New report uncovers cyber espionage, disinformation campaign conducted by US gov't agencies

U.S. intelligence agencies have carried out cyber espionage activities around the world and launched "false flag" operations to mislead investigators and researchers and frame "adversary countries," according to a report released by Chinese cybersecurity agencies on Monday.

The report is the third of its kind released by the National Computer Virus Emergency Response Center and the National Engineering Laboratory for Computer Virus Prevention Technology, and contains new revelations about cyber espionage operations targeting China, Germany and other countries, that were launched by the U.S. government, intelligence agencies and Five Eyes nations.

It reveals how the United States has been actively pursuing a "Defensive Forward" strategy in cyberspace, employing "Hunt Forward" tactics, which involves deploying cyber warfare units near adversaries' territories to conduct close-in reconnaissance and network infiltration. To facilitate these operations, U.S. intelligence agencies developed a covert toolkit codenamed "Marble" designed to mask their malicious cyber activities and shift blame to other nations, according to the report.

"Marble's primary function is to obfuscate or even erase identifiable characteristics within the code of cyber weapons like spyware or malware. This effectively removes the developer's fingerprints, akin to altering the rifling of a firearm, making it extremely difficult to trace the weapon's origin technically," said Du Zhenhua, senior engineer at China's National Computer Virus Emergency Response Center.

Analysis of Marble's source code and annotations by technical teams reveals it to be a classified weapons development program, originating no later than 2015, and deemed too sensitive to share with foreign entities. The framework employs over 100 obfuscation algorithms, replacing readable variables and strings with unidentifiable content and inserting distracting characters, Du explained.

"As you can see, this includes Arabic, Chinese, Russian, Korean, and Persian. After obfuscating the data in the buffer, it writes the buffer's contents to a specified location or into a program file. This allows for the deliberate insertion of traces of this network weapon," he said.

Other experts noted the complexity of these attacks which seek to cloud evidence of where they originate.

"This is actually a fairly common tactic in cyber attacks. It's like organization 'A' is disguising itself as organization 'B', and this kind of deception can occur in many different aspects. For instance, it can be used during the setup of command and control servers or in the development of espionage trojans. This makes tracing the attack back to its source very challenging," said Li Baisong, Deputy Director of the Technical Committee at Antiy Labs, a Chinese anti-virus research firm.

The report said these deceptive tactics allow U.S. cyber warfare units and intelligence agencies to operate under false identities, conducting cyberattacks and espionage globally while attributing these actions to non-allied nations.

It identifies the so-called "Volt Typhoon" campaign as a prime example of a meticulously crafted disinformation or "false flag" operation, aligning with the tactics employed by the U.S. and other Five Eyes intelligence agencies.

The report reveals that the U.S. government fabricated the "Volt Typhoon" narrative, attributing it to Chinese actors, to maintain the warrantless surveillance powers granted under Section 702 of the Foreign Intelligence Surveillance Act (FISA). This authority allows U.S. agencies to conduct indiscriminate and unrestricted surveillance on global internet users, including direct access to data from U.S.-based internet companies' servers, effectively making the U.S. a "peeping Tom" in cyberspace, the report alleges.

According to classified National Security Agency (NSA) documents, the U.S. leverages its advantageous position in internet infrastructure, controlling key internet nodes like transoceanic cables, and has established seven national-level full-traffic monitoring stations. In close collaboration with the UK's National Cyber Security Center, the U.S. intercepts, analyzes, and steals data transmitted through these cables, enabling indiscriminate surveillance of global internet users, the report says.

"Through extraction, aggregation, restoration, decoding, and decryption of the digital signals in these cables, they can obtain the voice, text, and video information in the cable communications, even sensitive intelligence using the original passwords. The beneficiaries are not only the U.S. government and its military and intelligence agencies, but also its intelligence cooperation partners, especially the Five Eyes alliance countries," said Du.

To transform the stolen data into readable and searchable intelligence in real-time, the U.S. National Security Agency has implemented two key project - "Upstream" and "Prism". "Upstream" extracts the raw network communication data from the undersea cables, while "Prism" conducts in-depth analysis and categorization of the data pool.

"The 'Upstream' project, as its name suggests, extracts raw network communication data from undersea cables, accumulating it into a massive data repository for subsequent in-depth analysis. The Prism program builds upon 'Upstream,' conducting deep analysis and classification of the traffic within this data pool. These two projects are complementary and integral components of the U.S.' network surveillance program," said Du.

According to cybersecurity experts, to overcome challenges such as decrypting data and incomplete coverage of network communication paths in the 'Upstream' project, the U.S. government also leverages Prism Program to directly obtain user data from the servers of major U.S. internet companies like Microsoft, Yahoo, Google, Facebook, and Apple.

Experts also pointed out that both the Upstream and Prism programs operate under the authority of FISA Section 702, making this clause the legal basis for the U.S. government's continuous, global internet surveillance and solidifying its reputation as a "surveillance empire."

New report uncovers cyber espionage, disinformation campaign conducted by US gov't agencies

⁠⁠⁠⁠⁠⁠⁠An European media industry leader highlighted the transformative influence of artificial intelligence (AI) on the industry, stressing the importance of exchange and cooperation among global media outlets.

The 12th Global Video Media Forum (VMF) opened in Quanzhou City on Tuesday. The two-day event has brought together around 200 representatives from mainstream media and international organizations across more than 60 countries and regions to the historic coastal city under the theme "Intelligence Without Frontiers, Vision Beyond The Horizon - Media's Role in Communication and Cultural Exchange."

In a sidelines interview with China Global Television Network (CGTN), Adrian Wells, Managing Director of the European News Exchange, a global news provider, shared his insights on how embracing AI and fostering media cooperation can further improve the industry.

"In the professional broadcast and digital industry, we have enough intelligence to know that we have to embrace this technology. We have to take the best parts of it. We have to integrate it with what we already have, our experience, our professionalism, admission for our consumers. Actually, media is in a very challenging environment now. We do have a lot of threats to our traditional ways of going about things. We have to use these new technologies like AI in order to transform ourselves. And we really have to be at the forefront of embracing it, not resisting it," Wells said.  

Wells also suggested that media organizations can improve by learning from their counterparts, adapting successful strategies, and incorporating solutions from different environments to enhance their own operations.

"How do we really go about finding those right choices? It's by looking at what everyone else is doing, taking the best of how different organizations are using new technologies, adapting their business models, trying to reach consumers in a different way. And really cherry-picking the best examples, the best use cases across the industry to try and reimagine what we're doing in our own environments, whether it's in China, in the United Kingdom, in the United States or in any European country. Look across the industry who is doing what, how are they solving some of these problems and use that as a kind of nice salad mixture to try and find the solutions in your own newsroom organization," he said. 

In addition, Wells highlighted the forum's positive role in promoting global media exchange and collaboration.

"I think that if you ask anyone about cooperation and collaboration, everyone's for it, right? It's a no-brainer. Of course, we want to collaborate. We want to cooperate. But actually, when you come to collaborating and cooperating, it's actually a bit of a pain as well, because you got to devote time for reaching out, to be aware of what other industries are doing, what your colleagues are doing across the industry," Wells said.

So, I think the good thing about this forum is that we're in an environment now where we can mix, you've got a lot of different people from news organizations, from different parts of the world that have got different ideas. And I think we all learn a lot from hearing about different experiences across the world, and really trying to sort of create some of these ties. Otherwise, if we don't make that effort, they just won't be there," said the industry insider.   

European media professional highlights AI power, global exchange in industry