China blames US NSA for cyberattacks during Asian Games, names agents

Chinese authorities have accused the US National Security Agency (NSA) of carrying out sophisticated cyberattacks targeting critical Chinese infrastructure during the Asian Winter Games in February. The allegations, announced by police in Harbin and reported Tuesday by the state-run Xinhua News Agency, signal a heightened escalation in cybersecurity tensions between the two nations.

According to the Harbin Public Security Bureau, the NSA allegedly launched a series of “advanced cyberattacks” on essential sectors, including energy, transportation, water resources, telecommunications, and national defence research institutions in China’s northeastern Heilongjiang province, the host region for the Games.

Authorities identified three individuals accused of orchestrating the attacks: Katheryn A Wilson, Robert J Snelling, and Stephen W Johnson. The trio has been placed on a wanted list, with Chinese officials claiming they were involved in repeated cyberattacks not only against government infrastructure but also against major Chinese enterprises, including Huawei.

The report also named two US academic institutions — the University of California and Virginia Tech — as being involved in the alleged cyber operations, though specific details on their roles were not provided.

Xinhua’s report also claims the NSA carried out the cyberattacks during the Asian Winter Games, with a particular focus on disrupting key information systems and stealing sensitive data.

“The US National Security Agency (NSA) launched cyberattacks against important industries such as energy, transportation, water conservancy, communications, and national defence research institutions in Heilongjiang province,” Xinhua quoted the Harbin police as saying.

The operations reportedly peaked during the first ice hockey match on February 3, with the attackers targeting the Games’ registration system, which contained personal data of participating athletes and officials.

According to investigators, the NSA allegedly activated “pre-installed backdoors” in Microsoft Windows systems on devices in the region. To avoid detection, the agency is said to have used anonymised IP addresses and rented servers across Europe and Asia.

This development adds to the growing cyber and trade tensions between the US and China. Washington has frequently accused Chinese state-backed hackers of targeting American infrastructure, government agencies, and private firms.

Just last month, the US indicted several alleged Chinese hackers believed to have attacked the Defense Intelligence Agency, the Department of Commerce, and foreign ministries in Taiwan, South Korea, India, and Indonesia.

Beijing has consistently denied involvement in any overseas cyber espionage. In recent years, however, China has begun publicly accusing the US of conducting similar operations. In December, Chinese officials said they had uncovered and dealt with two American cyberattacks on domestic tech firms intended to “steal trade secrets” since May 2023, though they did not name the specific agency responsible.