Leaked US embassy cables: Diplomats fear that China used Microsoft source code for cyber warfare

Leaked US embassy cables: Diplomats fear that China used Microsoft source code for cyber warfare

Summary: One of the latest batch of leaked US embassy cables suggest that China is abusing its access to Microsoft source code by using the information to carry out cyber warfare.

SHARE:

One of the latest batch of leaked US embassy cables suggest that China is abusing its access to Microsoft source code by using the information to carry out cyber warfare.

The latest cable released by Wikileaks, and uncovered by The Guardian, suggests that the Chinese government is using licensed access to Microsoft source code in both a defensive and offensive manner.

56. (S//NF) CTAD comment: Additionally, CNITSEC enterprises has recruited Chinese hackers in support of nationally-funded "network attack scientific research projects." From June 2002 to March 2003, TOPSEC employed a known Chinese hacker, Lin Yong (a.k.a. Lion and owner of the Honker Union of China), as senior security service engineer to manage security service and training. Venus Tech, another CNITSEC enterprise privy to the GSP, is also known to affiliate with XFocus, one of the few Chinese hacker groups known to develop exploits to new vulnerabilities in a short period of time, as evidenced in the 2003 release of Blaster Worm (See CTAD Daily Read File (DRF) April 4, 2008). 57. (S//NF) CTAD comment: While links between top Chinese companies and the PRC are not uncommon, it illustrates the PRC's use of its "private sector" in support of governmental information warfare objectives, especially in its ability to gather, process, and exploit information. As evidenced with TOPSEC, there is a strong possibility the PRC is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities. (Appendix sources 51-52)

TOPSEC is China's biggest network security company and is one of the companies authorized by the Chinese government to have access to Windows source code for evaluation. CNITSEC is the organization responsible for China's IT security program.

This revelation follows on from an earlier cable where US diplomats claim that the order to carry out the attack on Google last year came from the head of China's propaganda and censorship chief.

Topics: Telcos, Hardware, Microsoft, Mobility, Networking, Security, China

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

51 comments
Log in or register to join the discussion
  • This one confuses the Hell out of me.

    I would like to know what drugs they were on when they thought it would be a bright idea to share their source code with [i]CHINA[/i] of all States (And Russia for that matter).

    Great decision there, Microsoft.
    The one and only, Cylon Centurion
    • Re: This one confuses the Hell out of me.

      @Cylon Centurion 0005

      So, how about open source sharing their source code with China and Russia for that matter?

      Your double standards are showing...
      rtk
      • RE: Leaked US embassy cables: Diplomats fear that China used Microsoft source code for cyber warefare

        @rtk: Saying "double standards" implies that two things ought to be treated the same way. But there's a major substantive difference here: open source shares their code with *everyone,* and anyone can find security vulnerabilities and submit a patch. Windows doesn't work that way, so of course it should be judged by a different standard.
        masonwheeler
      • Shhh, don't tell him that

        @rtk 's brain has been off-kilter for quite some time now.

        Too much isolation in the snow.

        lol... :D
        ahh so
      • RE: Leaked US embassy cables: Diplomats fear that China used Microsoft source code for cyber warefare

        @rtk

        MS is closed to its users apparently everyone else has access.
        Altotus
      • Correction

        M$ is closed to it's users but open to totalitarian governments.

        What's next? Redmond supplying the code to Iran and North Korea?
        ahh so
      • RE: Leaked US embassy cables: Diplomats fear that China used Microsoft source code for cyber warefare

        @rtk - perhaps I can explain clearly <br><br>create a weak buggy source code base -<br>market like crazy across the free world -<br>make sure that no sees the source code, so that bugs are not easily visible -<br>then release the source code to the evil empire for a few bucks -<br><br>what do you think will happen? <br><br>Using the term 'open source' for this is a mistake - this does not meet the high goals that open source was meant to serve.<br><br>

        and @rtk - to your comments below <br>
        1. us govt having source is not the same thing as open source, is it? how does that help the average joe? <br>
        2. having the source makes it much easier to find vulnerabilities than just trial and error, wouldn't you think? <br>
        eCubeH
      • RE: So, how about open source sharing their source code with China and Russ

        @rtk

        You forget one very important thing.

        A government with some really bright and innovative individuals in leadership roles can take that open source code and harden it for internal use. What changes they make to the source code for their INTERNAL use does not have to be handed back yo the "community" if that code is used strictly for governmental purposes.

        What I can not, and do not understand is why the US Government, and many local governments continue to use Microsoft products when it is common knowledge that both China and Russia have access to Microsoft source code. Does the attacks in the recent past (on Google and others) not get anyone's attention.
        fatman65535
      • RE: Leaked US embassy cables:

        @rtk eCubeH et al

        If you think the US gov doesn't have access to the source code, but China does, you're deluding yourself (most likely on purpose).

        More importantly, since when has source code been required for evil doers to find vulnerabilities?
        rtk
      • RE: Leaked US embassy cables: Diplomats fear that China used Microsoft source code for cyber warefare

        [i]More importantly, since when has source code been required for evil doers to find vulnerabilities?[/i]

        @rtk, that has nothing to do with your earlier dumb statement up above concerning "double standards" and open source.

        Que your NonZealot mouth, for once...
        ahh so
      • RE: Leaked US embassy cables:

        @eCubeH<br><br>1. Source code doesn't help the average joe, ever. To an average joe, open source and closed source are no different. To 99.9% of the people posting here it's no different. <br><br>The idea that an average joe can find value in source code is ludicrous.<br><br>2. The claims here are that Windows is too insecure to open up their source code, which of course is a fine example of cognitive dissonance if ever there was one.
        rtk
    • RE: Leaked US embassy cables: Diplomats fear that China used Microsoft source code for cyber warefare

      @Cylon Centurion 0005: Gotta agree. It would seem that Microsoft is not only guilty of violating monopoly laws, but of flat-out treason as well. Why does the US still permit them to remain in business?
      masonwheeler
      • Because..

        ..they're as much prisoners of M$ as everyone else is.
        ahh so
      • RE: Leaked US embassy cables: Diplomats fear that China used Microsoft source code for cyber warefare

        @masonwheeler

        US permit umm under some delusion as to who the US answers to? The US answers to cash and lots of it it is all about the money is there anyone who doubts this?.
        Altotus
    • RE: Leaked US embassy cables: Diplomats fear that China used Microsoft source code for cyber warefare

      No choice, MS is in it for the money they are payed and handsomely. Cash rules or don't you know you bought and paid for.
      Altotus
    • This one confuses the Hell out of me

      @Cylon Centurion 0005

      It shouldn't. The Chinese government made access to the source code a requirement of doing business in their country.

      A billion potential customers and the fastest growing economy on the planet?

      Microsoft just couldn't see past the $$$ here.
      JDThompson
  • You do understand...

    @AndyPagin

    That MS really had no choice? Part of the requirement for doing business in China was access to the source code. JUST LIKE IN EVERY OTHER COUNTRY.

    Besides, aren't you a fan of open source? :)
    wolf_z
    • RE: Leaked US embassy cables: Diplomats fear that China used Microsoft source code for cyber warefare

      @wolf_z
      Yes I am an open-source fan, however 'open-sourcing' something as inherently insecure as MsWindows isn't a great idea.
      AndyPagin
    • RE: Leaked US embassy cables: Diplomats fear that China used Microsoft sour

      @wolf_z

      Your post is based on assumptions without fact.
      rtk
  • RE: Leaked US embassy cables: Diplomats fear that China used Microsoft source code for cyber warefare

    @AndyPagin

    Cold war is over who would want the damn things now?
    Altotus