Bonum Certa Men Certa

Wikileaks/Cablegate Reveals That Microsoft Gave Windows Source Code to TOPSEC, Which Trains and Employs Chinese Cyberspies

Kevin Mitnick
Putting Windows source code in the hands
of the Kevin Mitnicks of China



Summary: Microsoft equips private companies -- not just governments -- with just what they need to intrude all Windows-running computers, namely a key to potential remote access without liability

NOT just incompetence and negligence [1, 2, 3] are the cause of Microsoft's security problems. Based on Cablegate leaks, it is possible that Microsoft's secret (and poorly audited) code is exploited so often in China because Microsoft gives them access to this source code (which security researchers in the West cannot see and scrutinise prior to release in binary form).



Several days ago we showed some Egypt cables (prior to Wikileaks being targeted by censors) and it helped show just how closely Microsoft works with governments on 'security'. The Guardian noticed this independently from us and highlighted the following block (filed under "US embassy cables: China uses access to Microsoft source code to help plot cyber warfare, US fears"):

56. (S//NF) CTAD comment: Additionally, CNITSEC enterprises has recruited Chinese hackers in support of nationally-funded "network attack scientific research projects." From June 2002 to March 2003, TOPSEC employed a known Chinese hacker, Lin Yong (a.k.a. Lion and owner of the Honker Union of China), as senior security service engineer to manage security service and training. Venus Tech, another CNITSEC enterprise privy to the GSP, is also known to affiliate with XFocus, one of the few Chinese hacker groups known to develop exploits to new vulnerabilities in a short period of time, as evidenced in the 2003 release of Blaster Worm (See CTAD Daily Read File (DRF) April 4, 2008). 57. (S//NF) CTAD comment: While links between top Chinese companies and the PRC are not uncommon, it illustrates the PRC's use of its "private sector" in support of governmental information warfare objectives, especially in its ability to gather, process, and exploit information. As evidenced with TOPSEC, there is a strong possibility the PRC is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities. (Appendix sources 51-52)


So, not just governments are getting access to source code. The "agreement with Microsoft... allowed select companies such as TOPSEC access to MICROSOFT source code in order to secure the Windows platform." Here it is in raw form. "TOPSEC that trains most of china cyberspys," Oiaohm quotes from it. "It's in that cable," he says. He then gives another direct quote from the cable: "TOPSEC provides services and training for the PLA and has recruited hackers in the past." On this one he remarks: "Then latter on in the cable to says they have been granted access to MS source code." The remainder can be read in our latest IRC logs, which make operation of this Web site entirely transparent, unlike governments. "Security by obscurity is that you don't give the source code to the people attacking your system," Oiaohm adds and "[i]If you are not using Security by obscurity you might as well publish the source code for everyone to see... At least then you have a better chance that truful ones will tell you where the flaws are." (typos corrected)

“Proper obscurity can be done with open source”
      --Oiaohm
He continues: "that cable is a security research document in what the hell has gone wrong... That the USA was being breached so much... Also if you dig deeper the USA side is doing the same thing... Both are trying to use closed source to give them a cyberadvantage while both have access to the source code... Proper obscurity can be done with open source... Each system must be able to have many different combinations in its security system to attacker is not quite sure what he will be walking into... So attacks take longer to develop... MS Windows where most installs have basically the same security config... Basically have a obscurity level of nothing."

Another cable speaks of an "invitation for a private meeting with a named DoS employee. The attached Microsoft Word document was a malicious". Microsoft is mostly mentioned negatively (for security reasons) in Cablegate, at least thus far. What will be revealed in the remaining 99% of Cablegate (the part which has not been published yet)?

In actual security news (not leaks of old confidential reports), Vista 7 is being bricked by software which claims to improve Windows security:

THOSE WHO ARE RUNNING 64-bit Windows 7 systems should not download the update for AVG Technologies' AV software.

AVG has withdrawn the update after complaints that the update completely bricked systems by forcing computers to go into an infinite crash loop.


Users of GNU/Linux and BSD never have such problems. Why won't the US government encourage adoption of Free software, whose transparency makes it secure? It's the same fallacy about secrecy which toppled both Windows security and now the US government. It arguably censors Wikileaks more zealously than other governments.

Comments

Recent Techrights' Posts

Brett Wilson LLP Has Just Lost a Case of Its Biggest Client "IN THE COURT OF APPEAL (CIVIL DIVISION)"
Is Brett Wilson LLP proud of such clientele?
Gary Smith Says Brett Wilson LLP Engages in SLAPP Against Him Over LinkedIn Post, "This is the Streisand Effect in Real Time"
"Lawyers who front SLAPP‑style threats on behalf of powerful institutions are not “defending reputation”; they are abusing legal process to intimidate and silence legitimate public‑interest scrutiny."
 
Slop Gives No Real Edge, It's Just Falsely Marketed That Way (FOMO)
Plagiarism in some measurable form is always bad, irrespective of what we call it
The Microsoft-Owned Media Shows What Spin Microsoft Will Use Amid Mass Layoffs
Microsoft says goodbye to over 10,000 workers this month
The Media is Shooting Its Own Foot by Peddling Slop and Spam
Nobody wishes to read slop; as soon as people realise "the news" (or "news site") is LLM trash, they will walk away
Gemini Links 01/07/2026: Wild Flowers, Slop, and Waystone Tools
Links for the day
Links 01/07/2026: Bending Spoons Makes an 'Exit' ("Going Public"), US Supreme Court Rules on Many Issues
Links for the day
Misattributing Blame, the Core Issue is Slop
that issue has nothing to do with Bash
Microsoft: Layoffs Are an Investment
Sales of the console will take another plunge and debt will skyrocket
Links 01/07/2026: MElon (Elon Musk) "Confronted With List of People He Has Killed", Microsoft Ignores Union, Chooses "Bloodbath"
Links for the day
The Register MS: Paid-For SPAM Advocating Chinese Colonialism in Africa, Not Even a Disclosure (as Before)
Does The Register MS recognise what this piece is promoting and who for?
Techrights Never Defended Rapists
In the past, I and others got falsely accused of "defend[ing] a rapist"
"Regular Silent Layoffs and PIPs" at Microsoft, According to Microsoft Insider
Many people leave without a fuss, only a signed NDA
Gaming Companies Help Promote Rootkits ('Anticheat') and Help Microsoft Take Control of People's PCs
The industry in its current form acts a bit more like a cabal of power-hungry companies that actively try to back-door everything and smear people who oppose that
IRC (Internet Relay Chat) Turns 38 Next Month
IRC did well because over 300k users are on significant networks (simultaneous, also counting bots and cross-network overlaps)
opensourceforu.com is a Slopfarm, It's Not "Open Source" and It's Not "For U"
Slop "For U"
DRM and Ownership
We now even have PCs that "expire"
GNU/Linux Reaches 6% in North America
Tomorrow around 10AM we'll see what preliminary data they get for July
IBM Layoffs Still Happening in 2026, They're Just Not Being Reported
The demise of IBM accompanies the demise of the media
SLAPP Censorship - Part 124 Out of 200: The Court Deems My Wife Connected to the Case of the Serial Strangler From Microsoft, Invites Her to the Hearing Last Week
Brett Wilson LLP does not play by the rules
Paying Severance to Staff Laid Off by Microsoft Too Expensive for Microsoft Now?
When companies earn such a bad reputation (not paying severance to people they discard) it lowers morale even further
Microsoft Mass Layoffs Due to Money Problems (Debt, Lack of Money to Complete Payroll), Not "Hey Hi"
If Microsoft later comes up with some "Hey Hi" narrative, then immediately reject it
Stop Conflating Free Software With Slop Plagiarism and Time-wasting
Even decades ago people could use "compute" for lots of fuzzing, then file away false or unaudited reports using bots
What Security Means
Security does not mean asking Microsoft for permission
Microsoft May be Losing 10,000+ Workers This Month
Here's the quick math
BSN Senior School Leidschenveen is Shutting Down and What That Means to the European Patent Office (EPO)
Follow-up meeting with Site Manager VP1 on school matters
Gemini Links 01/07/2026: Keeping (Relatively) Cool plus Adventures in Solar, Camp Snap Cameras and XTEINK X4 Ereader Reviews
Links for the day
European Patent Office (EPO) Series: Different Strokes For Different Folks
Organisation operating in two parallel universes
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 30, 2026
IRC logs for Tuesday, June 30, 2026
GNU/Linux Measured at 4.4% by statCounter, Even More by analytics.usa.gov
GNU/Linux has fared well
Getting Skyped: Closure of Studios Microsoft Bought
wait till July and the mass layoffs outside XBox
Several Waves of Red Hat Layoffs This Year, Is This Still Going on Under IBM?
The PIPs and NDAs hard to get a clear picture
Sabine Hossenfelder Versus IBM Scamming Shareholders
IBM has become a garage of BS
Some XBox Layoffs Underway, At Least Five Studios to be Shut Down
Insiders are in a state of panic
Gemini Links 30/06/2026: Music Theory, Addiction, Clown Computing
Links for the day
Links 30/06/2026: France Recorded 1,000 Excess Deaths During Heat Wave, Slop Replaced by Human Staff
Links for the day
WordPress Becoming What We Feared It Would Become
WordPress and other such bloatware (WordPress used to be fast and light) are moving in the same trajectory that GAFAM leads
People Given the Totally Wrong Idea That "Secure Boot" is About Security (It's the Opposite, It's About Handing Control Over to NSA/Microsoft)
"Secure Boot" with capital "B" is conflating compromise with security.
Today The Register MS is Publishing Fake Articles About "AI", 100% of All "Content"
Maybe the media is dying because it is selling its soul [...] The Register MS has no standard
America Has Cost Europe Too Much
Countries ought to be controlling all their own systems
GAFAM Debt Will Surge, in July We'll Know by How Much
Do not fall for slop or sloppy narratives
Call for European Patent Office (EPO) Whistleblowers
The European Patent Organisation (EPO) might not reform the Office
400-Page US Federal Court Against Abuses by Google, Microsoft and Front Groups That Abuse Volunteers for American Corporations
There are 386 pages in total (in the US claim)
Projection Tactics - Part IV: SLAPP by Americans Against Techrights (UK) to Hide Serious Abuses Against American Women
"PRs need to stop being complicit in suppression of information via SLAPPs"
Five Years Ago, After We Broke the Story About Richard Stallman Rejoining the FSF's Board, All Hell Broke Loose (for Me and My Family)
They generally seem to target anyone who thinks Richard Stallman (RMS) should be in charge or thinks alike about computing
Projection Tactics - Part II: Causing "Serious Harm" to Many People (Even Animals)
Narcissists and sociopaths are like that
Too Many "Marketers on the Payroll" at IBM, Selling Impossible Products That Cannot be Delivered or Will Never Deliver
IBM is rotting away
Media Says Microsoft's (XBox) Layoffs May be Record-Breaking
think somewhere in the range of ~5000 for gaming/XBox alone
Sirius Open Source's Latest Report: Fake (False) Number of Staff, Almost No Money in the Bank, Overdraft, and Growing Debt (About £100,000 More Borrowed)
massive (and still growing) debt
Links 30/06/2026: What's Wrong With EU Age Verification, RSA Keys with Many Zeros
Links for the day
This is Not a Security, This is a Circus
Security does not mean "asked Microsoft for permission"
Communities Need Strong Leadership, Not Dictators Like IBM
Leadership in Free software is not ownership [...] Fedora will only last as long as IBM can somehow make some money out of it or leverage it to attract sharecropping
Patents Are Not "Cash Cows"
People who deliberately don't understand patents (or believe lies about them) will fail to understand how the world works (or does not work)
Sad Lives of People Who Think Women Are Just Sexual Toys (All They Have is Money)
money is still a man-made concept and life is finite
SLAPP Censorship - Part 123 Out of 200: Why Violence Against Animals Matters
Starting tomorrow (Wednesday) we'll begin telling stories about what happened last week
