Northwestern Polytechnic University

Northwestern Polytechnic University was founded in 1938 in Xi'an City. There are 13 institutes in SZPU, at the full-time department of the bachelor's degree, training is carried out in 52 specialties, in the master's degree - in 90 specialties, graduate school - 48 specialties.

History

2022

New details of NSA cyber attack

At the end of September 2022, China published a new report on the results of the investigation, which reveal even more details of cyber attacks on one of the Chinese universities undertaken by the US National Security Agency (NSA). According to the state edition of People's Daily, the NSA began with a man-in-the-middle attack (when a cybercriminal intercepts data transmitted between two companies or people) at Northwestern Polytechnic University.

A published report by China's National Computer Virus Response Center and cybersecurity company 360 outlined specific ways to carry out the alleged attack. The US National Security Agency (NSA) managed to penetrate the university's network, obtain the credentials of the people who worked there, which allowed the US agency to further penetrate the systems, the report claims.

China caught the NSA in hacking computers of the state university and told the details of the attack

While online, the NSA was able to gain further access to sensitive data, eventually remotely penetrating the telecom infrastructure operator's core data network, the report claims. As part of the attack, the US NSA was able to access people's data in China with sensitive data and send that information to the agency's headquarters in the United States.

A report by China's National Computer Virus Response Center and TV channel 360 cited several reasons the attack is attributed to the NSA. Of the various hacking tools used, 16 were identical to those posted online in 2016 by a group called Shadow Brokers, which managed to gain access to some of the NSA's techniques and techniques.

The attacks were found to come from the US NSA TAO unit, which thereby exposed its technical flaws and operational errors, the report said.

Earlier, an investigation showed that TAO used 41 types of cyber weapons in its cyber attacks on the Northwestern Polytechnic University of China.

The report reveals details of the process of TAO penetration into the internal network of a Chinese university. First using FoxAcid, a platform for attacking by intercepting messages and changing keys to penetrate the university's internal host computer and servers, TAO then gained control over several key servers using remote control weapons. As a result, they established control over some important network nodes, including internal routers and university switches, after which they stole authentication data.

Hiding on the university's operation and maintenance servers, TAO hacker programs stole several key network equipment configuration files that were used to "legally" monitor a number of network equipment and Internet users.

The Chinese investigation team found that TAO had seized the personal information of some people with confidential identification in mainland China. The information was sent to NSA headquarters through several servers.

NSA hackers carried out attacks during working hours in the United States and stopped during public holidays, such as Memorial Day for the Fallen - a public holiday in China. The report also says that the attackers used American devices and software, the hackers had an English-language OS, and they used devices to enter data, for example, a keyboard distributed only in the United States.^[1]

Theft of space data from the university

In early September 2022 Chinese , the National Computer Virus Response Center published a report stating that it National Security Agency USA had carried out attacks on Northwestern Polytechnic University in Xi'an. The attention of hackers was attracted by programs in the fields of aeronautics and space research.

It is stated that, starting from the end of 2019, the National Security Agency USA (NSA) has spent more than 10 thousand cyber attacks for Chinese purposes, collecting more than 140 GB of data of great value, the Chinese ministry said in a statement. In a June statement, Xi'an police said the university reported the discovery of phishing emails that pose a serious security risk to critical people. databases

Northwestern Polytechnic University

To investigate the attack, the China National Computer Virus Response Center and Internet security company 360 jointly formed a technical team to conduct a comprehensive technical analysis of the case. By extracting numerous samples of Trojans from Northwestern Polytechnic University's internet terminals with support from European and South Asian partners, the technical team initially determined that the cyberattack on the university was carried out by the Tailored Access Operations (TAO) division of the NSA Information Department's Bureau of Data Intelligence.

Various TAO departments consist of more than 1,000 active-duty US military personnel, network hackers, intelligence analysts, scientists, computer equipment and software developers, as well as electronic engineers. The entire organizational structure consists of one center and four departments. The Global Times learned from a source that the attack was codenamed "shotXXXX" from the NSA. Directly, the command and actions mainly include the head of the TAO, the remote operations center and the infrastructure tasks department. In addition, four other units were involved in the operation: the Advanced/Available Network Technology Division, the Network Data Technology Division, and the Telecommunications Network Technology Division, which provided technical support, and the Requirements and Location Division, which determined the attack strategy and intelligence assessment.

Technical analysis also found that TAO, before launching the attack, received the authority to manage a large amount of communication network equipment in China in collaboration with several large and well-known Internet enterprises in the United States, which facilitated the NSA's continuous invasion of China's important information network. Targeting Northwestern Polytechnic University, TAO used 41 weapons to steal basic technological data, including key network equipment configuration, network management data and basic operational data. The technical team found more than 1.1 thousand attack channels that penetrated the university and more than 90 operating instructions that stole many network device configuration files, as well as other types of logs and key files, the source said.

It found that 13 people from the United States were directly involved in the attack and more than 60 contracts and 170 electronic documents that the NSA signed with American carriers through a cover company to create an environment for cyber attacks, according to the source. Global Times also learned from a source that TAO used 54 jumpers and proxies in a network attack on Northwestern Polytechnic University, which were mostly distributed in 17 countries such as Japan, South Korea, Sweden, Poland and Ukraine, 70% of which are located in countries surrounding China such as Japan and South Korea.

For a long time, the NSA carried out covert hacker attacks on China's leading enterprises in various industries, governments, universities, medical institutions, research institutes and even important information infrastructure operations and maintenance units related to the national economy and human life support. The latest cybersecurity report, released on June 13, 2022 by Anzer, a cybersecurity information platform, showed that the US military and government cyber agencies have remotely stolen more than 97 billion units of global internet data and 124 billion telephone records over the past 30 days, which are becoming the main source of intelligence for the United States and other countries.

On June 29, 2022, China's National Computer Virus Emergency Response Center and "360" also revealed a weapons platform to attack vulnerabilities deployed by the NSA, which experts say is TAO's primary equipment, and targeted the world with a focus on China and Russia. The U.S. move raised widespread suspicions that the United States may be preparing for a larger cyber war, experts noted.^[2]

Notes