File Photo:VCG

There is no secure system against the cyberattack capabilities of the US, a Chinese technology company that has been tracking and analyzing global advanced persistent threats (APT) for years told the Global Times, saying the US uses a combination of manpower, electromagnetic and cyberspace operations to achieve an optimal attack.

A spy tool deployed by the US National Security Agency (NSA) called NOPEN, which is capable of lurking in a victim's computer to access sensitive information, was revealed on Monday. 

However, cyberspace is only one of the US' gateways to espionage, said Li Baisong, deputy chief engineer of Antiy Labs, a Chinese technology company that works on cyberspace security.

The NSA has developed a systematic network attack platform and a library of formalized attack equipment with the Office of Tailored Access Operations (TAO) as the main user of these offensive equipment. The Advanced Network Technology (ANT) division of the TAO owns no less than 48 types of network offensive equipment, Li told the Global Times.

"ANT attack equipment set is a batch of offensive equipment systems successively installed by the US around 2008, basically covering mainstream desktop hosts, servers, network equipment, network security equipment, mobile communication equipment and others. The forms of equipment include malicious payloads, computer peripherals, signal communication equipment," said Li, noting that these devices can be used in combination in a complex attack.

Li mentioned that the advantage of the US in cyber attack equipment stems from its operational objectives that attempt to cover all mainstream IT scenarios with continuous huge investment over the years, and in-depth information sharing support from major IT companies in the US.

Additionally, Li pointed out that the US tends to conduct comprehensive preliminary investigation and information collection before launching cyberattacks. He claimed that the US worked for four years to prepare the reported Stuxnet attack on Iran's nuclear facilities in 2010, thoroughly infiltrating Iran's basic industrial institutions including equipment manufacturers, suppliers and software developers, and comprehensively simulating Iran's nuclear industry system.

Malicious software of the US also cover all operating system platforms, Li said, noting that it has been found in various platforms like Windows, Linux, Solaris, Android, OSX and iOS. 

There is no safe system against the online attack capabilities of the US, Li added.