EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.06.10

Wikileaks/Cablegate Reveals That Microsoft Gave Windows Source Code to TOPSEC, Which Trains and Employs Chinese Cyberspies

Posted in Microsoft, Security, Windows at 11:56 am by Dr. Roy Schestowitz

Kevin Mitnick
Putting Windows source code in the hands
of the Kevin Mitnicks of China

Summary: Microsoft equips private companies — not just governments — with just what they need to intrude all Windows-running computers, namely a key to potential remote access without liability

NOT just incompetence and negligence [1, 2, 3] are the cause of Microsoft’s security problems. Based on Cablegate leaks, it is possible that Microsoft’s secret (and poorly audited) code is exploited so often in China because Microsoft gives them access to this source code (which security researchers in the West cannot see and scrutinise prior to release in binary form).

Several days ago we showed some Egypt cables (prior to Wikileaks being targeted by censors) and it helped show just how closely Microsoft works with governments on ‘security’. The Guardian noticed this independently from us and highlighted the following block (filed under “US embassy cables: China uses access to Microsoft source code to help plot cyber warfare, US fears”):

56. (S//NF) CTAD comment: Additionally, CNITSEC enterprises has recruited Chinese hackers in support of nationally-funded “network attack scientific research projects.” From June 2002 to March 2003, TOPSEC employed a known Chinese hacker, Lin Yong (a.k.a. Lion and owner of the Honker Union of China), as senior security service engineer to manage security service and training. Venus Tech, another CNITSEC enterprise privy to the GSP, is also known to affiliate with XFocus, one of the few Chinese hacker groups known to develop exploits to new vulnerabilities in a short period of time, as evidenced in the 2003 release of Blaster Worm (See CTAD Daily Read File (DRF) April 4, 2008). 57. (S//NF) CTAD comment: While links between top Chinese companies and the PRC are not uncommon, it illustrates the PRC’s use of its “private sector” in support of governmental information warfare objectives, especially in its ability to gather, process, and exploit information. As evidenced with TOPSEC, there is a strong possibility the PRC is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities. (Appendix sources 51-52)

So, not just governments are getting access to source code. The “agreement with Microsoft… allowed select companies such as TOPSEC access to MICROSOFT source code in order to secure the Windows platform.” Here it is in raw form. “TOPSEC that trains most of china cyberspys,” Oiaohm quotes from it. “It’s in that cable,” he says. He then gives another direct quote from the cable: “TOPSEC provides services and training for the PLA and has recruited hackers in the past.” On this one he remarks: “Then latter on in the cable to says they have been granted access to MS source code.” The remainder can be read in our latest IRC logs, which make operation of this Web site entirely transparent, unlike governments. “Security by obscurity is that you don’t give the source code to the people attacking your system,” Oiaohm adds and “[i]If you are not using Security by obscurity you might as well publish the source code for everyone to see… At least then you have a better chance that truful ones will tell you where the flaws are.” (typos corrected)

“Proper obscurity can be done with open source”
      –Oiaohm
He continues: “that cable is a security research document in what the hell has gone wrong… That the USA was being breached so much… Also if you dig deeper the USA side is doing the same thing… Both are trying to use closed source to give them a cyberadvantage while both have access to the source code… Proper obscurity can be done with open source… Each system must be able to have many different combinations in its security system to attacker is not quite sure what he will be walking into… So attacks take longer to develop… MS Windows where most installs have basically the same security config… Basically have a obscurity level of nothing.”

Another cable speaks of an “invitation for a private meeting with a named DoS employee. The attached Microsoft Word document was a malicious”. Microsoft is mostly mentioned negatively (for security reasons) in Cablegate, at least thus far. What will be revealed in the remaining 99% of Cablegate (the part which has not been published yet)?

In actual security news (not leaks of old confidential reports), Vista 7 is being bricked by software which claims to improve Windows security:

THOSE WHO ARE RUNNING 64-bit Windows 7 systems should not download the update for AVG Technologies’ AV software.

AVG has withdrawn the update after complaints that the update completely bricked systems by forcing computers to go into an infinite crash loop.

Users of GNU/Linux and BSD never have such problems. Why won’t the US government encourage adoption of Free software, whose transparency makes it secure? It’s the same fallacy about secrecy which toppled both Windows security and now the US government. It arguably censors Wikileaks more zealously than other governments.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. twitter said,

    December 6, 2010 at 4:09 pm

    Gravatar

    Source code disclosure is not a source of insecurity, it is the exclusive disclosure of insecure code to malicious parties that’s the problem. When software is free it can gain a high degree of both transparency and security like OpenBSD and gnu/linux have. When software is not free, the owners lack resources to fix things. Known problems persist for decades and new problems are constantly found when old, non free code bases are forced together in monstrosities like Microsoft Windows. The absolute worst case is when malicious organizations are given exclusive access to source code that other people use. Sadly, this is always the case when people are using non free software but few have betrayed their users the way Microsoft has.

    It has long been known that sharing code with China and other US enemies was a US national security risk. Microsoft representatives testified to this in the Netscape anti-trust trials. Just a few later they started sharing code with the PRC, the former KGB and many other US hostile organizations. It is nice to see that US diplomats were aware of this betrayal but we have to wonder why the US government has not acted on the knowledge. Windows should be dumped and those responsible at Microsoft should be put on trail for espionage.

What Else is New


  1. Criticism of Unitary Patent (UPC) Agreement Doomed the UPC and Patent Trolls' Plan -- Along With the Litigation Lobby -- for Unified 'Extortion Vector'

    The Unitary Patent or Unified Patent Court (UPC) was the trolls' weapon against potentially millions of European businesses; but those businesses have woken up to the fact that it was against their interests and European member states such as Spain and Poland now oppose it while Germany halts ratification



  2. It Wasn't Judges With Weapons in Their Office, It Was Benoît Battistelli Who Brought Firearms to the European Patent Office (EPO)

    The EPO scandals deepen in light of a very major scandal which has occupied the French media for a couple of months



  3. Links 20/9/2018: 2018 Linux Audio Miniconference and Blackboard's Openwashing

    Links for the day



  4. Links 19/9/2018: Chromebooks Get More DEBs, LLVM 7.0.0 Released

    Links for the day



  5. Links 18/9/2018: Qt 5.12 Alpha , MAAS 2.5.0 Beta, PostgreSQL CoC

    Links for the day



  6. Today's European Patent Office (EPO) Works for Large, Foreign Pharmaceutical Companies in Pursuit of Patents on Nature, Life, and Essential/Basic Drugs

    The never-ending insanity which is patents on DNA/genome/genetics and all sorts of basic things that are put together like a recipe in a restaurant; patents are no longer covering actual machinery that accomplishes unique tasks in complicated ways, typically assembled from scratch by humans; some supposed 'inventions' are merely born into existence by the natural splitting of organisms or conception (e.g. pregnancy)



  7. The EPO Has Quit Pretending That It Cares About Patent Quality, All It Cares About is Quantity of Lawsuits

    A new interview with Roberta Romano-Götsch, as well as the EPO's promotion of software patents alongside CIPA (Team UPC), is an indication that the EPO has ceased caring about quality and hardly even pretends to care anymore



  8. Qualcomm's Escalating Patent Wars Have Already Caused Massive Buybacks (Loss of Reserves) and Loss of Massive Clients

    Qualcomm's multi-continental patent battles are an effort to 'shock and awe' everyone into its protection racket; but the unintended effect seems to be a move further and further away from 'Qualcomm territories'



  9. Links 17/9/2018: Torvalds Takes a Break, SQLite 3.25.0 Released

    Links for the day



  10. The Patent Trial and Appeal Board (PTAB) Helps Prevent Frivolous Software Patent Lawsuits

    PTAB with its quality-improving inter partes reviews (IPRs) is enraging patent maximalists; but by looking to work around it or weaken it they will simply reduce the confidence associated with US patents



  11. Abstract Patents (Things One Can Do With Pen and Paper, Sometimes an Abacus) Are a Waste of Money as Courts Disregard Them

    A quick roundup of patents and lawsuits at the heart of which there's little or no substance; 35 U.S.C. § 101 renders these moot



  12. “Blockchain” Hype and “FinTech”-Like Buzzwords Usher in Software Patents Everywhere, Even Where Such Patents Are Obviously Bunk

    Not only the U.S. Patent and Trademark Office (USPTO) embraces the "blockchain" hype; business methods and algorithms are being granted patent 'protection' (exclusivity) which would likely be disputed by the courts (if that ever reaches the courts)



  13. Qualcomm's Patent Aggression Threatens Rationality of Patent Scope in Europe and Elsewhere

    Qualcomm's dependence on patent taxes (so-called 'royalties' associated with physical devices which it doesn't even make) highlights the dangers now known; the patent thicket has grown too "thick"



