Leaked U.S. embassy cables suggest that China is using access to Microsoft source code for cyber warfare.
Revealed by The Guardian, the latest cable leak from WikiLeaks provides evidence to suggest the Chinese government is working with IT security companies, licensed to access Microsoft source code, to bolster offensive and defensive computer network operations capabilities.
Founded in November 1995, Topsec is China’s largest network security firm and provider of security products and services. Topsec is also one of the organizations authorized by the Chinese Goverment to evaluate the source code of Microsoft Windows. In 2003, CNITSEC – responsible for overseeing the People’s Replic of China’s Information Technology (IT) security certification program – signed a Government Security Program (GSP) with Microsfot that allowed TOPSEC access to Microsoft source code to help secure the future of Windows.
Washington appears to be concerned with both CNITSEC and TOPSEC according to the leaked cable:
“56. (S//NF) CTAD comment: Additionally, CNITSEC enterprises has recruited Chinese hackers in support of nationally-funded “network attack scientific research projects.” From June 2002 to March 2003, TOPSEC employed a known Chinese hacker, Lin Yong (a.k.a. Lion and owner of the Honker Union of China), as senior security service engineer to manage security service and training. Venus Tech, another CNITSEC enterprise privy to the GSP, is also known to affiliate with XFocus, one of the few Chinese hacker groups known to develop exploits to new vulnerabilities in a short period of time, as evidenced in the 2003 release of Blaster Worm (See CTAD Daily Read File (DRF) April 4, 2008). 57. (S//NF) CTAD comment: While links between top Chinese companies and the PRC are not uncommon, it illustrates the PRC’s use of its “private sector” in support of governmental information warfare objectives, especially in its ability to gather, process, and exploit information. As evidenced with TOPSEC, there is a strong possibility the PRC is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities. (Appendix sources 51-52)”
In early January 2010, Google said, in a blog posting, that in mid-December, they, along with a number of other large companies in the Internet, finance, technology, media and chemical sectors, were targeted in a sophisticated cyber-attack. This attack on their infrastructure originated in China, and resulted in the theft of intellectual property. It was later revealed that Microsoft’s Internet Explorer was one of the vectors used in targeted attacks against Google. Recent WiliLeaks cables have also revealed that the U.S. Government was tipped by a Chinese contact that the Google attacks were part of a “coordinated campaign of computer sabotage carried out by government operatives, private security experts and Internet outlaws recruited by the Chinese government.”
Microsoft’s Chinese involvement with source code sharing could raise questions over whether the company should be sharing such information with China. The leaked cable was sent on June 29, 2009, prior to the Google attacks in mid-December. It’s possible that the U.S. governments fears were proven true during the attacks. Google eventually stopped censoring search results in China and redirected requests to Google’s services based in Hong Kong. The company was forced to make changes to this method in July by only redirecting a small percentage of users.