EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.06.10

Wikileaks/Cablegate Reveals That Microsoft Gave Windows Source Code to TOPSEC, Which Trains and Employs Chinese Cyberspies

Posted in Microsoft, Security, Windows at 11:56 am by Dr. Roy Schestowitz

Kevin Mitnick
Putting Windows source code in the hands
of the Kevin Mitnicks of China

Summary: Microsoft equips private companies — not just governments — with just what they need to intrude all Windows-running computers, namely a key to potential remote access without liability

NOT just incompetence and negligence [1, 2, 3] are the cause of Microsoft’s security problems. Based on Cablegate leaks, it is possible that Microsoft’s secret (and poorly audited) code is exploited so often in China because Microsoft gives them access to this source code (which security researchers in the West cannot see and scrutinise prior to release in binary form).

Several days ago we showed some Egypt cables (prior to Wikileaks being targeted by censors) and it helped show just how closely Microsoft works with governments on ‘security’. The Guardian noticed this independently from us and highlighted the following block (filed under “US embassy cables: China uses access to Microsoft source code to help plot cyber warfare, US fears”):

56. (S//NF) CTAD comment: Additionally, CNITSEC enterprises has recruited Chinese hackers in support of nationally-funded “network attack scientific research projects.” From June 2002 to March 2003, TOPSEC employed a known Chinese hacker, Lin Yong (a.k.a. Lion and owner of the Honker Union of China), as senior security service engineer to manage security service and training. Venus Tech, another CNITSEC enterprise privy to the GSP, is also known to affiliate with XFocus, one of the few Chinese hacker groups known to develop exploits to new vulnerabilities in a short period of time, as evidenced in the 2003 release of Blaster Worm (See CTAD Daily Read File (DRF) April 4, 2008). 57. (S//NF) CTAD comment: While links between top Chinese companies and the PRC are not uncommon, it illustrates the PRC’s use of its “private sector” in support of governmental information warfare objectives, especially in its ability to gather, process, and exploit information. As evidenced with TOPSEC, there is a strong possibility the PRC is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities. (Appendix sources 51-52)

So, not just governments are getting access to source code. The “agreement with Microsoft… allowed select companies such as TOPSEC access to MICROSOFT source code in order to secure the Windows platform.” Here it is in raw form. “TOPSEC that trains most of china cyberspys,” Oiaohm quotes from it. “It’s in that cable,” he says. He then gives another direct quote from the cable: “TOPSEC provides services and training for the PLA and has recruited hackers in the past.” On this one he remarks: “Then latter on in the cable to says they have been granted access to MS source code.” The remainder can be read in our latest IRC logs, which make operation of this Web site entirely transparent, unlike governments. “Security by obscurity is that you don’t give the source code to the people attacking your system,” Oiaohm adds and “[i]If you are not using Security by obscurity you might as well publish the source code for everyone to see… At least then you have a better chance that truful ones will tell you where the flaws are.” (typos corrected)

“Proper obscurity can be done with open source”
      –Oiaohm
He continues: “that cable is a security research document in what the hell has gone wrong… That the USA was being breached so much… Also if you dig deeper the USA side is doing the same thing… Both are trying to use closed source to give them a cyberadvantage while both have access to the source code… Proper obscurity can be done with open source… Each system must be able to have many different combinations in its security system to attacker is not quite sure what he will be walking into… So attacks take longer to develop… MS Windows where most installs have basically the same security config… Basically have a obscurity level of nothing.”

Another cable speaks of an “invitation for a private meeting with a named DoS employee. The attached Microsoft Word document was a malicious”. Microsoft is mostly mentioned negatively (for security reasons) in Cablegate, at least thus far. What will be revealed in the remaining 99% of Cablegate (the part which has not been published yet)?

In actual security news (not leaks of old confidential reports), Vista 7 is being bricked by software which claims to improve Windows security:

THOSE WHO ARE RUNNING 64-bit Windows 7 systems should not download the update for AVG Technologies’ AV software.

AVG has withdrawn the update after complaints that the update completely bricked systems by forcing computers to go into an infinite crash loop.

