This Trojan that controls the world's vast array of devices will keep your information doors open
After the NSA's (NSA) cyber attacks against hundreds of millions of citizens and industry leaders around the world for more than a decade were exposed, another major piece of equipment in the NSA's cyber attack arsenal was exposed. The National Computer Virus Emergency Response Center officially released the US National Security Agency's special "NOPEN" remote Trojan technical analysis report on the 14th, exposing the network espionage methods of the US intelligence department to the world. The Global Times reporter noted that according to the report, once the "NOPEN" remote Trojan is implanted in the victim's computer, it will become a "lurker", opening the "vault door" to the attacker at any time, and all kinds of confidential data and sensitive information are "at a glance". There is evidence that the Trojan has controlled a large number of Internet devices around the world, stealing a huge amount of user privacy data.
The National Computer Virus Emergency Response Center restored the attack process of the "NOPEN" Trojan through technical analysis. The report pointed out that the "NOPEN" Trojan tool is a remote control tool for Unix/Linux systems, mainly used for file theft, system authority, network communication redirection and viewing of target device information, etc., and is the main tool for the NSA to remotely control the internal network nodes of the victim units of the Us National Security Agency Access Technology Operations Division (TAO). Through technical analysis, the National Computer Virus Emergency Response Center believes that the "NOPEN" Trojan tool coding technology is complex, comprehensive, concealed, adapted to a variety of processor architectures and operating systems, and adopts a plug-in structure, which can interact and collaborate with other network weapons or attack tools, which is a typical weapon tool for network espionage.
Relevant network security experts told the Global Times reporter that once this malware is implanted in the victim's computer, it will become a "lurker", waiting for the "secret code" to wake up at any time, and open the "vault door" to the attackers, all kinds of confidential data, sensitive information "at a glance", and can also use the victim's computer as a "bridgehead", the victim's internal network of the unit to make a breakthrough layer by layer, until the full control of all the information in the victim's unit's internal network.
Figure: The master connects to the target controlled side
The report shows that the "NOPEN" remote Trojan has a very high level of technology, can remotely control most of the existing network servers and network terminals, which can be manually implanted by attackers, or automatically implanted by the US National Security Agency's network attack weapon platform into the victim's Internet device, and can secretly perform a variety of control instructions such as stealing secrets and sabotage in the victim's intranet, and continue to complete espionage tasks in the target network. There is evidence that the US National Security Agency used the "NOPEN" remote Trojan to control a large number of Internet devices around the world, stealing a huge amount of user privacy data, causing incalculable and serious losses.
Figure: The console console. After the host and the hosted side successfully establish a connection, the attacker can send instructions to the managed side through the host console
It is worth noting that according to the internal documents of the US National Security Agency leaked by the hacking group Shadow Brokers, the "NOPEN" Trojan tool is a network weapon developed by the US National Security Agency, which is a powerful and comprehensive Trojan tool and one of the main battle cyber weapons used by the US National Security Agency's Access Technology Operations Division (TAO) to attack and steal secrets.
"As the R&D institution of the world's top military powers, the weapons developed by the NSA naturally cannot be rusted in the arsenal." Network security experts said that from the "Snowden" incident, the international community has learned that the US military intelligence agencies have long carried out network surveillance and network theft on countries around the world, and these network weapons are an important means for them to implement network surveillance.
In April 2017, Shadow Brokers unveiled a large number of cyber attack tools developed by the NSA, which is affiliated with the U.S. Department of Defense, so these cyber attack tools are entirely military and are well deserved to be called "cyber weapons." For example, on May 12, 2017, the "Eternal Blue" ransomware virus swept the world in a short period of time, just like the "new crown virus" in cyberspace, causing serious economic losses and data losses to many enterprises and individual users. To this day, the Eternal Blue series of ransomware viruses has not been completely eliminated. Cybersecurity experts say it's well known that the Eternal Blue virus has such a powerful spread and destructive power precisely because it originated from a super exploit tool called Eternal Blue in the NSA's cyber arsenal. The Eternal Blue incident gave the international community the first time to witness the terrible power of cyber weapons, but this "mass destruction" weapon is only the "tip of the iceberg" in the N.S.A.'s vast cyber arsenal.
"In fact, the vast majority of the equipment in the N.S.A.'s arsenal is all kinds of 'stealth fighters' and 'stealth submarines' that come and go without a trace, and can easily 'probe for things' without the victims' knowing it." Cybersecurity experts told the Global Times reporter that the "NOPEN" Trojan disclosed by the National Computer Virus Emergency Treatment Center is one of the main equipment in the NSA arsenal.
In addition, the Global Times reporter learned that according to the technical analysis of the National Computer Virus Emergency Treatment Center, the "NOPEN" Trojan has been confirmed to be effective against a variety of mainstream computer environments. Cybersecurity experts believe that there is reason to believe that there are likely to still be a large number of undiscovered victims on the network, who face long-term and serious cybersecurity risks. Moreover, the leakage and proliferation of these network weapons have further aggravated the increasingly severe network security situation, seriously endangering the overall security of the international Internet, and military confrontation in cyberspace is bound to be a "zero-sum game".
Global Times-Global Network/Tingjing Zhao
Source: World Wide Web