X
Home & Office

Leaked US embassy cables: Diplomats fear that China used Microsoft source code for cyber warfare

One of the latest batch of leaked US embassy cables suggest that China is abusing its access to Microsoft source code by using the information to carry out cyber warfare.
Written by Adrian Kingsley-Hughes, Contributing Writer

One of the latest batch of leaked US embassy cables suggest that China is abusing its access to Microsoft source code by using the information to carry out cyber warfare.

The latest cable released by Wikileaks, and uncovered by The Guardian, suggests that the Chinese government is using licensed access to Microsoft source code in both a defensive and offensive manner.

56. (S//NF) CTAD comment: Additionally, CNITSEC enterprises has recruited Chinese hackers in support of nationally-funded "network attack scientific research projects." From June 2002 to March 2003, TOPSEC employed a known Chinese hacker, Lin Yong (a.k.a. Lion and owner of the Honker Union of China), as senior security service engineer to manage security service and training. Venus Tech, another CNITSEC enterprise privy to the GSP, is also known to affiliate with XFocus, one of the few Chinese hacker groups known to develop exploits to new vulnerabilities in a short period of time, as evidenced in the 2003 release of Blaster Worm (See CTAD Daily Read File (DRF) April 4, 2008). 57. (S//NF) CTAD comment: While links between top Chinese companies and the PRC are not uncommon, it illustrates the PRC's use of its "private sector" in support of governmental information warfare objectives, especially in its ability to gather, process, and exploit information. As evidenced with TOPSEC, there is a strong possibility the PRC is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities. (Appendix sources 51-52)

TOPSEC is China's biggest network security company and is one of the companies authorized by the Chinese government to have access to Windows source code for evaluation. CNITSEC is the organization responsible for China's IT security program.

This revelation follows on from an earlier cable where US diplomats claim that the order to carry out the attack on Google last year came from the head of China's propaganda and censorship chief.

Editorial standards