{"id":14988,"date":"2025-10-21T02:41:24","date_gmt":"2025-10-21T02:41:24","guid":{"rendered":"https:\/\/newestek.com\/?p=14988"},"modified":"2025-10-21T02:41:24","modified_gmt":"2025-10-21T02:41:24","slug":"us-nsa-alleged-to-have-launched-a-cyber-attack-on-a-chinese-agency","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14988","title":{"rendered":"US NSA alleged to have launched a cyber attack on a Chinese agency"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

China\u2019s claim that the US National Security Agency (NSA) was behind a cyber attack against the country\u2019s timekeeping centre could be true, says an expert.<\/p>\n

\u201cFrom a technical perspective, China\u2019s allegation about an NSA hack on its national timekeeping center is plausible and aligns with known US cyber capabilities,\u201d\u00a0 Jeff Bardin<\/a>, chief intelligence officer at US-based Treadstone 71, told CSO on Monday.<\/p>\n

But, he added, \u201cwithout public evidence it\u2019s hard to confirm conclusively.\u201d<\/p>\n

He was commenting on a post last week on WeChat<\/a> from China\u2019s Ministry of National Security saying, \u201cnational security authorities uncovered a major cyber attack case in the United States and obtained irrefutable evidence that the National Security Agency launched a cyber attack and invaded China\u2019s National Time Service Center.<\/p>\n

The public affairs section of China\u2019s Washington, D.C. embassy confirmed to CSO that the post \u201cis from China\u2019s security authorities.\u201d The allegation is also repeated on the Chinese embassy\u2019s X feed.<\/a><\/p>\n

The timekeeping center \u201cprovides high-precision timing services to the nation\u2019s communications, finance, power, transportation, surveying and mapping, defense, and other sectors, and provides crucial data support for the calculation of international standard time,\u201d the post says.<\/p>\n

A cyber attack \u201cwould impact the secure and stable operation of \u2018Beijing Time,\u2019\u201d says the post, referring to the country\u2019s single time zone.<\/p>\n

An attack, the post says, would lead \u201cto serious consequences such as network communication failures, financial system disruptions, power outages, transportation disruptions, and space launch failures. It could even cause chaos in international time, resulting in incalculable damage and losses.\u201d<\/p>\n

Allegedly took advantage of SMS vulnerability<\/h2>\n

The WeChat post alleges that, starting on March 25, 2022, \u201cthe NSA exploited a vulnerability in the SMS service of an overseas mobile phone brand to covertly attack and gain control of the mobile phones of multiple NSC staff members, stealing sensitive data stored within them.\u201d\u00a0<\/p>\n

Asked for comment, an NSA spokesperson sent this reply by email: \u201c<\/em>NSA does not confirm nor deny allegations in the media regarding its operations. Our core focus is countering foreign malign activities persistently targeting American interests, and we will continue to defend against adversaries wishing to threaten us.\u201d<\/p>\n

The Chinese post says the country \u201cshattered the US cyber attack plot of stealing secrets and infiltration and sabotage, and made every effort to protect the security of \u2018Beijing Time.\u2019\u201d<\/p>\n

Possible \u2018serious escalation\u2019<\/h2>\n

If the recent Chinese claim against the NSA is true, said Bardin, it suggests a strategic intent by the US not just to spy, but to position the country to potentially disrupt a core piece of Chinese infrastructure \u2014 the timing system underpinning communications, finance, energy, and defense.<\/p>\n

That, he said, \u201cwould mark a serious escalation.\u201d<\/p>\n

\u201cIt\u2019s also striking,\u201d he added, \u201cthat Beijing went public with this claim, since China typically avoids admitting breaches of its own critical systems. China\u2019s public accusation signals a bid to sway international opinion, painting the US as a global \u2018hacker empire\u2019 and rallying other nations behind calls to rein in state-sponsored cyber intrusions. Beijing is expected to bolster its cyber defenses and could even hint at tit-for-tat moves against US timekeeping networks to deter further incursions.\u201d<\/p>\n

Economically, he added, \u201cthe incident continues China\u2019s push for tech self-reliance \u2013 tightening supply chains and fast-tracking homegrown alternatives (such as sovereign timing systems) \u2013 as it seeks to reduce exposure to US tech influence amid already high trade and technology tensions.\u201d<\/p>\n

\u00a0The Chinese allegation also fits with the pattern of behavior from Beijing \u201cleaning forward with public attribution of what they consider malicious cyber activity \u2026 and oftentimes that attribution is not necessarily accurate,\u201d said Matthew Ferren, international affairs fellow in national security at the US Council on Foreign Relations. In fact, he couldn\u2019t say whether there was an attack or an intrusion.<\/p>\n

\u201cThis tells me nothing about what may or may not have happened in the real world, but it does fit within the pattern of behavior of the Chinese to shape narratives around the United States being an irresponsible actor in the cyber domain,\u201d he said.<\/p>\n

Advice for CISOs<\/h2>\n

Time services are an interesting and often overlooked target, said Johannes Ullrich, dean of research at the SANS Institute, because many authentication protocols rely on accurate time services. To prevent replay of old attestations, these systems require synchronized times. If the times are not synchronized, messages from authentication servers will be discarded.<\/p>\n

The simplest result of a compromised time service is a denial of service attack. Or, he added, it can lead to bypassing some authentication or access control checks, or the ability to replay old authentication messages to gain access to systems. <\/p>\n

\u201cCISOs should not neglect these time services,\u201d he said in an email. \u201cIt is too easy to leave them in a default configuration which often uses undefined open cloud based time server pools. Instead, internal time servers should be defined to serve as an internal standard, and these internal time standards need to be synchronized with carefully selected sources like GPS or time servers run by a trusted entity.\u201d<\/p>\n

Treadstone 71\u2019s Bardin said that CSOs in any country who want to protect themselves from a sophisticated nation-state attacker should treat time infrastructure linked to their servers as a national-level dependency.<\/p>\n

Segment and isolate all systems relying on NTP (network time protocol) or GPS sources, verify clock integrity against multiple independent references and deploy cryptographic attestation for time signals, he advised.<\/p>\n

He also recommends disabling SMS-based login authentication for privileged access, enforcing out-of-band multi-factor authentication, and continuous monitoring for anomalies in timing drift or certificate use.<\/p>\n

He added that red team drills simulating loss of trusted time, which will validate IT operational resilience, is also worthwhile.<\/p>\n

To assist defenders, the US Cybersecurity and Infrastructure Security Agency (CISA) offers this advice<\/a> to organizations to help protect themselves from nation-state attacks.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

China\u2019s claim that the US National Security Agency (NSA) was behind a cyber attack against the country\u2019s timekeeping centre could be true, says an expert. \u201cFrom a technical perspective, China\u2019s allegation about an NSA hack on its national timekeeping center is plausible and aligns with known US cyber capabilities,\u201d\u00a0 Jeff Bardin, chief intelligence officer at US-based Treadstone 71, told CSO on Monday. But, he added,… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14988","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14988","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14988"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14988\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14988"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14988"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14988"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}