Users of GNU/Linux and BSD never have such problems. Why won’t the US government encourage adoption of Free software, whose transparency makes it secure? It’s the same fallacy about secrecy which toppled both Windows security and now the US government. It arguably censors Wikileaks more zealously than other governments.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email
  • Google Bookmarks

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. twitter said,

    December 6, 2010 at 4:09 pm

    Gravatar

    Source code disclosure is not a source of insecurity, it is the exclusive disclosure of insecure code to malicious parties that’s the problem. When software is free it can gain a high degree of both transparency and security like OpenBSD and gnu/linux have. When software is not free, the owners lack resources to fix things. Known problems persist for decades and new problems are constantly found when old, non free code bases are forced together in monstrosities like Microsoft Windows. The absolute worst case is when malicious organizations are given exclusive access to source code that other people use. Sadly, this is always the case when people are using non free software but few have betrayed their users the way Microsoft has.

    It has long been known that sharing code with China and other US enemies was a US national security risk. Microsoft representatives testified to this in the Netscape anti-trust trials. Just a few later they started sharing code with the PRC, the former KGB and many other US hostile organizations. It is nice to see that US diplomats were aware of this betrayal but we have to wonder why the US government has not acted on the knowledge. Windows should be dumped and those responsible at Microsoft should be put on trail for espionage.

What Else is New


  1. Links 14/7/2020: Claws Mail 3.17.6 and RSS Guard 3.7.0 Released

    Links for the day



  2. Microsoft Has Put the String “0xBIGBOOBS” Inside Linux (Kernel Driver for Microsoft's Windows-Only Proprietary Software, Formerly a GPL Violation); Reddit (Condé Nast) Bans You For Mentioning Such Things

    In this increasingly crazy atmosphere of mass sanctioning and permanent banning (removing everything or everyone that's perceived to be impolite) even "Linux" forums are banning people who point out Microsoft being a rogue corporation that's attacking GNU/Linux



  3. There's Apparently a New Boss (or Policy) at Red Hat/IBM

    The Fedora project doesn’t seem to care much about free speech, no matter one’s seniority in the project; as the person who relayed it to us has just put it, “they even eat their own.” (Longtime contributors) “He’s not a troll. He’s a contributor who rubbed some people the wrong way and now the banhammer is coming out. Fedora KDE was already collapsing and now it finally will.” (Note: Rex Dieter leads or led this project)



  4. There Cannot be Software Freedom Without Free Speech (Which is Nowadays Being Wrongly and Creatively Conflated With Racism)

    The time to speak out in favour of free speech is now; because the next phase typically involves removal (to be sold as "voluntary") of people whose political views are seen as professionally inadequate (recall what they did to Richard Stallman last September)



  5. [Humour/Meme] 'Offensive' Jokes

    Even humour itself is under attack now; people who cannot take/tolerate cartoons and banter are targeting the stand-up comedians, the cartoonists and so on



  6. The Media Does Not Like Talking About Linux (Which It Doesn't Understand Anyway). It Makes the News All About Linus.

    Just like back in May (or every other week) the news about Linux itself is being ignored and the subject is getting personified to make Linux seem rude and unruly



  7. Links 13/7/2020: Linux 5.8 RC5, Qt Creator Beta, Mexico Threatens GNU/Linux

    Links for the day



  8. [Humour/Meme] Embrace, Extend, and Curl

    The Curl project, a high-profile prisoner of GitHub, is again being 'embraced' by Microsoft (which already controls the project through GitHub)



  9. IRC Proceedings: Sunday, July 12, 2020

    IRC logs for Sunday, July 12, 2020



  10. [Humour/Meme] Half a Decade Has Passed and EPO Management Was Never Held Accountable for Illegal Surveillance

    A lot of people may no longer remember it, but the EPO can break privacy laws — as it still routinely does — with no consequences whatsoever



  11. Cleaning the Code

    War must go on; but it'll be more diverse and inclusive



  12. Why We Care About (Mis)Use of Language in Technology

    Software development communities are being divided over issues that would likely not tackle actual racism in any meaningful and profound way (just a symbolic way)