  14. Months After Oil States the Patent Maximalists Are Still Desperate to Crush PTAB in the Courts, Not Just in Congress and the Office

    Patent Trial and Appeal Board (PTAB) inter partes reviews (IPRs) improve patent quality and are therefore a threat to those who profit from spurious feuding and litigation; they try anything they can to turn things around



  15. IAM, Watchtroll and the EPO Still Spread the Mentality of Patent Maximalism

    The misguided idea that the objective (overall) should be to grant as many monopolies as possible (to spur a lot of litigation) isn't being challenged in echo chamber 'events', set up and sponsored by think tanks and pressure groups of the litigation 'industry'



  16. Watchtroll and Other Proponents of Patent Trolls Are Trying to Change the Law Outside the Courts in Order to Bypass Patent Justice

    35 U.S.C. § 101 (Section 101) voids almost every software patent — a reality that even the most zealous patent professionals have come to grips with and their way of tackling this ‘problem’ is legislative, albeit nowhere near successful (so far)



  17. Links 16/9/2018: Windows Plays 'Nice' Again, Elisa Music Player 0.3 Beta and Latte Dock 0.8.1

    Links for the day



  18. Slamming Courts and Judges Won't Help the Patent Maximalists; It Can Only Make Things Worse

    Acorda Therapeutics sees its stock price dropping 25% after finding out that its patent portfolio isn't solid, as affirmed by the Federal Circuitn(CAFC); the only way out of this mess is a pursuit of a vastly improved patent quality, thorough patent examination which then offers legal certainty



  19. Patent Trolls Are Still Active and Microsoft is Closely Connected to Many of Them

    A roundup of patent trolls' actions in the United States; Microsoft is connected to a notably high number of these



  20. Advancements in Automobile Technology Won't be Possible With Patent Maximalism

    Advancements in the development of vehicles are being discouraged by a thicket of patents as dumb (and likely invalid) as claims on algorithms and mere shapes



  21. Battistelli “Has Deeply Hurt the Whole Patent Profession, Examiners as Well as Agents” and Also the Image of France

    A French perspective regarding Battistelli's reign at the EPO, which has not really ended but manifests itself or 'metastasises' through colleagues of Battistelli (whom he chose) and another French President (whom he also chose)



  22. António Campinos Needs to Listen to Doctors Without Borders (MSF) et al to Salvage What's Left of Public Consent for the EPO

    Groups including Doctors Without Borders/Médecins Sans Frontières (MSF) and Médecins du Monde (MdM) have attempted to explain to the EPO, with notoriously French-dominated leadership, that it’s a mistake to work for Gilead at the expense of the public; but António Campinos is just another patent maximalist



  23. The Max Planck Institute's Determination on UPC's (Unitary Patent) Demise is Only “Controversial” in the Eyes of Rabid Members of Team UPC

    Bristows keeps lying like Battistelli; that it calls a new paper "controversial" without providing any evidence of a controversy says a lot about Bristows LLP, both as a firm and the individuals who make up the firm (they would not be honest with their clients, either)



  24. Links 15/9/2018: Wine 3.16, Overwatch's GNU/Linux (Wine) 'Ban', New Fedora 28 Build, and Fedora 29 Beta Delay

    Links for the day



  25. Max Planck Institute Pours More Water on the Dying Unitary Patent (UPC)

    The Max Planck Institute gives another sobering reality check for Team UPC to chew on; there's still no sign of any progress whatsoever for the UPC because even Team UPC appears to have given up and moved on



  26. EPO Seals Many Death Sentences With Acceptance of EP 2604620

    Very disappointing news as EP 2604620 withstands scrutiny, assuring that a lot of poor people will not receive much-needed, life-saving treatments



  27. Links 13/9/2018: Compiz Comeback, 'Life is Strange: Before the Storm'

    Links for the day



  28. Now We Have Patents on Rooms. Yes, Rooms!

    The shallow level of what nowadays constitutes "innovation" and merits getting a patent for a couple of decades



  29. EPO Granted a Controversial European Patent (Under Battistelli) Which May Literally Kill a Lot of People

    The EPO (together with CIPA) keeps promoting software patents; patents that are being granted by the EPO literally put lives at risk and have probably already cost a lot of lives



  30. Links 13/9/2018: Parrot 4.2.2, Sailfish OS Nurmonjoki, Eelo Beta

    Links for the day


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts