GT investigates: How US threatens global internet security through decades of cyber surveillance, attacks
Surveillance empire
Published: May 11, 2023 08:22 PM Updated: May 12, 2023 12:01 AM
Photo: VCG

Photo: VCG

Editor's Note:

It has been a decade since the PRISM scandal which enraged the world was exposed by Edward Snowden. Under the guise of so-called national interests, the US government and its related intelligence agencies utilize their technological and first-mover advantages to conduct cyber surveillance and attacks around the world. 

Relying on its hegemony in cyberspace, the US has used cyber capabilities as one of its tools in hybrid warfare. Just like other tools such as economic sanctions, terrorist activities, and military intervention, the US has used cyberwar to interfere in other countries’ internal affairs and achieve its own political goals. To maintain its hegemony, the US has conducted “digital colonization” over other countries and committed various convert crimes, making itself a “surveillance empire”, an “attacking empire” and a “bullying empire.”

In this series, the Global Times will closely look into how this veritable "surveillance empire" gradually damages global cyber security through its intelligence network, which has in turn severely hurt its own reputation and credibility. This is the first installment.
Recently leaked Pentagon documents have once again exposed to the world the ugly face of US espionage campaigns orchestrated against other countries. While maintaining the close surveillance of both its "enemies" and allies, the US has extended its evil hand to almost every corner of the globe.

For years, the US has conducted large-scale surveillance and launched cyberattacks targeting overseas governments, companies, and individuals with its technological advantages and vast intelligence network, a severe violation of International Law and the basic norms governing international relations. Worse still, the US paints itself as the victim while perpetrating these villainous acts, by defaming other countries including China with groundless accusations. 

Last month, China's Cybersecurity Industry Alliance (CCIA) released a report titled "Review of Cyberattacks from US Intelligence Agencies - Based on Global Cybersecurity Communities' Analyses."

The report details the malicious behavior of the US in conducting long-term cyberattacks and surveillance worldwide, such as attacks against key infrastructure in other countries, indiscriminate cyber theft and monitoring, and implantation of backdoor pollution standards and supply chain sources.

The report lays out evidence that reveals the true nature of the US' role as the world's biggest secret information stealer and "hacker empire," Qin An, deputy director of the expert committee of counter-terrorism and cyber security governance, China Society of Police Law, told the Global Times on Wednesday.

The US' behaviors have greatly damaged order in cyberspace, and destroyed the already fragile trust between countries, commented Tang Lan, director of Center for Cyberspace Security and Governance Studies at China Institutes of Contemporary International Relations.

"Its evil deeds have added much uncertainty to the international situation," Tang told the Global Times.

A spotty history

In September 2022, China's National Computer Virus Emergency Response Centre revealed the US' long-term cyberattack against the Northwestern Polytechnical University (NPU) in Northwest China's Shaanxi Province. The cyberattack was aimed at "infiltrating and controlling core equipment in China's infrastructure and stealing sensitive personal data tied to Chinese people," a source close to the matter told the Global Times at the time.

That was just the tip of the iceberg. For over a decade, the US has been monitoring 45 countries and regions through the advanced and covert backdoor "Telescreen" (Bvp47) created by Equation, an elite hacking group affiliated with the US government. It sparked global outrage when it was exposed by Chinese cybersecurity experts for the first time in early 2022.

The incident reminded the public of the more widely-known PRISM, as researchers found multiple programs and attack manuals that, when reviewed, matched the unique identifiers used in the operating manuals of cyberattack platforms under US' National Security Agency (NSA). The latter was exposed by former Central Intelligence Agency (CIA) analyst Edward Snowden in 2013, as a small part of the then international PRSIM scandal.

In June, 2013, The Guardian became one of the first media outlets to report on the US' secret program code-named "PRISM" that Snowden exposed. The exposé revealed that nine US internet giants, including Microsoft, Yahoo, Google, and Apple, cooperated with the US government in secretly monitoring phone records, emails, videos, and photos, and NSA even hacked into the networks of several countries like Germany and South Korea.

"The subsequent series of leaked documents jointly exposed that the monitoring and network intrusion operations had been implemented by the US government for a long time," noted the CCIA report.

Later, in June 2015, Snowden exposed documents revealing how intelligence agencies in the US and the UK had worked together to subvert anti-virus and other security software in order to track users and infiltrate networks. The infuriating project, named CAMBERDADA, mainly used the traffic acquisition ability of the US in the invasion of global operators to monitor communications between users and anti-virus companies, such as Skyscraper in Russia, to obtain new virus samples and other forms of information, the CCIA report said.

According to an article published on The Intercept news website that month, a leaked 2010 presentation on "Project CAMBERDADA" listed 23 additional anti-virus companies from all over the world under "More Targets!" China's Antiy was on the list.

The revelation once again sparked wide outrage, as observers warned that the project and its so-called "target list" would further divide the already frayed global security industry.

It's hard to exactly track how the US started its dishonorable cyber campaigns. The "Stuxnet" computer worm, which US intelligence agencies used in attacking Iran's nuclear facilities in 2010, was regarded by the cybersecurity industry as "the world's first cyber weapon."

The development of the Stuxnet virus allegedly began in 2005. In 2010, Stuxnet reportedly "destroyed almost one-fifth of Iran's nuclear centrifuges, infected over 200,000 computers, and caused 1,000 machines to physically degrade," according to data Kaspersky shared on its website.

That year, the US "opened the Pandora's box of cyberwar," commented the CCIA report.

Former French prime minister Francois Fillon reveals at a hearing on May 2, 2023 that the US National Security Agency had spied on his conversations with former French president Nicolas Sarkozy from 2007 to 2012. Photo: IC

Former French prime minister Francois Fillon reveals at a hearing on May 2, 2023 that the US National Security Agency had spied on his conversations with former French president Nicolas Sarkozy from 2007 to 2012. Photo: IC

Vast surveillance network

According to a report by a US media outlet in April, US intelligence agencies spend as much as $90 billion in a year. Behind the vast surveillance network in the US are intelligence agencies such as the NSA and CIA, which have repeatedly cited national security as a pretext for violating the sovereignty of other countries and infringing on the privacy of their citizens.

The Office of Tailored Access Operation (TAO) under the NSA that was involved in the NPU event has been conducting attacks against China by penetrating Chinese computer and telecommunications systems for decades.

TAO was established in 1998 and is currently a tactical implementation unit within the US government that specializes in large-scale network hacking and espionage against other countries. It is comprised of over 2,000 military and civilian personnel, according to a joint technical analysis and tracking investigation by the National Computer Virus Emergency Response Center and 360 Security Technology in September 2022.

TAO's mission is simple - "it collects intelligence information on foreign targets by surreptitiously hacking into their computers and telecommunications systems, cracking passwords, compromising the computer security systems protecting the targeted computer, stealing the data stored on computer hard drives, and then copying all the messages and data traffic passing within the targeted email and text-messaging systems," according to Foreign Policy, quoting former NSA official Matthew M. Aid.

The US used 41 kinds of dedicated cyberattack weapons to launch thousands of attacks in a bid to steal core technology data from NPU. Additionally, the US has long engaged in indiscriminate voice monitoring of Chinese mobile phone users, illegally accessing text messages, and conducting wireless location tracking.

Apart from cyberattacks targeting China, the conflict between the US and Russia in cybersecurity is also well-known. According to reports, General Paul Nakasone, the head of the NSA, has confirmed that US military hackers conducted cyberattacks against Russia in support of Ukraine. 

For some time, in the name of capacity building, the US has been trying to cajole relevant countries, especially China's neighbors, into cybersecurity cooperation with it. It even pursues the so-called "Forward Deployment" of cyber military forces. "Will such cooperation open the back door for malicious US cyber activities? Will such moves turn out to be chess pieces as the US instigates geostrategic rivalry? Relevant countries will judge for themselves," Wang Wenbin, spokesperson of the Chinese Foreign Ministry, told the Global Times on April 20, 2022 in response to the National Computer Virus Emergency Response Center alerting countries on the cyberattacks conducted by the US government.

Internet banditry

Scandals like the PRISM have shown that, apart from its intelligence agencies, many internet enterprises are also forced or tricked by the US government into the expansion of its cyber surveillance and attack network.

To serve its intelligence gathering and development of cyber weapons, the US reportedly installed backdoors in various hardware and software products, which is no more than an outright banditry, condemned cybersecurty experts reached by the Global Times.

For instance, media revealed in February 2020 that the CIA and Germany's Federal Intelligence Service (BND) were able to read encrypted communications from Crypto AG, a Swiss company that produced encryption systems for many governments, by jointly adding backdoors to Crypto AG's encryption products.

According to a CIA report mentioned in a Washington Post article in February 11, 2020, the operation was dubbed the "intelligence coup of the century."

Qin said that by using its management power of the Internet, US intelligence agencies have designed special backdoors and inserted them into products which were previously submitted to the CIA for a routine check before being approved for exportation, providing direct access to other countries' networks. It therefore becomes risky for enterprises in other countries to use products developed by American entities.

"With the decline of American hegemony in real space, the country will take bolder moves in cyberspace," Qin predicted.

In a bid to further malign other countries including China, in May 22, 2020, the US Department of Commerce added 33 Chinese companies to its entity list, most of which are companies focusing on AI technology and are providers of network communication services, such as Qihoo 360 and Cloudminds, alleging that these companies could threaten US national security and foreign policy.

However, experts close to Chinese network communication and cyberspace security reached by the Global Times said that these Chinese companies do not spy on other countries, nor do they have the ability to insert backdoors into the cyberspace of the US.

The US's behavior of including some Chinese technology companies on its entity list is a typical case of technological bullying, Qin said. 

All these facts have repeatedly revealed the true face of the US as a bullying power and exposed who is responsible for insecurity and instability in cyberspace, Tang pointed out.