Leaked U.S. embassy cables suggest China uses access to Microsoft source code for cyber attacks

By Tom Warren, on 6th Dec 10 10:57 am with 21 Comments

Leaked U.S. embassy cables suggest that China is using access to Microsoft source code for cyber warfare.

Revealed by The Guardian, the latest cable leak from WikiLeaks provides evidence to suggest the Chinese government is working with IT security companies, licensed to access Microsoft source code, to bolster offensive and defensive computer network operations capabilities.

Founded in November 1995, Topsec is China’s largest network security firm and provider of security products and services. Topsec is also one of the organizations authorized by the Chinese Goverment to evaluate the source code of Microsoft Windows. In 2003, CNITSEC – responsible for overseeing the People’s Replic of China’s Information Technology (IT) security certification program – signed a Government Security Program (GSP) with Microsfot that allowed TOPSEC access to Microsoft source code to help secure the future of Windows.

Washington appears to be concerned with both CNITSEC and TOPSEC according to the leaked cable:

“56. (S//NF) CTAD comment: Additionally, CNITSEC enterprises has recruited Chinese hackers in support of nationally-funded “network attack scientific research projects.” From June 2002 to March 2003, TOPSEC employed a known Chinese hacker, Lin Yong (a.k.a. Lion and owner of the Honker Union of China), as senior security service engineer to manage security service and training. Venus Tech, another CNITSEC enterprise privy to the GSP, is also known to affiliate with XFocus, one of the few Chinese hacker groups known to develop exploits to new vulnerabilities in a short period of time, as evidenced in the 2003 release of Blaster Worm (See CTAD Daily Read File (DRF) April 4, 2008). 57. (S//NF) CTAD comment: While links between top Chinese companies and the PRC are not uncommon, it illustrates the PRC’s use of its “private sector” in support of governmental information warfare objectives, especially in its ability to gather, process, and exploit information. As evidenced with TOPSEC, there is a strong possibility the PRC is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities. (Appendix sources 51-52)”

In early January 2010, Google said, in a blog posting, that in mid-December, they, along with a number of other large companies in the Internet, finance, technology, media and chemical sectors, were targeted in a sophisticated cyber-attack. This attack on their infrastructure originated in China, and resulted in the theft of intellectual property. It was later revealed that Microsoft’s Internet Explorer was one of the vectors used in targeted attacks against Google. Recent WiliLeaks cables have also revealed that the U.S. Government was tipped by a Chinese contact that the Google attacks were part of a “coordinated campaign of computer sabotage carried out by government operatives, private security experts and Internet outlaws recruited by the Chinese government.”

Microsoft’s Chinese involvement with source code sharing could raise questions over whether the company should be sharing such information with China. The leaked cable was sent on June 29, 2009, prior to the Google attacks in mid-December. It’s possible that the U.S. governments fears were proven true during the attacks. Google eventually stopped censoring search results in China and redirected requests to Google’s services based in Hong Kong. The company was forced to make changes to this method in July by only redirecting a small percentage of users.

  • Anonymous

    LOL, no big surprise there now is there? Too funny.

    http://www.privacy-resources.edu.tc

  • Anonymous

    Wasnt it the US government that forced microsoft to share its Source code in the First place?

  • http://twitter.com/DaQuantumFro DaMarico Fowler

    time to lock it down

  • RedDragonRising

    Red Dragon Rising!!! Big friendly communist country supplies cheap living for the West, whilst secretly plotting its downfall…

  • http://twitter.com/freddealmeida Alfredo de Almeida

    China is not looking to destroy America. That is a fallacy. It needs them to buy the shit they make. Stability is the enemy here. But I find it amazing that china still exists in this form today…though their fear of the internets is rightly placed. In an information free society, secrets can not exist and then power is empty and the elites simply wither. Give it another 10 years.

    • Russell

      An information free society? That doesn’t make sense. And this Utopian idea that power will be “empty” and elites will “wither” is hogwash. What is more likely to happen is that the money you put in a bank will be stolen electronically, our defense will be compromised, and crooks will have free rein. But go on with your naive ideas – they certainly are entertaining.

  • Beena

    Everyone shud be aware what is china’s next plan…they have already overtook manufactoring now they r turning to IT by any hook or crook..

  • Larry07

    What language is being spoken here referring to ‘cables’? If a ‘cable’ refers to a communication via letter, email, text, phone, Morse code, or sign language, then say it as such. ‘Cable’ is a wire according to Merriam Webster.

    • Anonymous

      A ‘cable’ is a secure electronic ‘letter’ between government offices.

    • Bob Beechey

      @franklovesfl This is known as a “Humpty-Dumptyism” where “A word means exactly what I want it to mean – no more, no less”. I agree with Larry07 and do not find your definition in any respected dictionary.

    • Bob Beechey

      @franklovesfl This is known as a “Humpty-Dumptyism” where “A word means exactly what I want it to mean – no more, no less”. I agree with Larry07 and do not find your definition in any respected dictionary.

    • Bob Beechey

      @franklovesfl This is known as a “Humpty-Dumptyism” where “A word means exactly what I want it to mean – no more, no less”. I agree with Larry07 and do not find your definition in any respected dictionary.

  • nzyne

    More good arguments for using Linux or OSX? Also, China does not have to destroy America. America is perfectly capable of destroying itself, or at least selling itself out.

    • Anonymous

      So, because China has Microsoft’s source code, you’re brilliant alternative is to use open source OSes?!

    • Tim

      The difference is that by its very nature open source is available to everyone for peer review and improvement. Windows source is only available to those ‘friendly’ to Microsoft or the current U.S. executive. Give me peer reviewed any time thank you.

  • AKON

    Larry07, when reading a news article, the reader can use his common sense and the understanding about current happenings in the world to identify the meaning of words that are usually use for other means. If you can not understand that here “cables” refere to wikileak cablegate aka release of secret documents of US state department, I can not understand where did you live in past few weeks. Normally languages are always updated with new words, and with new meanings to old words according to various events and needs. Otherwise that language will not support the intended purpose of a language and will be a dead language.

  • Spell Checker

    More importantly….I believe “Replic” was meant to be spelled “Republic”….check your spelling along with the facts please.

  • Guest

    censorship ? I notice that wikileaks is censored by the US so unless you’re in the top 1% income bracket the US is denying most people their god given constitutional rights.

    Nice that the author cherry picks one item out….now a link to the original rather than acting as a laison

  • Yomi

    The US government should get experts to develop another programming language and network technology for their use. This should be kept secret. The problem is that Americans cant keep their mouths shut. Americans are trying to destroy their own country.

    Yomi

  • Anonymous

    NOWAY they would not do that :)

    duh … idiots, I keep my source code to my encryption stuff locked away … just like the chinese do for theirs

  • Dolchstoblegend

    the problem with most americans is that they have only seen the glorious times of the Uncle Sam, very difficulty it is for them to understand they have to work hard to maintain the top spot. an idealistic approach to world polititics has eroded the more natural competitive human attribute in them. they would rather sympathise wth the chinese than compete wth them.