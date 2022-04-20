CIA CAUGHT USING CYBER WEAPON ‘BEEHIVE’ TO ATTACK, MONITOR GLOBAL KEY TARGETS – REPORT ALSO CLAIMS MALAYSIA, CANADA, FRANCE, GERMANY AMONG COUNTRIES USING EQUIPMENT TARGETED BY CIA TO ‘SET SEVERAL SPRINGBOARD & VPN CHANNELS BETWEEN MAIN CONTROL & TERMINAL HOSTS’
A cyber weapon jointly developed by the US’ Central Intelligence Agency (CIA) and defense giant Northrop Grumman has recently been exposed by Chinese cybersecurity experts.
The cyber weapon shows that the specter of the US military-industrial complex has fully penetrated international networks and it continues to foster the US’ hegemony in cyberspace, experts said.
According to a report sent to the Global Times on Tuesday by the National Computer Virus Emergency Response Center, the platform, named “Beehive,” is a powerful cyber weapon of the CIA characterized by advanced design and operations. The weapon clearly shows the CIA’s capabilities in the field of cyber warfare.
An expert from the center explained that the “Beehive” platform features are typical for US military malware. The platform can support remote scanning, vulnerability exploitation, concealed implantation, secret theft, file extraction, intranet penetration, and system destruction. It has unified command and control capabilities and displays artificial intelligence behavior.
“It demonstrates that the CIA’s cyber weapons for hacking foreign countries have become systematic, scalable, traceless and artificially intelligent,” the expert said.
“The platform is effectively concealed. The CIA attackers can use a client to send a ‘code word’ to the server to ‘wake up’ a potentially malicious code program and execute the instructions. In order to avoid intrusion detection, after sending the ‘code word,’ it will temporarily establish an encrypted communication channel according to the target environment, so as to evade technical monitoring,” he added.
To further conceal its espionage operations, the CIA has deployed network infrastructure related to the “Beehive” platform around the world. Monitoring data analyses show the CIA set several springboard and VPN channels between main control and terminal hosts, which are widely distributed in Canada, France, Germany, Malaysia, Turkey and other countries.
“Even though the victims found they have been attacked by the ‘Beehive’ platform, it is still very difficult for them to trace back its origins,” the expert said.
According to the report, the CIA established a global espionage system based on the “Beehive” platform and has conducted indiscriminate cyber surveillance on high-value targets and celebrities around the world, with targets covering government agencies, political parties, nongovernmental organizations, important military units, dignitaries, experts, as well as education, scientific research, communications and medical institutions.
The platform has been helping the CIA steal a large number of secret information from victim countries and control their important information infrastructure. It also helps the intelligence agency to access personal data from all over the world, which are needed by the US to maintain its hegemonic position.
This is the fifth cyber weapon used by the US government that has been exposed by Chinese experts in recent months. In March, Chinese cybersecurity experts for the first time disclosed a typical weapon used by the US National Security Agency (NSA) to target China. The weapon could monitor and hijack users’ social media accounts, emails and communication information.
The data stolen by the NSA around the world includes network profiles, account numbers and passwords, office and private documents, databases, online friends’ information, communications information, emails, real-time data from cameras and microphones.
Also in earlier March, China captured a spy tool deployed by the NSA, which is capable of lurking in a victim’s computer to access sensitive information and was found to have controlled global internet equipment and to have stolen large amounts of user information.
The Trojan horse, “NOPEN,” is a remote-control tool for Unix/Linux computer systems, which is mainly used for stealing files, accessing systems, redirecting network communication, and viewing a target device’s information.
The Global Times previously reported that the NSA has been launching cyberattacks against 47 countries and regions for a decade, with Chinese government departments, high-tech companies and military-related institutes among the key targets. Cybersecurity experts warned that under the surveillance of the NSA, the privacy and sensitive information of hundreds of millions of people around the world are exposed, “like running around naked.”
Chinese cybersecurity experts warned that this should serve as a reminder to the world that as long as the core hardware, operating system, key information infrastructure and application software of the world wide web are provided by US Internet companies, it is most likely that they contain all kinds of backdoor programs implanted by US hackers.
Once they become US’ targets, all online activities and data stored in online servers may become victims of US intelligence cyberattacks.
China captured a spy tool deployed by the US National Security Agency, which is capable of lurking in a victim’s computer to access sensitive information and was found to have controlled global internet equipment and stole large amounts of users’ information, according to a report the Global Times obtained from the National Computer Virus Emergency Response Center exclusively on Monday.
According to the report, the Trojan horse, “NOPEN,” is a remote control tool for Unix/Linux computer systems. It is mainly used for stealing files, accessing systems, redirecting network communication, and viewing a target device’s information.
Through technical analysis, the center believes that the “NOPEN” Trojan horse is characterized by complex technology, comprehensive functions and strong concealment, which can fit a variety of processor architectures and operating systems. It can also collaborate with other cyber weapons and is a typical tool used for cyber espionage.
The report came after the NSA was exposed to have been launching cyberattacks against 47 countries and regions for a decade, with Chinese government departments, high-tech companies and military-related institutes among the key targets. Under the surveillance of the NSA, the privacy and sensitive information of hundreds of millions of people around the world were exposed, like “running around naked.”
Cybersecurity experts told the Global Times that once the Trojan was planted into a victim’s computer, it would become a “lurker” waiting for the “code” and opening the “vault door” for hackers. The Trojan also could turn a victim’s computer into a bridge tower, allowing hackers to go deeper into the group where the victim works and grasp the company’s information.
According to the center’s report, the “NOPEN” can remotely control most existing network servers and terminals, which can be manually implanted by attackers, or cyberattack platforms by the NSA. It can execute a variety of instructions such as information theft and destruction.
Evidence shows that the NSA used the “NOPEN” Trojan horse to control a large number of internet devices around the world and steal user privacy data, which has caused inestimable losses.
According to internal NSA documents leaked by hacking group Shadow Brokers, “NOPEN” is one of the powerful weapons used by the NSA’s Tailored Access Operations (TAO) to attack and steal secrets.
“As the research and development arm of the world’s top military power, the NSA cannot develop weapons that rust in their arsenals,” a Chinese cybersecurity expert told the Global Times on condition of anonymity. “The international community has learned from the PRISM scandal that the US military intelligence agency has been conducting network monitoring and cybertheft of countries around the world for a long time, and these cyber weapons are an important means of its implementation of network monitoring.”
In April 2017, the Shadow Brokers released a large number of cyberattack tools developed by the NSA. As the NSA is affiliated with the US Department of Defense, the tools are widely believed to be used for military purposes as “cyber weapons.”
For example, on May 12, 2017, the worldwide WannaCry ransomware used EternalBlue, a computer exploit developed by the NSA to attack unpatched computers, which brought serious damage and data loss to many enterprises and individuals, according to media reports. The incident enabled the international community to witness for the first time the terrible power of cyber weapons, but such weapons of mass destruction are only the tip of the iceberg in the NSA’s vast arsenal.
“The vast majority of the NSA’s arsenal consists of stealth fighters and submarines that can easily attack victims without theirknowledge,” the anonymous expert said, noting that the “NOPEN” Trojan horse is the main weapon of the NSA’s arsenal.
The expert said the center’s report sounds an alarm to the world as there are likely a large number of undetected victims online, who face long-term and serious cybersecurity risks. The leakage and proliferation of these cyber weapons further aggravate the increasingly severe network security situation, seriously endanger the overall security of the cyberspace, turning military confrontation in cyberspace into a “zero-sum” game.
