the letter was just right. The staff opened the letter and ran the program without much thought. As a result, the Trojan horse of the overseas spy agency was implanted in the computer. It turned out that the "superior agency" was the name of the overseas cyber spy. People from relevant departments told reporters that there are many kinds of cyber espionage scams like this, and different forms of deception will be designed for different objects. For example, it is necessary and credible to pretend to be the target of attack, and sometimes clicking on the email will even lead to a prompt such as "no virus" to confuse the operator.


    More cyber espionage attacks, like more advanced hackers, will take the form of "leapfrog", that is, using program tools such as Trojans and zombies to control an online host first, and use it as a springboard to manipulate it to attack the real target. Doing so can cover the true identity of the attacker, make it more difficult to trace after the incident, and at the same time paralyze the other side by using the identity of the springboard. Relevant persons told reporters that it is very particular for foreign spy agencies to choose the springboard. Usually, they choose non-sensitive network servers or hosts with relatively good domestic configuration, relatively large capacity, relatively small visits, relatively lax management and relatively reliable identity. Government websites in some medium-sized cities are often regarded as the first choice. Taiwan Province’s spy agency once used the government website of a medium-sized city in central China as a transit springboard, sending out many disguised emails and invading the networks of other important departments to monitor and steal secrets.


    The internal working network of many secret units is not connected with the Internet, but the Trojan horses of overseas intelligence departments are still found in the security inspection of relevant departments. The investigation shows that an important way is ferry attack, which uses mobile media such as U disk and mobile hard disk. Foreign spy departments have specially designed various kinds of ferry trojans, and collected the personal websites or email addresses of a large number of staff in secret units in China. As long as some of these people use mobile media such as USB flash drives online, the ferry trojans will quietly implant mobile media. Once these people violate the regulations and insert mobile media such as USB flash drive into the computer of the internal working network, the ferry trojan will immediately infect the internal network and download confidential information to the mobile media. After completing this ferry, as long as the user connects this mobile medium to the networked computer again, the downloaded information will be automatically transmitted to the network spy at the control end.


    While carrying out cyber attacks, foreign spy agencies are also unscrupulously looking for available intelligence personnel on the Internet, and even clearly marked the price to buy our state secrets, which is extremely rampant. Some netizens were either lucky, lured or deceived, and were "dragged into the water" by foreign spies. Hong Feng is an office worker of an important scientific research department. In order to earn more income, he illegally searched for a part-time job on the Internet and disclosed his true identity. As a result, as soon as his personal information went online, he was targeted by Taiwan Province cyber spies with aliases of "Zhang Dafeng and zhangboss". Under the repeated inducements of the other side, Hong Feng couldn’t stand the temptation of money. He started from stealing internal publications for profit, and gradually collected and sold the confidential information of the department’s research and development of scientific and technological products according to the requirements of Taiwan Province spies, which caused great losses to China’s national security. After the incident, Hong Feng regretted it, but what awaited him was a solemn trial by law.


    Infiltration will not stop.


    The person in charge of the relevant department told the reporter that although the means of overseas spy departments are varied, from the situation we have mastered, almost all network theft has taken advantage of the loopholes in our network security management. In some units with important confidentiality responsibilities, a large number of state secrets are stored and operated in the internal computer office network, which is a classified network that must be physically separated from the Internet. However, in many units, the internal and external networks are not strictly separated, the internal network computers are connected to the Internet from time to time, and the use of mobile media on the internal network computers is also very casual. For the convenience of work, some secret-related units set a switch between the internal and external networks, which can be turned on when it needs to be connected with the external network, and turned off when it doesn’t need to be. However, in actual work, it is often forgotten to turn it off after it is turned on, leaving huge security risks. There are also some secret units that say that the internal network and the Internet are isolated, but in fact the so-called isolation is only logical isolation with a firewall, not physical isolation at all, and the firewall is always an opportunity for high-level network attackers, and things that break through the "wall" often happen.


    Last year, an overseas spy agency launched a cyber attack on the headquarters of a science and industry group in China to steal information. Relevant departments conducted special security technology tests on the internal working network of the group headquarters, and found that the computers of key departments and leadership were widely implanted into trojans of overseas spy departments. Further investigation is deeply disturbing: classified computers and non-classified computers in the unit are mixed, the internal work network and the external network are not physically separated, and hundreds of classified computers have been connected to the Internet, which is full of loopholes. Another institution undertaking major national scientific research projects, its network was also hacked by cyber spies of an overseas intelligence agency, and many scientific research materials were stolen. When carrying out network security inspection, it was found that there were thousands of network risk loopholes in this institution.


    China is in a period of rapid development of strategic opportunities, and anti-China forces will not stop their infiltration and sabotage activities because of their strategic attempts to contain China. In today’s network era, network security is an important part of national security. In the process of implementing networked office, institutions and units with great confidentiality responsibilities must pay equal attention to convenience, efficiency and security. Ignoring network security management and investment is bound to be full of loopholes, leaving opportunities for overseas cyber spies. At present, Taiwan Province’s spy intelligence agencies’ network rebellion and secret stealing activities are rampant, and other overseas spy intelligence agencies are also doing everything possible to engage in network rebellion and secret stealing activities. Anyone who asks for all kinds of information under all kinds of screen names on the internet and allows high prices must be a cyber spy who steals secrets. The majority of netizens must be vigilant, don’t be lucky, and must bear in mind that the French Open is long, sparse and not leaking. "If you don’t stretch your hand, you will be caught." (Source: Global Times)


     

Editor: Li Xingchi