The US government is concerned about the links between Chinese hacker groups and the Chinese government body that controls local access to Microsoft source code, according to documents released by Wikileaks.
Chinese information security companies such as Topsec, the largest Chinese infosec vendor, have recruited known hackers, according to a US diplomatic cable released by the whistleblower group on Saturday. From June 2002 to March 2003, Topsec employed Lin Yong as a senior security service engineer to manage training, the cable added. Lin, who was known as 'Lion', set up the Honker Union of China hacking group.
As a result of these links, the US government is concerned about the Chinese state and private sector acting together to develop cyberattack capabilities.
"As evidenced with Topsec, there is a strong possibility the PRC [People's Republic of China] is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities," according to the cable.
Topsec received some of its startup capital from the Chinese state and is affiliated with the China Information Technology Security Center (CNITSEC), said the cable. The CNITSEC has responsibility for certifying IT for Chinese government use. In 2003, the CNITSEC signed a Government Security Program (GSP) agreement with Microsoft that gave a number of companies, including Topsec, access to Microsoft source code to develop secure Windows implementations.
Topsec had not responded to a request for comment at the time of writing.
In addition, the US government was also concerned that XFocus — a hacker group that the US believes was involved in developing Blaster worm exploits — had links with VenusTech, a Chinese company that also had access to Microsoft source code.
"While links between top Chinese companies and the PRC are not uncommon, it illustrates the PRC's use of its 'private sector' in support of governmental information warfare objectives, especially in its ability to gather, process and exploit information," the cable read.
Wikileaks documents released last week highlight other negotiations that US companies enter into to trade outside the US. A diplomatic cable released on Wednesday showed that Intel threatened to lay off over 200 engineers from its Russian research and development facility if it were not allowed to import cryptographic goods.