EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

12.06.10

Wikileaks/Cablegate Reveals That Microsoft Gave Windows Source Code to TOPSEC, Which Trains and Employs Chinese Cyberspies

Posted in Microsoft, Security, Windows at 11:56 am by Dr. Roy Schestowitz

Kevin Mitnick
Putting Windows source code in the hands
of the Kevin Mitnicks of China

Summary: Microsoft equips private companies — not just governments — with just what they need to intrude all Windows-running computers, namely a key to potential remote access without liability

NOT just incompetence and negligence [1, 2, 3] are the cause of Microsoft’s security problems. Based on Cablegate leaks, it is possible that Microsoft’s secret (and poorly audited) code is exploited so often in China because Microsoft gives them access to this source code (which security researchers in the West cannot see and scrutinise prior to release in binary form).

Several days ago we showed some Egypt cables (prior to Wikileaks being targeted by censors) and it helped show just how closely Microsoft works with governments on ‘security’. The Guardian noticed this independently from us and highlighted the following block (filed under “US embassy cables: China uses access to Microsoft source code to help plot cyber warfare, US fears”):

56. (S//NF) CTAD comment: Additionally, CNITSEC enterprises has recruited Chinese hackers in support of nationally-funded “network attack scientific research projects.” From June 2002 to March 2003, TOPSEC employed a known Chinese hacker, Lin Yong (a.k.a. Lion and owner of the Honker Union of China), as senior security service engineer to manage security service and training. Venus Tech, another CNITSEC enterprise privy to the GSP, is also known to affiliate with XFocus, one of the few Chinese hacker groups known to develop exploits to new vulnerabilities in a short period of time, as evidenced in the 2003 release of Blaster Worm (See CTAD Daily Read File (DRF) April 4, 2008). 57. (S//NF) CTAD comment: While links between top Chinese companies and the PRC are not uncommon, it illustrates the PRC’s use of its “private sector” in support of governmental information warfare objectives, especially in its ability to gather, process, and exploit information. As evidenced with TOPSEC, there is a strong possibility the PRC is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities. (Appendix sources 51-52)

So, not just governments are getting access to source code. The “agreement with Microsoft… allowed select companies such as TOPSEC access to MICROSOFT source code in order to secure the Windows platform.” Here it is in raw form. “TOPSEC that trains most of china cyberspys,” Oiaohm quotes from it. “It’s in that cable,” he says. He then gives another direct quote from the cable: “TOPSEC provides services and training for the PLA and has recruited hackers in the past.” On this one he remarks: “Then latter on in the cable to says they have been granted access to MS source code.” The remainder can be read in our latest IRC logs, which make operation of this Web site entirely transparent, unlike governments. “Security by obscurity is that you don’t give the source code to the people attacking your system,” Oiaohm adds and “[i]If you are not using Security by obscurity you might as well publish the source code for everyone to see… At least then you have a better chance that truful ones will tell you where the flaws are.” (typos corrected)

“Proper obscurity can be done with open source”
      –Oiaohm
He continues: “that cable is a security research document in what the hell has gone wrong… That the USA was being breached so much… Also if you dig deeper the USA side is doing the same thing… Both are trying to use closed source to give them a cyberadvantage while both have access to the source code… Proper obscurity can be done with open source… Each system must be able to have many different combinations in its security system to attacker is not quite sure what he will be walking into… So attacks take longer to develop… MS Windows where most installs have basically the same security config… Basically have a obscurity level of nothing.”

Another cable speaks of an “invitation for a private meeting with a named DoS employee. The attached Microsoft Word document was a malicious”. Microsoft is mostly mentioned negatively (for security reasons) in Cablegate, at least thus far. What will be revealed in the remaining 99% of Cablegate (the part which has not been published yet)?

In actual security news (not leaks of old confidential reports), Vista 7 is being bricked by software which claims to improve Windows security:

THOSE WHO ARE RUNNING 64-bit Windows 7 systems should not download the update for AVG Technologies’ AV software.

AVG has withdrawn the update after complaints that the update completely bricked systems by forcing computers to go into an infinite crash loop.

