EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.06.10

Wikileaks/Cablegate Reveals That Microsoft Gave Windows Source Code to TOPSEC, Which Trains and Employs Chinese Cyberspies

Posted in Microsoft, Security, Windows at 11:56 am by Dr. Roy Schestowitz

Kevin Mitnick
Putting Windows source code in the hands
of the Kevin Mitnicks of China

Summary: Microsoft equips private companies — not just governments — with just what they need to intrude all Windows-running computers, namely a key to potential remote access without liability

NOT just incompetence and negligence [1, 2, 3] are the cause of Microsoft’s security problems. Based on Cablegate leaks, it is possible that Microsoft’s secret (and poorly audited) code is exploited so often in China because Microsoft gives them access to this source code (which security researchers in the West cannot see and scrutinise prior to release in binary form).

Several days ago we showed some Egypt cables (prior to Wikileaks being targeted by censors) and it helped show just how closely Microsoft works with governments on ‘security’. The Guardian noticed this independently from us and highlighted the following block (filed under “US embassy cables: China uses access to Microsoft source code to help plot cyber warfare, US fears”):

56. (S//NF) CTAD comment: Additionally, CNITSEC enterprises has recruited Chinese hackers in support of nationally-funded “network attack scientific research projects.” From June 2002 to March 2003, TOPSEC employed a known Chinese hacker, Lin Yong (a.k.a. Lion and owner of the Honker Union of China), as senior security service engineer to manage security service and training. Venus Tech, another CNITSEC enterprise privy to the GSP, is also known to affiliate with XFocus, one of the few Chinese hacker groups known to develop exploits to new vulnerabilities in a short period of time, as evidenced in the 2003 release of Blaster Worm (See CTAD Daily Read File (DRF) April 4, 2008). 57. (S//NF) CTAD comment: While links between top Chinese companies and the PRC are not uncommon, it illustrates the PRC’s use of its “private sector” in support of governmental information warfare objectives, especially in its ability to gather, process, and exploit information. As evidenced with TOPSEC, there is a strong possibility the PRC is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities. (Appendix sources 51-52)

So, not just governments are getting access to source code. The “agreement with Microsoft… allowed select companies such as TOPSEC access to MICROSOFT source code in order to secure the Windows platform.” Here it is in raw form. “TOPSEC that trains most of china cyberspys,” Oiaohm quotes from it. “It’s in that cable,” he says. He then gives another direct quote from the cable: “TOPSEC provides services and training for the PLA and has recruited hackers in the past.” On this one he remarks: “Then latter on in the cable to says they have been granted access to MS source code.” The remainder can be read in our latest IRC logs, which make operation of this Web site entirely transparent, unlike governments. “Security by obscurity is that you don’t give the source code to the people attacking your system,” Oiaohm adds and “[i]If you are not using Security by obscurity you might as well publish the source code for everyone to see… At least then you have a better chance that truful ones will tell you where the flaws are.” (typos corrected)

“Proper obscurity can be done with open source”
      –Oiaohm
He continues: “that cable is a security research document in what the hell has gone wrong… That the USA was being breached so much… Also if you dig deeper the USA side is doing the same thing… Both are trying to use closed source to give them a cyberadvantage while both have access to the source code… Proper obscurity can be done with open source… Each system must be able to have many different combinations in its security system to attacker is not quite sure what he will be walking into… So attacks take longer to develop… MS Windows where most installs have basically the same security config… Basically have a obscurity level of nothing.”

Another cable speaks of an “invitation for a private meeting with a named DoS employee. The attached Microsoft Word document was a malicious”. Microsoft is mostly mentioned negatively (for security reasons) in Cablegate, at least thus far. What will be revealed in the remaining 99% of Cablegate (the part which has not been published yet)?

In actual security news (not leaks of old confidential reports), Vista 7 is being bricked by software which claims to improve Windows security:

THOSE WHO ARE RUNNING 64-bit Windows 7 systems should not download the update for AVG Technologies’ AV software.

AVG has withdrawn the update after complaints that the update completely bricked systems by forcing computers to go into an infinite crash loop.

Users of GNU/Linux and BSD never have such problems. Why won’t the US government encourage adoption of Free software, whose transparency makes it secure? It’s the same fallacy about secrecy which toppled both Windows security and now the US government. It arguably censors Wikileaks more zealously than other governments.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. twitter said,

    December 6, 2010 at 4:09 pm

    Gravatar

    Source code disclosure is not a source of insecurity, it is the exclusive disclosure of insecure code to malicious parties that’s the problem. When software is free it can gain a high degree of both transparency and security like OpenBSD and gnu/linux have. When software is not free, the owners lack resources to fix things. Known problems persist for decades and new problems are constantly found when old, non free code bases are forced together in monstrosities like Microsoft Windows. The absolute worst case is when malicious organizations are given exclusive access to source code that other people use. Sadly, this is always the case when people are using non free software but few have betrayed their users the way Microsoft has.

