國安部中英雙語發文:立即停止對中國的污衊抹黑和網絡攻擊
近日,美英政府合謀誣陷所謂「同中國政府有關聯」的黑客組織對其實施網絡攻擊,並發起無理單邊制裁。
4月2日,國家安全部以中英雙語發文:立即停止對中國的污衊抹黑和網絡攻擊(Stop Slandering and Cyberattacking China Now!)。
一段時間以來,美國出於地緣政治目的鼓動其主導的世界上最大的情報組織「五眼聯盟」編湊散布各種「中國黑客威脅」的虛假信息。近日,美英政府合謀誣陷所謂「同中國政府有關聯」的黑客組織對其實施網絡攻擊,並發起無理單邊制裁,這是典型的「賊喊捉賊」式污衊抹黑,是將網絡安全問題政治化的惡意操弄,嚴重侵害中方合法權益。中方對此強烈不滿,堅決反對,敦促相關方面立即停止,並將採取必要措施堅決維護自身的合法權益。
臭名昭著的黑客帝國
美國是最大的網絡攻擊來源地,是全球網絡空間安全的最大威脅。長期以來,美國利用自身信息技術優勢和「五眼聯盟」等國家網絡資源,對世界各國包括盟友進行大規模監聽竊密,非法獲取別國政要、企業和公民的海量數據,「黑客帝國」的真實面目早已人盡皆知。
近年來,全球媒體曝光的由美英主導實施的網絡攻擊、秘密監聽活動不計其數,其任務分工明確、技術生態完整、組織架構嚴密:
——在分工上,既有針對網絡數據收集的「棱鏡計劃」和「上遊計劃」,也有意在監控竊聽的「天網計劃」和「獵殺巨人行動」,還有以入侵基礎設施為目標的「奧林匹克行動」,以及確保持續訪問目標能力的「金色極光行動」和「拱形計劃」等。
——在技術上,開發了作為進攻系統的「湍流」和「量子」,作為攻擊平台的「酸狐貍」「蜂巢」和「電幕」,以及作為攻擊武器的「驗證器」和「聯合耙」等木馬病毒與「後門」軟件。
——在組織上,有以攻擊大型公司、科研院校和基礎設施為主的美中情局(CIA),也有負責對全球進行無差別攻擊的美國安局特定入侵行動辦公室(TAO),以及擁有大規模成建制網絡任務部隊的美國網絡司令部。
與此同時,美英等國還在一刻不停全面提速網絡軍事化進程,頻繁開展網絡空間軍事行動,不斷推動「先發制人」「網絡威懾」等戰略走實,為全球帶來嚴重網絡安全威脅。
賊喊捉賊的幕後黑手
美英政府一方面對實施網絡攻擊習以為常,另一方面對國際社會指責裝聾作啞,甚至出於地緣政治目的「賊喊捉賊」,編湊散布各種「中國黑客威脅」的虛假信息。事實上,中國才是全球網絡攻擊的最大受害者。
根據國家計算機網絡應急技術處理協調中心(CNCERT)近年來發布的報告,在中國遭受境外攻擊來源地排名中,美國一直「獨占鰲頭」。部分公開披露的案例顯示:
——2022年2月,隸屬於美國安局的黑客組織「方程式」被曝光利用「頂級後門」,對包括中國在內的45個國家和地區,開展了長達十餘年的網絡攻擊。
——2022年4月,西北工業大學遭遇境外網絡襲擊,幕後黑手TAO部署了超過40種專用網絡攻擊工具,長期持續對中國內目標實施了上萬次惡意攻擊,竊取大量高價值數據。
——2023年7月,武漢市地震監測中心遭受網絡攻擊,攻擊地址來源於美國,且使用的「後門」惡意軟件符合美國情報機構特征。
僅今年一季度,自美國本土及其海外軍事基地,對包括中國在內的多個國家實施網絡攻擊活動的頻度就高達2000餘次,涉及中國黨政機關、關鍵信息基礎設施,以及人工智能、芯片研產、清潔能源、先進製造、軟件研發等領域的一大批重點單位。美英等國為服務其國家發展戰略,鞏固網絡霸權地位,針對中國大肆實施網攻竊密和數據竊取活動,意在打壓遏制中國發展,嚴重危害中國主權、安全和發展利益。
依法治網的中國態度
網絡安全是各國面臨的共同挑戰,維護網絡安全是國際社會的共同責任。中國堅持和平利用網絡空間,堅決反對將網絡安全問題政治化,堅決反對並打擊各種形式的網絡攻擊,依法加強網絡空間治理,積極應對網絡安全威脅。
中國一直以實際行動加大依法管理網絡力度,推動網絡數字領域國家安全法律制度體系建設,統籌國內法治和涉外法治,不斷築牢國家網絡安全屏障:
——2017年6月,《中華人民共和國網絡安全法》實施,全面規範網絡空間安全管理,維護網絡空間主權和國家安全。
——2020年9月,發起《全球數據安全倡議》,積極參與全球互聯網治理進程,為網絡空間國際治理貢獻中國方案。
——2021年9月,《中華人民共和國數據安全法》實施,強化數據出境安全監管,加強國家核心數據安全防護。
——2023年7月,《中華人民共和國反間諜法》修訂實施,明確網絡間諜行為定義,依法嚴厲打擊各類網絡間諜活動。
中國致力於在相互尊重、平等互利的基礎上,與國際社會就維護網絡空間和平與安全開展建設性合作,堅持尊重網絡主權、不搞網絡霸權,致力於共同構建和平、安全、合作、有序的網絡空間命運共同體。
面對嚴峻複雜的網絡安全形勢,國家安全機關將在黨中央堅強領導下,堅持以習近平新時代中國特色社會主義思想為指導,堅定不移貫徹總體國家安全觀,堅決擔當職責使命,堅定維護網絡安全,會同有關部門防範應對網絡安全領域的重大風險挑戰,依法嚴厲打擊境外勢力對中國開展網絡攻擊、數據竊密以及危害關鍵信息基礎設施和重要信息系統安全的違法犯罪活動,不斷增強網絡安全防御能力,有力捍衛國家主權、安全、發展利益。
以下為英文版本:
For some time, the United States has been instigating the Five Eyes Alliance, the biggest intelligence organization in the world led by the US, to make up and spread disinformation of threats from “Chinese cyberintruders”. More recently, the US government has conspired with the UK to slander China by saying that they are under cyberattacks from groups of cyberintruders “affiliated to the Chinese government” and conducted unilateral and unreasonable sanctions against China on that excuse. They are typically acting like a thief who, driven by a guilty conscience, poses as a judge to distort facts. What they are attempting at is the politicization of cybersecurity and infringement of the legal rights of China. We hereby express our strong protest and firm opposition to them. We urge relevant parties to stop immediately and will take necessary measures to defend our legitimate rights and interests.
The Notorious Hacking Nation
The US has been the biggest source of cyberattacks and biggest threat to the security of global cyberspace. As it is well known to all, it has long been committing large-scale espionage activities against nations worldwide and even against its allies, and illegally acquiring massive amounts of data of their politicians, enterprises and citizens, by the help of their advantages in information technology and the internet resources of the Five Eyes Alliance countries.
Countless cases of cyberattacks and espionage activities exposed by the global media in recent years have shown that those attacks, mainly conducted by the US and the UK, are characterized by a clear division of labor, advanced technology and rigorous organization.
–Division of labor: PRISM and the Upstream Project were designed for collection of network data; Skynet and Shotgiant, for wiretapping; Operation Olympic Games, for the invasion of infrastructures; Auroragold and CamberDada, for continued access to targets.
–Technology: the US developed attack systems such as Turbulence, attack platforms such as FoxAcid, Hive and Bvp47, and attack weapons such as Validator and United Rake, among other Trojan viruses and backdoor malware.
–Organization: CIA primarily attacks major companies, research institutions and infrastructures; the NAS Office of Tailored Access Operation (TAO) launches indiscriminate global attacks; and Cyber Command is a large establishment of cyber mission forces.
At the same time, the US and the UK are speeding up the militarization of network on all aspects by taking frequent cyber military operations and further substantiating their “preemptive” and “cyber deterrence” strategy, posing a severe threat to the global cybersecurity.
The Thief in a Judge’s Robe
On the one hand, the American and British governments are carrying out cyberattacks almost as a matter of common practice, and on the other hand, they are playing deaf and dumb to the condemnation of the global community. On occasions, driven by geopolitical purpose, they even played the trick of a thief dressed in a judge’s robe, spreading disinformation of “threat of cyberintruders from China”, who, in fact, is the biggest victim of the global cyberattacks.
According to recent reports from the National Computer Network Emergency Response Technical Team/Coordination Center of China (also known as CNCERT/CC), among all the attacks China has received from overseas, those originating from the US top the list. Here are some cases that have gone public:
–In February, 2022, Equation, a hacker group tied to US National Security Agency (NSA), had, for over a decade, been launching cyberattacks against 45 countries and regions around the world, including China, with “top backdoor malwares”.
–In April, 2022, Northwestern Polytechnical University, China, was cyberattacked from overseas. TAO had deployed over 40 cyber arsenals, carried out over 10, 000 long and persistent malicious attacks against targets in the Chinese territory and stolen massive amounts of high value data.
–In July, 2023, Wuhan Earthquake Monitoring Center was under cyberattacks from the US. The detected backdoor malwares matched the characteristics of those from American intelligence agencies.
In the first quarter of this year, more than 2,000 cyberattacks were launched from the continental US and its military bases overseas against many countries, especially China, focusing on a large number of Communist Party and government organs, critical information infrastructures, as well as important institutions of artificial intelligence, chip R&D, clean energy, advanced manufacturing and software development. In attempts to serve their national strategy of development, consolidate their hegemony in cyberspace, and contain China’s development, the US and British governments have been blatantly conducting cyberattacks on China and stealing our data. Those moves gravely jeopardize China's sovereignty, security and development interests.
China’s Law-based Cyberspace Governance
Cybersecurity has been a common challenge for all nations and maintaining it has been a shared responsibility of the entire international community. Abiding by the principle of peaceful use of cyberspace, China stands firmly against the politicization of cybersecurity and all manners of cyberattacks and will take proactive measures to deal with cybersecurity threats.
China has long been strengthening its law-based governance of cyberspace, promoting the establishment of the legal system of national security in the network and digital domain, taking a coordinated approach to the rule of law at home and in matters involving foreign parties, in order to reinforce national cybersecurity barrier.
–In June, 2017, Cyber security Law of People’s Republic of China was implemented in an effort to regulate its cyberspace governance and safeguard its cyberspace sovereignty and national security.
–In September, 2020, China put forward a Global Initiative on Data Security in a bid to take active part in global internet governance and contribute Chinese solutions to the international cyberspace governance.
–In September, 2021, Data Security Law of People’s Republic of China was implemented to strengthen outbound data transfer security supervision and core data security protection.
–In July, 2023, the revised Counterespionage Law of the People’s Republic of China was implemented. The law gave a clear definition of cyberspace espionage and showed our determination to fight against all types of related espionage activities.
China is committed to the constructive cooperation with the international community in its efforts to protect the peace in cyberspace on the basis of equality, mutual respect and mutual benefit, to its respect for sovereignty and fight against hegemony in cyberspace, and to the construction of a shared future of peace, security, cooperation and order in cyberspace.
Faced with the severe and complicated situation in cybersecurity, the Ministry of State Security is determined to uphold the leadership of the Communist Party of China, follow the guidance of Xi Jinping Thought on Socialism with Chinese Characteristics for a New Era, resolutely pursue a holistic approach to national security, and to fulfill its responsibility in protecting national cybersecurity. In an effort to meet risks and challenges in cybersecurity, the MSS will join hands with other ministries and departments to take legal actions to fight against cyberattacks from overseas, data theft and crimes against critical information infrastructures and security of information system, and enhance its cybersecurity defenses so as to better protect the national sovereignty, security and interests of China.