News

China Hacks Described in Secret U.S. Cables

One of the cables published by WikiLeaks late last month cites U.S. diplomatic concerns over a Chinese software security company with access to Windows source code.

According to the June 29, 2009 cable, unearthed by the Guardian here, Beijing-based TOPSEC Network Security Technology Company Ltd. may have a direct connection to Chinese government-sponsored hacking attempts. TOPSEC is an enterprise spin-off of the China Information Technology Security Center (CNITSEC), which tests security software and oversees the Chinese government's IT security certificate program, according to the account.

In 2003, CNITSEC signed a Government Security Program (GSP) agreement with Microsoft that gave it access to Microsoft "source code," with the aim of securing Windows. TOPSEC was also allowed access to that source code as a consequence of the agreement. TOPSEC is described in the diplomatic cable as "China's largest provider of information security products and services."

The cable alleges a relationship exists between CNITSEC spin-off companies, like TOPSEC, and Chinese government-sponsored hacking research.

"As evidenced with TOPSEC, there is a strong possibility the PRC [Peoples Republic of China] is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities," the cable states.

Microsoft, asked about the U.S. cable and the GSP agreement with China, provided the following statement: "Microsoft's Government Security Program (GSP) is a global initiative that enables governments to increase their assurance in system security by providing a managed review of Microsoft source code, as well as offering prescriptive security guidance and technical training," a Microsoft spokesperson stated by e-mail. "Review of source code by participants in the Government Security Program is provided in a managed and audited environment requiring authentication and security measures."

Another diplomatic cable released by WikiLeaks, dated May 18, 2009, provides a few details about the infamous attack on Google and other companies alleged to have originated from China. The cable points to Li Changchun, a member of China's Politburo Standing Committee, as leading the push against Google's Chinese search site, Google.cn. According to a story published on Saturday by the New York Times, Li Changchun put the pressure on Google.cn to censure local search results. However, the cable didn't clarify the source of the hacking attempt targeting Google's U.S. headquarters.

In response to the hack, Google announced a policy change in January in which it would stop censoring search results in China, as required by Chinese law. The hack apparently relied on security flaws in both Windows and Internet Explorer.

Under Google's policy change, Google.cn search traffic was automatically redirected to servers in Hong Kong. However, after Chinese officials complained about the redirection and threatened not to renew Google's Internet content provider license in China, Google changed course and now just provides a link to the Hong Kong servers, according to a June 28 Google blog post. The license for Google.cn was then renewed.

Nonprofit Wikileaks.org, which has published numerous embarrassing cables, is currently under assault by hackers, U.S. government officials and Internet hosting companies. Amazon Web Services recently booted WikiLeaks.org off its servers, citing a policy violation as a reason for terminating the contract.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

comments powered by Disqus

Featured

  • Low-Coding in the Age of AI: Dataverse Embraces Copilot, Claude and Cursor

    Microsoft is extending Dataverse into coding-agent marketplaces while expanding its MCP tools, certification program and governance controls.

  • Visual Studio Takes Aim at Copilot Billing Shock

    Beyond Copilot usage visibility, the June update delivers several other enhancements centered on AI-assisted development, security and quality-of-life improvements. Here's a quick rundown of the remaining additions announced by Microsoft.

  • Claude AI Gets Yet Another Boost in VS Code 1.128

    The July 8, 2026, Visual Studio Code update expands agent workflows, chat attachments, browser-tab controls, OS-level shortcuts and enterprise telemetry management.

  • TypeScript 7 Arrives to Rock VS Code with Go-Powered Speed

    Microsoft says TypeScript 7, announced July 8, brings native Go performance to VS Code, Visual Studio and other editors.

Subscribe on YouTube