Users of GNU/Linux and BSD never have such problems. Why won’t the US government encourage adoption of Free software, whose transparency makes it secure? It’s the same fallacy about secrecy which toppled both Windows security and now the US government. It arguably censors Wikileaks more zealously than other governments.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. twitter said,

    December 6, 2010 at 4:09 pm

    Gravatar

    Source code disclosure is not a source of insecurity, it is the exclusive disclosure of insecure code to malicious parties that’s the problem. When software is free it can gain a high degree of both transparency and security like OpenBSD and gnu/linux have. When software is not free, the owners lack resources to fix things. Known problems persist for decades and new problems are constantly found when old, non free code bases are forced together in monstrosities like Microsoft Windows. The absolute worst case is when malicious organizations are given exclusive access to source code that other people use. Sadly, this is always the case when people are using non free software but few have betrayed their users the way Microsoft has.

    It has long been known that sharing code with China and other US enemies was a US national security risk. Microsoft representatives testified to this in the Netscape anti-trust trials. Just a few later they started sharing code with the PRC, the former KGB and many other US hostile organizations. It is nice to see that US diplomats were aware of this betrayal but we have to wonder why the US government has not acted on the knowledge. Windows should be dumped and those responsible at Microsoft should be put on trail for espionage.

What Else is New


  1. Links 19/12/2018: VirtualBox 6.0, RawTherapee 5.5, Mir 1.1.0, LibreOffice 6.1.4 Released

    Links for the day



  2. Links 16/12/2018: DXVK 0.94, WordPress 5.0.1, Fuchsia SDK

    Links for the day



  3. Immunity of the European Patent Office Has Helped Shield Dangerous Thugs From Justice

    The Topić case is set to resume in Croatia as Topić runs out of diplomatic immunity he long enjoyed (and exploited) at the European Patent Office



  4. Patent Law Firms' War on Facts and Constant Lying About Unitary Patent

    The Unitary Patent or Unified Patent Court (UPC) has failed; this, however, is no excuse for constantly lying and it's a problem more people ought to speak about because it stigmatises lawyers as self-serving liars, not a legitimate source of honest legal advice



  5. EPO Chief Economist Yann Ménière Keynote Speaker at Patent Trolls-Funded Event Set Up by the Patent Trolls' Lobby

    The EPO continues to align itself not only with the interests of patent trolls (even those from another continent) but also with the trolls themselves, causing great embarrassment and confusion over the goals/motivations of the Office



  6. The European Patent Organisation (EPO) Loses Legitimacy If (or When) Christoph Ernst Becomes Subservient to António Campinos

    The structural deficiencies of the EPO, where separation of powers does not quite exist, is further pronounced by the imminent role of Christoph Ernst, who gets 'demoted' from pseudo-boss of Campinos to a mere assistant of his



  7. Links 15/12/2018: Cockpit 184, Vivaldi 2.2, Krita 4.1.7 Released

    Links for the day



  8. Links 13/12/2018: IRS Migration, GNOME 3.31.3 Released

    Links for the day



  9. Patent Trial and Appeal Board (PTAB) Decisions Still Uncontroversial Unless One Asks the Patent Maximalists

    Contrary to what the Director of the U.S. Patent and Trademark Office has claimed, PTAB is liked by companies that actually create things and opposition to PTAB comes from power brokers of the Koch brothers, law firms, and trolls (including those who foolishly repeat them)



  10. Latest Talk From IBM’s Manny Schecter Shows That IBM Hasn't Changed and After the Red Hat Takeover It'll Continue to Promote Software Patents

    IBM's hardheaded attitude and patent aggression unaffected by its strategic acquisition of a company that at least claimed to oppose software patents (whilst at the same time pursuing them)



  11. The European Patent Troll Wants as Much Litigation as Possible

    Patent quality is a concept no longer recognisable at the European Patent Office; all that the management understands is speed and PACE, which it conflates with quality in order to register as much cash as possible before the whole thing comes crashing down (bubbles always implode at the end)



  12. António Campinos Turns His 'Boss' Into His Lapdog, Just Like Battistelli and Kongstad

    The European Patent Organisation expects us to believe that Josef Kratochvíl will keep the Office honest while his predecessor, the German who failed to do anything about Battistelli's abuses, becomes officially subservient to António Campinos



  13. Links 12/12/2018: Mesa 18.3.1 Released, CNCF Takes Control of etcd

    Links for the day



  14. EPO Trust, Leadership and Commitment

    "Trust, leadership and commitment" is the latest publication from EPO insiders, who in the absence of free speech and freedom of association for the union/representation are an essential spotlight on EPO abuses



  15. Links 11/12/2018: Tails 3.11, New Firefox, FreeBSD 12.0

    Links for the day



  16. Number of Filings at the Patent Trial and Appeal Board (PTAB) Highest in Almost Two Years

    Patent Trial and Appeal Board (PTAB) inter partes reviews (IPRs), which [cref 113718 typically invalidate software patents by citing 35 U.S.C. § 101], are withstanding negative rhetoric and hostility from Iancu



  17. With 'Brexit' in a Lot of Headlines Team UPC Takes the Unitary Patent Lies up a Notch

    Misinformation continues to run like water; people are expected to believe that the UPC, an inherently EU-centric construct, can magically come to fruition in the UK (or in Europe as a whole)



  18. The EPO Not Only Abandoned the EPC But Also the Biotech Directive

    Last week's decision (T1063/18, EPO Technical Board of Appeal 3.3.04) shows that there's still a long way to go before the Office and the Organisation as a whole fulfil their obligation to those who birthed the Organisation in the first placeLast week's decision (T1063/18, EPO Technical Board of Appeal 3.3.04) shows that there's still a long way to go before the Office and the Organisation as a whole fulfil their obligation to those who birthed the Organisation in the first place



  19. Patents on Abstract Things and on Life (or Patents Which Threaten Lives) Merely Threaten the Very Legitimacy of Patent Offices, Including EPO

    Patent Hubris and maximalism pose a threat or a major risk to the very system that they claim to be championing; by reducing the barrier to entry (i.e. introducing low-quality or socially detrimental patents) they merely embolden ardent critics who demand patent systems as a whole be abolished; the EPO is nowadays a leading example of it



  20. Links 10/12/2018: Linux 4.20 RC6 and Git 2.20

    Links for the day



  21. US Courts Make the United States' Patent System Sane Again

    35 U.S.C. § 101 (Section 101), the Patent Trial and Appeal Board (PTAB) and other factors are making the patent system in the US a lot more sane



  22. Today's USPTO Grants a Lot of Fake Patents, Software Patents That Courts Would Invalidate

    The 35 U.S.C. § 101 effect is very much real; patents on abstract/nonphysical ideas get invalidated en masse (in courts/PTAB) and Director Andrei Iancu refuses to pay attention as if he's above the law and court rulings don't apply to him



  23. A Month After Microsoft Claimed Patent 'Truce' Its Patent Trolls Keep Attacking Microsoft's Rivals

    Microsoft's legal department relies on its vultures (to whom it passes money and patents) to sue its rivals; but other than that, Microsoft is a wonderful company!



  24. Good News: US Supreme Court Rejects Efforts to Revisit Alice, Most Software Patents to Remain Worthless

    35 U.S.C. § 101 will likely remain in tact for a long time to come; courts have come to grips with the status quo, as even the Federal Circuit approves the large majority of invalidations by the Patent Trial and Appeal Board’s (PTAB) panels, initiated by inter partes reviews (IPRs)



  25. Florian Müller's Article About SEPs and the EPO

    Report from the court in Munich, where the EPO is based



  26. EPO Vice-President Željko Topić in New Article About Corruption in Croatia

    The Croatian newspaper 7Dnevno has an outline of what Željko Topić has done in Croatia and in the EPO in Munich; it argues that this seriously erodes Croatia's national brand/identity



  27. The Quality of European Patents Continues to Deteriorate Under António Campinos and Software Patents Are Advocated Every Day

    The EPC in the European Patent Office and 35 U.S.C. § 101 in the USPTO annul most if not all software patents; under António Campinos, however, software patents are being granted in Europe and the USPTO exploits similar tricks



  28. Team UPC is Still Spreading False Rumours in an Effort to Trick Politicians and Pressure Judges

    Abuses at the European Patent Office, political turmoil and an obvious legislative coup by a self-serving occupation that produces nothing have already doomed the Unitary Patent or Unified Patent Court (UPC); so now we deal with complete fabrications from Team UPC as they're struggling to make something out of nothing, anonymously smearing opposition to the UPC and anonymously making stuff up



  29. Patents on Life and Patents That Kill the Poor Would Only Delegitimise the European Patent Office

    After Mayo, Myriad and other SCOTUS cases (the basis of 35 U.S.C. § 101) the U.S. Patent and Trademark Office is reluctant to grant patents on life; the European Patent Office (EPO), however, goes in the opposite direction, even in defiance of the European Patent Convention



  30. EPO 'Untapped Potential'

    "Campinos is diligently looking for ways to further increase the Office’s output without increasing the number of examiners," says the EPO-FLIER team


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts