Exclusive: China identifies the culprits behind cyberattack on Wuhan Earthquake Monitoring Center; a secretive US global reconnaissance system to be exposed
Published: Aug 14, 2023 09:30 AM
Du Zhenhua

Du Zhenhua

New progress has been made on an investigation into a cyberattack incident targeting the Wuhan Earthquake Monitoring Center affiliated to the city's Emergency Management Bureau, after a joint investigation team formed by the National Computer Virus Emergency Response Center (CVERC) and Chinese cybersecurity company 360 discovered malicious backdoor software that exhibits characteristics of US intelligence agencies, the Global Times learned on Monday. Chinese authorities will publicly disclose a highly secretive global reconnaissance system of the US government, which poses a serious security threat to China's national security and world peace.

On July 26, the Wuhan Earthquake Monitoring Center reported that some front-end station collection points of the earthquake reporting data had been implanted with backdoor programs, attracting widespread attention. The CVERC and the company 360 immediately formed a joint investigation team to go to Wuhan for investigation and evidence collection.

Du Zhenhua, a senior engineer from the CVERC, told the Global Times that the team has found very complex backdoor malware in the victim's network, fitting the characteristics of US intelligence agencies, highly concealed, and aiming to steal earthquake monitoring-related data, with a clear military reconnaissance purpose.

Xiao xinguang

Xiao Xinguang

Why target earthquake monitoring system? 

Du explained that China is a country seriously affected by earthquake disasters, with multiple occurrences causing severe loss of life and property. "Therefore, China attaches great importance to earthquake monitoring and early warning. In order to improve the monitoring and early warning capability of geological disasters, earthquake monitoring data includes not only basic information like magnitude and epicenter but also rich geographical and geological data such as surface deformation and hydrological monitoring," Du said. 

These data also hold high value as military intelligence. Hence, the cyberattack on the earthquake monitoring center by US intelligence agencies was a planned and premeditated cyber military reconnaissance action, the expert noted. 

Xiao Xinguang, a member of the National Committee of the Chinese People's Political Consultative Conference (CPPCC) and also the chief software architect of leading anti-virus company Antiy Labs, further explained to the Global Times that although the location, magnitude, and depth are publicly released information, they are based on the calculations from multiple sensors. 

"The comprehensive vibration and sound wave data collected by these sensors, especially infrasound data, have significant intelligence value for judging geological terrain, analyzing weapons system tests, and nuclear tests," Xiao said. 

Furthermore, this is just one of the reasons the US targets earthquake monitoring and other systems with cyberattacks. Xiao also analyzed that the current information gathering is only one type of  behaviors that have been exposed. 

There are still many information theft instances targeting other fields that have not yet come to the surface. By leveraging its global comprehensive reconnaissance ability, along with various means of intrusion, theft, and other comprehensive measures to obtain all kinds of telemetry data, and combining other multi-source auxiliary data, it forms the ability to analyze, judge, attribute, and locate China's economic, social operations, and even military actions.

Causing social panic

Experts believe that cyberattacks on civil infrastructure, including earthquake monitoring systems, can lead to serious consequences.

Du underlined that if the attackers maliciously damaged earthquake monitoring system, it would become ineffective in providing accurate data during an earthquake. This would impact earthquake early warnings and disaster assessment work, leading to more severe loss of life and property. 

"Even more dangerous is that if the attackers tamper with the earthquake monitoring data, triggering false alarms, it could lead to social panic and disorder, resulting in casualties among innocent people," Du said. 

The remote sensing and telemetry systems and data are national strategic resources that must be given priority protection, Xiao said. "These data can display the basic operation of our country's economy and society from macro to micro levels and provide comprehensive support for integrated decision-making and emergency response. They are the supporting resources for territorial safety and national security."

"US intelligence agencies not only actively collect various signal intelligence but have also long obtained other countries' comprehensive earth system science remote sensing and telemetry data as strategic intelligence through various means. This includes sharing through allied intelligence mechanisms, coercing high-tech companies to provide it, and using academic and scientific research activities," Xiao said. 

He also explained that the discovery of the cyberattack on Wuhan earthquake monitoring center was not accidental, indicating that cyberattack intrusion and theft have become the lowest-cost way for the US to obtain other countries' remote sensing and telemetry data. 

The US has developed a series of signal intelligence collection, analysis, and processing systems, such as the Echelon project for electromagnetic signal spying, the Main Core project for telecommunications operators, and the PRISM project's super access interface for large IT and internet manufacturers.

"After many years of continuous tracking with relevant departments, we will soon publicly disclose a global reconnaissance system of the US government, which poses serious security threats to China's national security and world peace. We must be highly vigilant and tightly guard against this," Xiao said. 

Violating international law

In fact, a plethora of internal documents from the National Security Agency (NSA) and Central Intelligence Agency (CIA) exposed in events such as Prism, Shadow Brokers and WikiLeaks reveal that the US, as a real "hacker empire" and "spying empire," targets "indiscriminately" (including its allies) in its cyber intelligence collection activities. Civil institutions and individuals worldwide are its targets for cyberattacks, fully exposing the US' double standards and hypocrisy on human rights issues.

Du further stated that the US military intelligence agencies' use of their information technology advantage to launch cyberattacks on civilian infrastructure is a criminal act in clear violation of international law, seriously infringing on China's national security and public interest. 

"In fact, for a long time, the US' cyberattacks on China's key information infrastructure have been all-encompassing, with government agencies, universities, research institutions, and large corporations all being targeted by its cyberespionage activities. The US is attempting to use these unfair means to comprehensively steal China's political, economic, military, and diplomatic sensitive information, to contain China's development and progress, and to maintain the US' world hegemony," he said. 

As a veteran expert in computer virus prevention technology and emergency response, Du suggested that if China's key information infrastructure is attacked with state-backed hackers, relevant units must report the cyberattack to relevant authorities immediately; build cybersecurity capabilities; strengthen supply chain security management, increase autonomous control abilities; conduct regular cybersecurity drills to improve emergency handling and recovery abilities.

Xiao believed that although China's overall cybersecurity  ecosystem is still relatively small in market size, overall, it's complete in technology categories without obvious weaknesses. "In continuous confrontation with threats, especially in identifying, analyzing, and exposing advanced persistent cyberattacks, including those from the US, many excellent Chinese cybersecurity  companies have demonstrated their abilities, becoming the industry's supporting force in safeguarding national security and defending the security of the cyberspace community."

China does not need to underestimate itself in terms of cybersecurity  capabilities, he noted. "We can establish more ambitious goals, become a competent force in the national governance system, create a capability advantage compared to main geopolitical competitors, and not become a significant constraint and risk vulnerability, even when facing comprehensive suppression by hegemonic states or in high-intensity security conflicts. 

"We can achieve an overall risk controllable state by strengthening the construction of the public service attributes of cybersecurity , and enhancing the construction of common security capabilities, resilience mechanisms, and cybersecurity  infrastructure," Xiao said.