    It has long been known that sharing code with China and other US enemies was a US national security risk. Microsoft representatives testified to this in the Netscape anti-trust trials. Just a few later they started sharing code with the PRC, the former KGB and many other US hostile organizations. It is nice to see that US diplomats were aware of this betrayal but we have to wonder why the US government has not acted on the knowledge. Windows should be dumped and those responsible at Microsoft should be put on trail for espionage.

What Else is New


  1. Patent Strengthening Would Necessarily Mean Lowering the Number of Patents Granted After Alice/35 U.S.C. § 101

    The concept of patent strength is being distorted in all sorts of ways and acronyms like IPR still being used not to describe the process by which bad patents get eliminated but to spread propaganda like 'intellectual' 'property' 'rights'



  2. Watchtroll's Reaffirmed Hatred Towards Science and Technology, Shattering the Myth About Patent Law Firms Trying to 'Help' Innovation

    The anti-technology rhetoric (what they call derogatorily "Big Tech") of patent maximalists is ruining their old narrative which goes something along the lines of helping inventors



  3. Nearly Half of Patent Applications at the EPO Are (at Least Partly) Software Patents, According to the EPO, and Not Many Patents Are European (Foreign, Not Domestic)

    With lack of care for examiners, for European businesses and for science in general the EPO carries on unabated; its agenda seems to be steered by Team UPC, which is looking to profit from lots of foreign lawsuits across Europe (relying on low-quality patents that wouldn't pass muster in national courts)



  4. Patent Factory Europe (PFE) is a Patent Troll's Publicity Stunt, Attempting to Frame a Predator as the Small Businesses' Friend and Ally

    Patent troll "France Brevets" with its tarnished name (it's the shame of France, a major source of shame other than Battistelli) has decided to do a charm offensive which characterises it as a friend of small firms (SMEs)



  5. Alice, Which Turns Four, Has Saved Billions of Dollars Previously Wasted on 'Protection' Money (Notably Patent Trolls)

    Alice has turned 4 (just five days ago) and software patents have never looked weaker (close to impossible to enforce in high courts in the United States), lowering the incentive to pursue such patents in the first place



  6. Links 23/6/2018: Kodi 18 Alpha 2, Peppermint 9, Wine 3.11

    Links for the day



  7. Somewhat Underwhelming Reception for US Patent Number 10,000,000 (Which Actually Isn't)

    While US patent number 10,000,000 did, in fact, get issued (several days ago) there are un-ignorable reminders that a lot more patents exist and the high number says more about neglected quality than actual, objective success



  8. The United States' Supreme Court Takes the Side of Patent Maximalists, for a Change

    WesternGeco LLC v. ION Geophysical Corp. reaches its conclusion; while it has zero effect on patent scope, it does serve to show that the US Supreme Court (SCOTUS) isn’t inherently biased against patents in general



  9. Mainstream Media in Germany Covers Battistelli's Corruption at the EPO Just as He Leaves

    Mainstream German media writes about Battistelli's scandals that nobody seems eager or wishes to discuss, let alone bring up; law-centric German media covers the now-famous open letter from German law firms (Grünecker, Hoffmann Eitle, Maiwald, and Vossius & Partner)



  10. Links 22/6/2018: PulseAudio 12.0, Krita 4.1 Beta, LabPlot 2.5, Git 2.18.0

    Links for the day



  11. “Dr Ernst Should be Forced by National Politicians to Step Down With Immediate Effect” After Battistelli's Latest EPO Scandals

    Further discussions about the horrible legacy of Battistelli and his protectors, who seem to be interested in a patent trolls-friendly patent system which devalues workers and consciously lowers the patent bar (at all costs, even violation of laws and constitutions)



  12. Links 21/6/2018: Microsoft's 'Damage Control' Amid Role in ICE Scandals, 11-Hour Azure Downtime (Again), GNOME 3.29.3, and More GNU/Linux Wins

    Links for the day



  13. Battistelli and Topić Lose Their Bogus 'Case' Against Judge Corcoran After They Defamed Him and Ruined His Career/Life

    The SLAPP action against Judge Patrick Corcoran, who has so far won all cases involving the EPO, is finally dismissed in Germany; what remains is an ugly legacy at the EPO, wherein everyone bold enough to say something about corruption at the top is having his or her life — not just career — destroyed



