On the morning of the 15th, CCTV News announced that the 9th Asian Winter Games held in Harbin this February suffered cyber attacks from abroad. With the support of relevant countries, and after continuous efforts by technical teams, they traced the cyber attacks on the Asian Winter Games to three agents of the U.S. National Security Agency (NSA) and two American universities.
April 15th marks China's tenth "National Security Education Day."
The Harbin Municipal Public Security Bureau announced the full names of the three American agents and publicly offered a reward for their capture. The wanted notice did not disclose the photos of the three American agents or specify the reward amount.
According to the report, through layer-by-layer tracing by technical teams, it was found that the cyber attack on the Asian Winter Games was a carefully organized operation by the U.S. National Security Agency. This operation was carried out by the Office of Tailored Access Operations (TAO), code-named S32, under the Data Reconnaissance Bureau (code-named S3) of the Information Intelligence Division (code-named S) of the U.S. National Security Agency.
CCTV News indicated that the U.S. National Security Agency's Office of Tailored Access Operations concealed the source of their attacks and protected the security of their cyber weapons by relying on multiple covering institutions to purchase a batch of IP addresses from different countries and anonymously rented a large number of network servers located in countries and regions in Europe and Asia.
The investigation found that the NSA's pre-game attack behavior mainly focused on important information systems such as the Asian Winter Games registration system, entry and exit management system, and competition registration system. These systems were used for pre-event related work and stored sensitive identity information of many event-related personnel. The NSA intended to use cyber attacks to steal the personal privacy data of participating athletes.
Cyber Attacks Peaked on February 3
The report stated that starting from the first ice hockey game on February 3, the NSA's cyber attacks reached a peak, focusing on event information release systems (including API interfaces), exit and entry management systems, and other critical information systems that ensure the smooth operation of the event process. The NSA sought to damage these systems and disrupt the normal running of the Asian Winter Games.
At the same time, the NSA also conducted cyber attacks on important industries within Heilongjiang Province, such as energy, transportation, water resources, communications, and defense research institutions, intending to damage China's critical information infrastructure, cause social order chaos, and steal important confidential information in related fields.
The NSA primarily launched cyber penetration attacks around specific application systems, critical information infrastructure, and key departments, covering hundreds of known and unknown attack methods. Their advanced attack techniques included unknown vulnerability exploitation, file-read vulnerabilities, short-term high-frequency targeted detection attacks, backup and sensitive file path probing attacks, brute force password attacks, etc., with clear targets and intentions.
Technical teams also discovered that during the Asian Winter Games, the NSA sent unknown encrypted bytes to specific devices based on the Microsoft Windows operating system within Heilongjiang Province, suspected to wake up or activate specific backdoors reserved in the Microsoft Windows operating system in advance.
Through continuous efforts and tracing, China successfully identified the three NSA agents involved in cyber attacks on the Asian Winter Games: Catherine Wilson, Robert Snell, and Stephen Johnson. Further investigation revealed that these three agents had repeatedly launched cyber attacks on China's critical information infrastructure and participated in cyber attacks on companies like Huawei.
Two Universities Involved in Cyber Attacks
Technical teams also found that the University of California and Virginia Tech, both with NSA backgrounds, were involved in the cyber attacks.
The Harbin Municipal Public Security Bureau stated that in order to strictly combat cyber attack and espionage crimes by foreign forces against China and to effectively safeguard China's national cyber space security and people's lives and property, the Harbin Municipal Public Security Bureau decided to publicly offer a reward for the capture of the above three NSA-related criminal suspects. The bureau called on Chinese citizens to actively provide clues, and for informants who provide effective leads or personnel who assist the Public Security Bureau in capturing the criminal suspects, China’s law enforcement agencies will offer a monetary reward.