EPO Staff Union's (SUEPO) The Hague Committee, With Help of Lawyer, Challenges Lack of Rewards for Hard Work
The EPO is not about granting valid patents anymore. The horse-trading corrupt officials just see the EPO as some thing that "prints money"
Massive EPO Demonstration Today
It'll start in about 6 hours
More Layoffs in Microsoft's PR Department, Even Ahead of 'D-Day'
Notice they are not even waiting for the official date (nor week)
European Patent Office (EPO) Series: Photo-Ops Galore and Suspicions of Influence-Peddling
coverage of the EPO's Croatian junket
Gemini Links 30/06/2026: Music and Broken Hearts
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, June 29, 2026
IRC logs for Monday, June 29, 2026
Gemini Links 29/06/2026: Using More of GPLv3+ and Merits of Security by TOFU
Links for the day
Links 29/06/2026: Lemote Yeeloong Laptop With OpenBSD, Slop Ruins Code/Development
Links for the day
Antisocial People With No Computer Science Background Are Ruining the Technology Space (Like Officials With No Experience in Patents Destroyed the EPO)
This is a real issue; it needs to be widely recognised and tackled
DDoS Attacks Are a Crime and They Only Increase Interest (Intrigue) in Their Target
Information cannot be DDoSed out of reach/existence, except temporarily
Pushing to the Top
Publishing is about exposing corruption
Whistleblowing and Retaliation by Microsoft Workers Against Microsoft Seems Increasingly Likely
some will go to the press, looking to expose some shenanigans
How Long Can a Company Delay Its Financial Report That Likely Confirms Exodus of Staff, Growing Debt, and Other Problems?
Brett Wilson LLP was meant to release its annual report some time early this month
SLAPP Censorship - Part 122 Out of 200: Garrett's Solicitors Confirm That Garrett is Ban-Evading and Spying on Our IRC Network
his solicitors basically acknowledge this
European Patent Office (EPO) Series: Networking With the National Delegates
António Campinos with a prime opportunity to network with the Administrative Council delegates and lobby for his reappointment
PIPs and "Retirements": IBM Layoffs in Anything But Name
That former Red Hat (now IBM) staff threatens to put my wife and I in prison is worse than cruel
Contact Members of the EPO Administrative Council, Tell Them the EPO (Office) Became a Disgrace and an Enemy of Europe's Citizens
If you live in Europe (not just the EU, even Turkey is included), please contact your delegates
The World Needs GNU/Linux for Security, Turn Off "Secure Boot" (It's the Opposite of Security)
They call it "Secure Boot", but what does it mean to say "Secure" when you actively opt for back doors controlled by Microsoft, the FBI, and many more parties?
In Signal of Weakness or Phasing Out XBox (Not Sustainable, According to the CEO) Microsoft "Pauses New Third-Party Game Pass Deals"
Moments ago
Two Pieces About "AI" This Morning Were Paid-For SPAM at The Register MS
The Register MS is the "Tech News" publisher you can pay to promote your company and even key-word-stuff pages for SEO purposes
Week of Microsoft Layoffs, Maybe Record-Breaking Scale
They will mislead about the scale
Links 28/06/2026: More Om Malik Eulogies, Cloudflare Promotes Web Browser Monocultures
Links for the day
IBM's Alderon as "Silent Layoffs", Not Just Bailout From Taxpayers
Seeing through the noise
'Modern' Web: "Stop! You Are Browsing Too Fast!"
Can the Web ever recover from this?
Pensions Tied to Ponzi Schemes Are Themselves Ponzi Schemes
Pensions are becoming more like that as well
Laptop Bricked After Microsoft Certificates Expiry
Is "Jim" dead?
Monoculture in Europe as National (or Continental) Security Threat
We need more browser diversity
Canada 5-0: GNU/Linux Rises to 5.0%, Windows Rapidly Falls to New Lows
Will we be seeing 6-0 (6%) by year's end and will Microsoft be shown two red cards?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 28, 2026
IRC logs for Sunday, June 28, 2026
Gemini Links 29/06/2026: Sansieviera, HiFi, and Self-Signed Certificates
Links for the day