  14. Even Media of the Patent Microcosm Mentions the Decline in Quality of Patents at the EPO, Based on Its Very Own Stakeholders, While IAM Ignores the News

    The whole world basically accepts, based on patent examiners as well as those whom they interact with (patent agents), that patent quality at the EPO has sunk; but the EPO and IAM continue to vigorously deny that as it threatens some people's nefarious agenda



  15. Links 20/6/2018: Qt 5.11.1, Oracle Solaris 11.3 SRU 33, HHVM 3.27.0, Microsoft Helping ICE

    Links for the day



  16. Patent Extremists Are Unable to Find Federal Circuit Cases That Help Them Mislead on Alice

    Patent extremists prefer talking about Mayo but not Alice when it comes to 35 U.S.C. § 101; Broadcom is meanwhile going on a 'fishing expedition', looking to profit from patents by calling for embargo through the ITC



  17. What Use Are 10 Million Patents That Are of Low Quality in a Patent Office Controlled by the Patent 'Industry'?

    The patent maximalists are celebrating overgranting; the USPTO, failing to heed the warning from patent courts, continues issuing far too many patents and a new paper from Mark Lemley and Robin Feldman offers a dose of sobering reality



  18. The Eastern District of Texas is Where Asian Companies/Patents/Trolls Still Go After TC Heartland

    Proxies of Longhorn IP and KAIST (Katana Silicon Technologies LLC and KAIST IP US LLC, respectively) roam Texas in pursuit of money of out nothing but patents and aggressive litigation; there's also a Microsoft connection



  19. EPO Insiders Correct the Record of Benoît Battistelli’s Tyranny and Abuse of Law: “Legal Harassment and Retaliation”

    Battistelli’s record, as per EPO-FLIER 37, is a lot worse than the Office cares to tell stakeholders, who are already complaining about decline in patent quality



  20. Articles About a Unitary Patent System Are Lies and Marketing From Law Firms With 'Lawsuits Lust'

    Team UPC has grown louder with its lobbying efforts this past week; the same lies are being repeated without much of a challenge and press ownership plays a role in that



  21. The Decline in Patent Quality at the EPO Causes Frivolous Lawsuits That Only Lawyers Profit From

    The European Patent Office (EPO) will continue granting low-quality European Patents under the leadership of the Battistelli-'nominated' Frenchman, António Campinos; this is bad news for science and technology as that quite likely means a lot more lawsuits without merit (which only lawyers profit from)



  22. What Battistelli's Workers Think of His Latest EPO Propaganda

    "Modernising the EPO" is what Battistelli calls a plethora of human rights abuses and corruption



  23. Links 19/6/2018: Total War: WARHAMMER II Confirmed for GNU/Linux, DragonFlyBSD 5.2.2 Released

    Links for the day



  24. More Media Reports About Decline in Quality of European Patents (Granted by the EPO)

    What the media is saying about the letter from Grünecker, Hoffmann Eitle, Maiwald and Vossius & Partner whilst EPO communications shift attention to shallow puff pieces about how wonderful Benoît Battistelli is



  25. Beware Team UPC's Biggest Two Lies About the Unitary Patent (UPC)

    Claims that a Unified Patent Court (UPC) will commence next year are nothing but a fantasy of the Liar in Chief, Benoît Battistelli, who keeps telling lies to French media (some of which he passes EPO money to, just like he passes EPO money to his other employer)



  26. Diversity at the EPO

    Two decades of EPO with 16-17 years under the control of French Presidents (and nowadays predominantly French management in general with Inventor Award held in France almost half the time) is "diversity at the EPO"



  27. Orrin Hatch, Sponsored the Most by the Pharmaceutical Industry, Tries to Make Its Patents Immune From Scrutiny (PTAB)

    Orrin Hatch is the latest example of laws being up for sale, i.e. companies can 'buy' politicians to act as their 'couriers' and pass laws for them, including laws pertaining to patents



  28. Links 17/6/2018: Linux 4.18 RC1 and Deepin 15.6 Released

    Links for the day



  29. To Keep the Patent System Alive and Going Practitioners Will Have to Accept Compromises on Scope Being Narrowed

    35 U.S.C. § 101 still squashes a lot of software patents, reducing confidence in US patents; the only way to correct this is to reduce patent filings and file fewer lawsuits, judging their merit in advance based on precedents from higher courts



  30. The Affairs of the USPTO Have Turned Into Somewhat of a Battle Against the Courts, Which Are Simply Applying the Law to Invalidate US Patents

    The struggle between law, public interest, and the Cult of Patents (which only ever celebrates more patents and lawsuits) as observed in the midst of recent events in the United States


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts