12.06.10

Gemini version available ♊︎

Wikileaks/Cablegate Reveals That Microsoft Gave Windows Source Code to TOPSEC, Which Trains and Employs Chinese Cyberspies

Posted in Microsoft, Security, Windows at 11:56 am by Dr. Roy Schestowitz

Kevin Mitnick
Putting Windows source code in the hands
of the Kevin Mitnicks of China

Summary: Microsoft equips private companies — not just governments — with just what they need to intrude all Windows-running computers, namely a key to potential remote access without liability

NOT just incompetence and negligence [1, 2, 3] are the cause of Microsoft’s security problems. Based on Cablegate leaks, it is possible that Microsoft’s secret (and poorly audited) code is exploited so often in China because Microsoft gives them access to this source code (which security researchers in the West cannot see and scrutinise prior to release in binary form).

Several days ago we showed some Egypt cables (prior to Wikileaks being targeted by censors) and it helped show just how closely Microsoft works with governments on ‘security’. The Guardian noticed this independently from us and highlighted the following block (filed under “US embassy cables: China uses access to Microsoft source code to help plot cyber warfare, US fears”):

56. (S//NF) CTAD comment: Additionally, CNITSEC enterprises has recruited Chinese hackers in support of nationally-funded “network attack scientific research projects.” From June 2002 to March 2003, TOPSEC employed a known Chinese hacker, Lin Yong (a.k.a. Lion and owner of the Honker Union of China), as senior security service engineer to manage security service and training. Venus Tech, another CNITSEC enterprise privy to the GSP, is also known to affiliate with XFocus, one of the few Chinese hacker groups known to develop exploits to new vulnerabilities in a short period of time, as evidenced in the 2003 release of Blaster Worm (See CTAD Daily Read File (DRF) April 4, 2008). 57. (S//NF) CTAD comment: While links between top Chinese companies and the PRC are not uncommon, it illustrates the PRC’s use of its “private sector” in support of governmental information warfare objectives, especially in its ability to gather, process, and exploit information. As evidenced with TOPSEC, there is a strong possibility the PRC is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities. (Appendix sources 51-52)

So, not just governments are getting access to source code. The “agreement with Microsoft… allowed select companies such as TOPSEC access to MICROSOFT source code in order to secure the Windows platform.” Here it is in raw form. “TOPSEC that trains most of china cyberspys,” Oiaohm quotes from it. “It’s in that cable,” he says. He then gives another direct quote from the cable: “TOPSEC provides services and training for the PLA and has recruited hackers in the past.” On this one he remarks: “Then latter on in the cable to says they have been granted access to MS source code.” The remainder can be read in our latest IRC logs, which make operation of this Web site entirely transparent, unlike governments. “Security by obscurity is that you don’t give the source code to the people attacking your system,” Oiaohm adds and “[i]If you are not using Security by obscurity you might as well publish the source code for everyone to see… At least then you have a better chance that truful ones will tell you where the flaws are.” (typos corrected)

“Proper obscurity can be done with open source”
      –OiaohmHe continues: “that cable is a security research document in what the hell has gone wrong… That the USA was being breached so much… Also if you dig deeper the USA side is doing the same thing… Both are trying to use closed source to give them a cyberadvantage while both have access to the source code… Proper obscurity can be done with open source… Each system must be able to have many different combinations in its security system to attacker is not quite sure what he will be walking into… So attacks take longer to develop… MS Windows where most installs have basically the same security config… Basically have a obscurity level of nothing.”

Another cable speaks of an “invitation for a private meeting with a named DoS employee. The attached Microsoft Word document was a malicious”. Microsoft is mostly mentioned negatively (for security reasons) in Cablegate, at least thus far. What will be revealed in the remaining 99% of Cablegate (the part which has not been published yet)?

In actual security news (not leaks of old confidential reports), Vista 7 is being bricked by software which claims to improve Windows security:

THOSE WHO ARE RUNNING 64-bit Windows 7 systems should not download the update for AVG Technologies’ AV software.

AVG has withdrawn the update after complaints that the update completely bricked systems by forcing computers to go into an infinite crash loop.

Users of GNU/Linux and BSD never have such problems. Why won’t the US government encourage adoption of Free software, whose transparency makes it secure? It’s the same fallacy about secrecy which toppled both Windows security and now the US government. It arguably censors Wikileaks more zealously than other governments.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

A Single Comment

  1. twitter said,

    December 6, 2010 at 4:09 pm

    Gravatar

    Source code disclosure is not a source of insecurity, it is the exclusive disclosure of insecure code to malicious parties that’s the problem. When software is free it can gain a high degree of both transparency and security like OpenBSD and gnu/linux have. When software is not free, the owners lack resources to fix things. Known problems persist for decades and new problems are constantly found when old, non free code bases are forced together in monstrosities like Microsoft Windows. The absolute worst case is when malicious organizations are given exclusive access to source code that other people use. Sadly, this is always the case when people are using non free software but few have betrayed their users the way Microsoft has.

    It has long been known that sharing code with China and other US enemies was a US national security risk. Microsoft representatives testified to this in the Netscape anti-trust trials. Just a few later they started sharing code with the PRC, the former KGB and many other US hostile organizations. It is nice to see that US diplomats were aware of this betrayal but we have to wonder why the US government has not acted on the knowledge. Windows should be dumped and those responsible at Microsoft should be put on trail for espionage.

DecorWhat Else is New

  1. Links 24/03/2023: Microsoft's Fall on the Web and Many New Videos

    Links for the day

  2. IRC Proceedings: Thursday, March 23, 2023

    IRC logs for Thursday, March 23, 2023

  3. Links 24/03/2023: Social Control Media Bans Advancing

    Links for the day

  4. Links 24/03/2023: GNU Grep 3.10 and Microsoft Accenture in a Freefall

    Links for the day

  5. Links 23/03/2023: RSS Guard 4.3.3 and OpenBSD Webzine

    Links for the day

  6. Experiencing 15 Years of LibrePlanet Celebration Firsthand as a Volunteer: 2023 - Charting the Course

    Article by Marcia K Wilbur

  7. [Meme] Grabinski the Opportunity

    Reports of European Patents being invalidated (judges do not tolerate fake patents) have become so common that a kangaroo court becomes a matter of urgency for the EPO‘s Benoît Battistelli and António Campinos; will the EU and the EPO’s Administrative Council go along with it, helping to cover up more than a decade of profound corruption?

  8. Union Syndicale Fédérale Cautions the EPO's Administrative Council About Initiating an Illegal Kangaroo Court System for Patents (UPC) While EPO Breaks Laws and Sponsors the Ukraine Invasion

    Union Syndicale Fédérale (USF) is once again speaking out in support of the staff union of Europe's second-largest institution, which lacks oversight and governance because of profound corruption and regulatory capture

  9. Investigation Underway: Sirius 'Open Source' Embezzled/Stole Money, Robbed Its Own Staff

    In light of new developments and some progress in an investigation of Sirius ‘Open Source’ (for fraud!) we take stock of where things stand

  10. [Meme] Sirius 'Open Source' Pensions: Schemes or Scams? Giving a Bad Name to Open Source...

    What Sirius ‘Open Source’ did to its staff is rightly treated as a criminal matter; we know who the perpetrators are

  11. Sirius 'Open Source' Under Investigation for Pension Fraud, Several Pension Providers Examine the Facts

    2 pension providers are looking into Sirius ‘Open Source’, a company that defrauded its own staff; stay tuned as there’s lots more to come. Is this good representation for “Open Source”? From a company that had many high-profile clients in the public sector?

  12. Links 23/03/2023: Sparky 2023.03 Special Editions and SUSE Changes CEO (Dirk-Peter van Leeuwen)

    Links for the day

  13. Links 23/03/2023: Linux 6.2.8 and XWayland 23.1.0

    Links for the day

  14. IRC Proceedings: Wednesday, March 22, 2023

    IRC logs for Wednesday, March 22, 2023

  15. Apple 'Porn' Filter

    Guest post by Ryan Farmer: Apple and US State Governments Developing System to Require People to Report Themselves for Watching Porn.

  16. 3.5 Years Later Gemini Protocol and Geminispace Are Still 100% Community-Controlled

    Community-centric alternatives to the World Wide Web have gained traction; one of them, Gemini Protocol, continues to grow in 2023 and we're pleased to report progress and expansion

  17. Windows Falls to 16% Market Share in India (It was 97% in 2009), Microsoft Layoffs Reach India Too

    This month’s picture from the world’s most populous nation does not look good for Microsoft (it looks good for GNU/Linux); anonymous rumour mills online say that Microsoft isn’t moving to India but is actually firing staff based in India, so it’s a case of shrinking, not offshoring. When even low-paid (much lower salaries) staff is discarded it means things are very gloomy.

  18. Links 22/03/2023: GNOME 44 “Kuala Lumpur”

    Links for the day

  19. Microsoft Has Also Infiltrated the OSI's Board of Directors After Rigged Elections

    Weeks ago we warned that this would happen and for the third or fourth time in 2 years the OSI’s election process broke down; today the Open Source Initiative (OSI) writes: “The polls just closed, the results are in. Congratulations to the returning directors Aeva Black…” (Microsoft employee)

  20. Links 22/03/2023: Official Thunderbird Podcast Starts

    Links for the day

  21. IRC Proceedings: Tuesday, March 21, 2023

    IRC logs for Tuesday, March 21, 2023

  22. Many More Microsoft Layoffs Later Today

    Yesterday we shared rumours about Microsoft layoffs being planned for later today (there were 3 waves of layoffs so far this year). There are several more people here who say the same. How much noise will Microsoft make in the “media” in order to distract? Will the chaffbot "ChatGPT" help create enough chaff?

  23. Links 21/03/2023: JDK 20 and GNOME 43.5

    Links for the day

  24. Germany's Lobbyists-Infested Government Sponsors the War on Ukraine via the European Patent Office (EPO)

    The chief UPC ‘judge’ is basically seeking to break the law (and violate constitutions, conventions etc.) to start a kangaroo court while dodging real courts, just like Vladimir Putin does

  25. [Meme] The Meme That Team UPC (the Collusion to Break the European Laws, for Profit) Threats to Sue Us For

    António Campinos and Team UPC are intimidating people who simply point out that the Unified Patent Court (UPC) is illegal and Klaus Grabinksi, shown above, strives to head a de facto kangaroo court in violation of constitutions and conventions (the UK does not and cannot ratify; Ireland hasn’t even held a referendum on the matter)

  26. Microsoft is Sacking People Every Month This Year, Even Managers (While Sponsored Media Produces Endless Chatbot Chaff)

    Lots of Microsoft layoffs lately and so-called ‘journalists’ aren’t reporting these; they’re too busy running sponsored puff pieces for Microsoft, usually fluff along the “hey hi” (AI) theme

  27. 3 Months Late Sirius 'Open Source' Finally Deletes Us From the Fraudulent 'Meet the Team' Page (But Still Lists Many People Who Left Years Ago!)

    Amid fraud investigations the management of Sirius ‘Open Source’ finally removed our names from its “Meet the Team” page (months late); but it left in the page about half a dozen people who left the company years ago, so it’s just lying to its clients about the current situation

  28. Amid Fraud at Sirius 'Open Source' CEO Deletes His Recent (This Month) Past With the Company

    Not only did the Sirius ‘Open Source’ CEO purge all mentions of Sirius from his Microsoft LinkedIn account; he’s racing against the clock as crimes quickly become a legal liability

  29. Web Survey Shows Microsoft Falling Below 15% Market Share in Africa, Only One Minuscule African Nation Has Windows Majority

    A Web survey that measured Microsoft Windows at 97% in Africa (back in 2010) says that Windows has become rather small and insignificant; the Microsoft-sponsored mainstream media seems to be ignoring this completely, quite likely by intention...

  30. Rumours of More Microsoft Layoffs Tomorrow (Including Managers!), Probably Azure Again (Many Azure Layoffs Every Year Since 2020)

    Amazon is laying off AWS staff and Microsoft has been laying off Azure staff for 3 years already, including this year, so it seems like the “clown computing” bubble is finally bursting

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts