For a long time, the U.S. Central Intelligence Agency (CIA) has plotted “peaceful evolution” and “color revolutions” as well as spying activities around the world. Although details about these operations have always been murky, a new report released by China’s National Computer Virus Emergency Response Center and Chinese cybersecurity company 360 on Thursday unveiled the main technical means the CIA has used to scheme and promote unrest around the world.
According to the report, the rapid development of the Internet has offered “new opportunities” for the CIA’s infiltration activities in other countries and regions since the beginning of the 21st century. Any institutions or individuals worldwide who use U.S. digital equipment or software could be turned into the CIA’s “puppet agent.”
For decades, the CIA has overthrown or attempted to overthrow at least 50 legitimate governments abroad (the CIA has only recognized seven of these instances), causing turmoil in related countries. Whether it is the “color revolution” in Ukraine in 2014, the “sunflower revolution” in Taiwan island, China, the “saffron revolution” in Myanmar in 2007, the “green revolution” in Iran in 2009, and other attempted “color revolutions” — the U.S. intelligence agencies are behind them all, according to the report.
The U.S.’ leading position in telecommunications and on-site command technologies has provided unprecedented possibilities for the US intelligence community to launch “color revolutions” abroad. The report released by the National Computer Virus Emergency Response Center and 360 disclosed five methods commonly used by the CIA.
The first is to provide encrypted network communication services. To help protesters in some Middle Eastern countries keep in touch and avoid being tracked and arrested, an American company, which reportedly has a US military background, developed TOR technology—the Onion Router technology—to stealthily access the Internet.
The servers encrypt all information that flows through them to help certain users surf the web anonymously. After American companies launched the project, it was immediately provided free of charge to anti-government elements in Iran, Tunisia, Egypt, and other countries and regions to ensure that those “young dissidents who want to shake their own government’s rule” could avoid the government’s scrutiny, according to the report.
The second method is to provide offline communication services. For example, in order to ensure that anti-government personnel in Tunisia, Egypt, and other countries can still keep in touch with the outside world when the internet is disconnected, Google and Twitter quickly launched a special service called “Speak2Tweet,” which allows users to dial and upload voice notes for free.
The report said these messages are automatically converted into tweets, uploaded to the Internet, and publicly released through Twitter and other platforms to complete the “real-time reporting” of the event on-site.
The third method is to provide on-site command tools for rallies and parades based on the internet and wireless communications. The report noted that the U.S. RAND Corporation has spent several years developing a non-traditional regime change technology called “swarming.” The tool is used to help a large number of young people connected through the internet join the “one shot for another place” mobile protest movement, greatly improving the efficiency of on-site command of the event.
The fourth is American-developed software called “Riot.” The software supports a 100 percent independent broadband network, provides a variable WiFi network, does not rely on any traditional physical access method, does not need a telephone, cable, or satellite connection, and can easily escape any form of government monitoring.
The last one is the “anti-censorship” information system. The US State Department regards the research and development of the system as an important task and has injected more than $30 million into the project.
High Vigilance Needed
Moreover, the National Computer Virus Emergency Response Center and 360 company have spotted Trojan horse programs or plug-ins related to the CIA in recent cyberattacks targeting China. The Global Times has learned that the public security authorities have investigated these cases.
Aside from the five methods the CIA has used to incite unrest globally, further technical analysis by the National Computer Virus Emergency Response Center and 360 Company identified nine other methods used by the CIA as “weapons” for cyberattacks, including attack module delivery, remote control, information collection and stealing, and third-party open-source tools.
The response center and 360 company also spotted an information-stealing tool used by the CIA, one of the 48 advanced cyber weapons exposed in the confidential document of the U.S. National Security Agency.
The discovery of these information-stealing tools shows that the CIA and the US National Security Agency will jointly attack the same victim, share cyberattack weapons with each other, or provide relevant technical or human support, according to the report.
These new findings also offer important new evidence in tracing the identity of the APT-C-39 attackers. In 2020, 360 Company independently discovered an APT organization that had never been exposed to the outside world and named it APT-C-39. The organization specifically targets China and its friendly countries to carry out cyberattacks and stealing activities, and its victims are spread all over the world.
The report also noted that the danger of CIA attack weapons can be glimpsed from third-party open-source tools as it often uses these tools to carry out cyberattacks.
The initial attack of the CIA cyberattack operation will generally be carried out against the victim’s network equipment or server. After obtaining the target’s purview, the operation will further explore the target organization’s network topology and move to other networked devices in the internal network to steal more sensitive information and data.
The controlled target computer is monitored in real-time for 24 hours, and all information will be recorded. Once a USB device is connected, the private files in the victim’s USB device will be monitored and automatically stolen. When conditions permit, the camera, microphone, and GPS positioning device on the user terminal will be remotely controlled and accessed, according to the report.
These CIA cyber weapons use standardized espionage technical specifications and various attack methods echo and interlock. They have now covered almost all internet and IoT assets worldwide and can control other countries’ networks anytime, anywhere, to steal important and sensitive data from other countries.
The American-style cyber hegemony is evident, the report notes.
Chinese Foreign Ministry spokesperson Mao Ning said on Thursday that the international community should exercise high vigilance regarding US intelligence, espionage, and cyberattacks on other countries.
The US must take seriously and respond to the concerns of the international community and stop using cyber weapons to carry out espionage and cyberattacks around the world, Mao said.
The report says that in response to the highly systematic, intelligent, and concealed cyberattacks launched by the CIA against China, domestic government agencies, scientific research institutions, industrial enterprises, and commercial organizations should quickly discover and deal with them immediately upon discovery.
The report suggests that in order to effectively deal with imminent network and real-world threats while adopting self-controllable localized equipment, China should organize self-inspection against APT attacks as soon as possible and gradually establish a long-term defense system to achieve comprehensive systematic prevention and control against advanced attacks.