On July 26, Wuhan Emergency Management Bureau issued a public statement:
Recently, the National Computer Virus Emergency Response Center and 360 Company notified our unit that, through the monitoring of the above-mentioned institutions, it was discovered that the network equipment of some front-end stations of the earthquake rapid report data collection point of the Wuhan Earthquake Monitoring Center affiliated to our unit was attacked by foreign organizations .
Here, our unit publicly declares: our unit and the Wuhan Earthquake Monitoring Center attach great importance to network security protection, and firmly oppose any organization or individual in any form of cyber attack on us. Any behavior that endangers the earthquake monitoring infrastructure will be punished according to law. Pursue relevant legal responsibilities. In order to further ascertain the facts and deal with the cyber attacks of relevant behind-the-scenes hacker organizations and criminals in accordance with the law, the Wuhan Earthquake Monitoring Center immediately sealed up the relevant network equipment and reported the case of cyber attacks to the public security organs in the jurisdiction. Our unit will keep right of further prosecution.
According to the "Ping An Jianghan" official Weibo news, the Earthquake Monitoring Center of the Wuhan Emergency Management Bureau reported to the police that the center found that some network equipment at the front-end stations of the earthquake rapid report data had been implanted with backdoor programs. This act poses a serious threat to national security .
At present, the Jianghan Branch of the Wuhan Public Security Bureau has filed a case for investigation in accordance with Article 285 of the Criminal Law of the People's Republic of China, and has carried out further technical analysis on the extracted backdoor samples. The backdoor program can illegally control and steal earthquake velocity. Report the seismic intensity data collected by the front-end stations.
It was preliminarily determined that this incident was a cyber attack initiated by overseas hacker organizations and criminals with government background .
Some professionals told the "Global Times" reporter that the seismic intensity data refers to the intensity and magnitude of an earthquake, which are two important indicators to measure the destructive power of an earthquake. In particular, the seismic intensity represents the degree of geological damage. The larger, " seismic intensity data is closely related to national security. For example, some military defense facilities need to take into account factors such as intensity ."
Wuhan Earthquake Monitoring Center is another national unit after Northwestern Polytechnical University was attacked by overseas hackers in June last year. After Northwestern Polytechnical University was attacked, the China National Computer Virus Emergency Response Center and 360 jointly formed a technical team to conduct a comprehensive technical analysis of the case, and finally determined that the "real culprit" of the case was a specific Intrusion Operations Office (TAO).
The Global Times reporter learned that experts from the China National Computer Virus Emergency Response Center and 360 have gone to Wuhan to collect evidence. Preliminary evidence shows that the cyber attack on the Wuhan Earthquake Monitoring Center came from the United States .