News

China Hacks Described in Secret U.S. Cables

One of the cables published by WikiLeaks late last month cites U.S. diplomatic concerns over a Chinese software security company with access to Windows source code.

According to the June 29, 2009 cable, unearthed by the Guardian here, Beijing-based TOPSEC Network Security Technology Company Ltd. may have a direct connection to Chinese government-sponsored hacking attempts. TOPSEC is an enterprise spin-off of the China Information Technology Security Center (CNITSEC), which tests security software and oversees the Chinese government's IT security certificate program, according to the account.

In 2003, CNITSEC signed a Government Security Program (GSP) agreement with Microsoft that gave it access to Microsoft "source code," with the aim of securing Windows. TOPSEC was also allowed access to that source code as a consequence of the agreement. TOPSEC is described in the diplomatic cable as "China's largest provider of information security products and services."

The cable alleges a relationship exists between CNITSEC spin-off companies, like TOPSEC, and Chinese government-sponsored hacking research.

"As evidenced with TOPSEC, there is a strong possibility the PRC [Peoples Republic of China] is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities," the cable states.

Microsoft, asked about the U.S. cable and the GSP agreement with China, provided the following statement: "Microsoft's Government Security Program (GSP) is a global initiative that enables governments to increase their assurance in system security by providing a managed review of Microsoft source code, as well as offering prescriptive security guidance and technical training," a Microsoft spokesperson stated by e-mail. "Review of source code by participants in the Government Security Program is provided in a managed and audited environment requiring authentication and security measures."

Another diplomatic cable released by WikiLeaks, dated May 18, 2009, provides a few details about the infamous attack on Google and other companies alleged to have originated from China. The cable points to Li Changchun, a member of China's Politburo Standing Committee, as leading the push against Google's Chinese search site, Google.cn. According to a story published on Saturday by the New York Times, Li Changchun put the pressure on Google.cn to censure local search results. However, the cable didn't clarify the source of the hacking attempt targeting Google's U.S. headquarters.

In response to the hack, Google announced a policy change in January in which it would stop censoring search results in China, as required by Chinese law. The hack apparently relied on security flaws in both Windows and Internet Explorer.

Under Google's policy change, Google.cn search traffic was automatically redirected to servers in Hong Kong. However, after Chinese officials complained about the redirection and threatened not to renew Google's Internet content provider license in China, Google changed course and now just provides a link to the Hong Kong servers, according to a June 28 Google blog post. The license for Google.cn was then renewed.

Nonprofit Wikileaks.org, which has published numerous embarrassing cables, is currently under assault by hackers, U.S. government officials and Internet hosting companies. Amazon Web Services recently booted WikiLeaks.org off its servers, citing a policy violation as a reason for terminating the contract.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

comments powered by Disqus

Featured

  • Uno Platform Ports Windows Calculator to Linux

    Uno Platform has ported the famed Windows Calculator, open sourced last year, to Linux as part of a continuing "proof point" effort to demonstrate the reach of what it describes as the sole UI offering available to target Windows, WebAssembly, iOS, macOS, Android and Linux with single-codebase applications coded in C# and XAML.

  • ASP.NET Core OData 8 Preview Supports .NET 5, but with Breaking Changes

    ASP.NET Core OData, which debuted in July 2018, is out in a v8.0 preview that for the first time supports the upcoming .NET 5 milestone release.

  • VS Code Java Team Details 5 Best Dev Practices

    Microsoft's Visual Studio Code team for Java development added a new Coding Pack for Java installer and detailed best practices for setting up a development environment.

  • Binary Classification Using PyTorch: Defining a Network

    Dr. James McCaffrey of Microsoft Research tackles how to define a network in the second of a series of four articles that present a complete end-to-end production-quality example of binary classification using a PyTorch neural network, including a full Python code sample and data files.

  • Blazor Debugging Boosted in .NET 5 RC 2

    In highlighting updates to ASP.NET Core in the just-launched second and final Release Candidate of .NET 5, Microsoft pointed out better debugging for Blazor, the red-hot project that allows for C# coding of web projects.

Upcoming Events