  13. Links 12/7/2020: KF6 Progress Report, GNUnet 0.13.1, Nano Becomes Default Terminal Text Editor in Fedora

    Links for the day



  14. They Always Worked for Microsoft (Directly and Indirectly) and Were Financially Rewarded for That

    Nat and Miguel, now put in charge of new weapons against software freedom (e.g. GitHub and NPM), have long worked for Microsoft (Nat was also an intern there); Techrights was right all along about this pair



  15. Red Hat Betrayed the Free Software Community With Its Software Patents' Stockpiling Drive and Then a Sale to the Biggest Software Patents Lobbyist

    In 2020 Red Hat is little but a shadow of IBM, whose patent policy continues to threaten software freedom and whose lobbying for software patents (under the guise of "HEY HI") persists uninterrupted; this growing problem oughtn't be unspeakable



  16. Politically Correct Tech

    This new video entitled “Politically Correct Tech” covers a topic we’ve spoken a great deal about



  17. [Humour/Meme] High on Production, Stoned on Pseudoscience

    All-time high ‘production’ levels at the European Patent Office (EPO) do not mean what they want people to think and what they try hard to hide



  18. Missing From EPO Management: Actual Scientists

    Political figures and opportunists with connections occupy top positions at top European agencies; this assures self-destructive policies that diminish progress and cushion corruption



  19. All Software Should Come With a Cheat Mode

    Cheat modes are useful for developers because they enable debugging, and are sometimes called "Debug mode"



  20. Linus Torvalds Checks If It's Still Inclusive Enough to 'Bash' Bad Technology (of the Company Whose TPM Pusher Has Just Successfully Pushed to Remove Many Words)

    In the age of endless control of language (e.g. large corporations pushing for "inclusive" language whilst earning billions from bombing of 'inferior' countries) we see that it is still possible to condemn corporations on technical grounds (at least if you’re Linus Torvalds)



  21. Even Before Microsoft Paid ('Joined') the Linux Foundation Jim Zemlin Had a Preference for Microsofters

    Even years before the Linux Foundation was receiving money from Microsoft it had a tendency to hire Microsoft’s people for key positions (a lot of people no longer remember that, but it’s still in the public record; it was Jim Zemlin who approached if not chased Mr. Ramji to offer him the job and the colleagues saw no problem with that)



  22. IRC Proceedings: Saturday, July 11, 2020

    IRC logs for Saturday, July 11, 2020



  23. Links 12/7/2020: KDE Plasma 5.20 Preview and Elive 3.8.14 Beta

    Links for the day



  24. [Humour] The 'Orange One' Does Not Respect Judges Either

    More than two years after taking over the European Patent Office (EPO) António Campinos has done absolutely nothing to restore judicial independence of the Boards of Appeal of the EPO



  25. The Systemd Song

    Speak out about IBM's strategy before we're all using GNU/Linux distros 'barcoded' with systemd



  26. Monopoly (or Vendor Lock-in) is Not Modularity

    IBM cannot totally control the kernel, Linux; IBM's control over GNU/Linux may be worth even more than what it paid for Red Hat as that's the key to overpriced support contracts and the general direction of development (important trends such as file systems and various low-level stacks)



  27. The Internet Archive Doesn't Forget, Whereas the Internet and the Web Forget Very Fast

    World Wide Web history is grossly undervalued and preservation of such history (e.g. by the Wayback Machine) is taken for granted by far too many people; the robber barons of today benefit the most from erosion of collective memory as they get to rewrite the past to suit their present and future interests



  28. Environmentalism and Free Software Can be Viewed as Closely Connected and Help One Another

    Modest lifestyles are an overlapping pattern in the Free software community and green activists; there's room for alliances and collaboration, bettering society by reducing consumption and discouraging voyeurism



  29. Free (as in Freedom) Software + Social Control Media ≠ Free Speech

    Speaking through middlemen and private platforms is bad enough (that gives others unjust power over speech); to claim that because the underlying platform is free/libre software it therefore becomes a non-issue is also dishonest



  30. António Campinos: President or Quasi-Autocratic Corporate Puppet?

    The culture of oppression — and censorship of evidence of oppression — is what today’s EPO is all about; the EPO learned how to better avoid (or block) negative publicity without actually changing its ways; and due to unprecedented speech restrictions you won’t hear that from SUEPO


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts