Bonum Certa Men Certa

Wikileaks/Cablegate Reveals That Microsoft Gave Windows Source Code to TOPSEC, Which Trains and Employs Chinese Cyberspies

Kevin Mitnick
Putting Windows source code in the hands
of the Kevin Mitnicks of China



Summary: Microsoft equips private companies -- not just governments -- with just what they need to intrude all Windows-running computers, namely a key to potential remote access without liability

NOT just incompetence and negligence [1, 2, 3] are the cause of Microsoft's security problems. Based on Cablegate leaks, it is possible that Microsoft's secret (and poorly audited) code is exploited so often in China because Microsoft gives them access to this source code (which security researchers in the West cannot see and scrutinise prior to release in binary form).



Several days ago we showed some Egypt cables (prior to Wikileaks being targeted by censors) and it helped show just how closely Microsoft works with governments on 'security'. The Guardian noticed this independently from us and highlighted the following block (filed under "US embassy cables: China uses access to Microsoft source code to help plot cyber warfare, US fears"):

56. (S//NF) CTAD comment: Additionally, CNITSEC enterprises has recruited Chinese hackers in support of nationally-funded "network attack scientific research projects." From June 2002 to March 2003, TOPSEC employed a known Chinese hacker, Lin Yong (a.k.a. Lion and owner of the Honker Union of China), as senior security service engineer to manage security service and training. Venus Tech, another CNITSEC enterprise privy to the GSP, is also known to affiliate with XFocus, one of the few Chinese hacker groups known to develop exploits to new vulnerabilities in a short period of time, as evidenced in the 2003 release of Blaster Worm (See CTAD Daily Read File (DRF) April 4, 2008). 57. (S//NF) CTAD comment: While links between top Chinese companies and the PRC are not uncommon, it illustrates the PRC's use of its "private sector" in support of governmental information warfare objectives, especially in its ability to gather, process, and exploit information. As evidenced with TOPSEC, there is a strong possibility the PRC is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities. (Appendix sources 51-52)


So, not just governments are getting access to source code. The "agreement with Microsoft... allowed select companies such as TOPSEC access to MICROSOFT source code in order to secure the Windows platform." Here it is in raw form. "TOPSEC that trains most of china cyberspys," Oiaohm quotes from it. "It's in that cable," he says. He then gives another direct quote from the cable: "TOPSEC provides services and training for the PLA and has recruited hackers in the past." On this one he remarks: "Then latter on in the cable to says they have been granted access to MS source code." The remainder can be read in our latest IRC logs, which make operation of this Web site entirely transparent, unlike governments. "Security by obscurity is that you don't give the source code to the people attacking your system," Oiaohm adds and "[i]If you are not using Security by obscurity you might as well publish the source code for everyone to see... At least then you have a better chance that truful ones will tell you where the flaws are." (typos corrected)

“Proper obscurity can be done with open source”
      --Oiaohm
He continues: "that cable is a security research document in what the hell has gone wrong... That the USA was being breached so much... Also if you dig deeper the USA side is doing the same thing... Both are trying to use closed source to give them a cyberadvantage while both have access to the source code... Proper obscurity can be done with open source... Each system must be able to have many different combinations in its security system to attacker is not quite sure what he will be walking into... So attacks take longer to develop... MS Windows where most installs have basically the same security config... Basically have a obscurity level of nothing."

Another cable speaks of an "invitation for a private meeting with a named DoS employee. The attached Microsoft Word document was a malicious". Microsoft is mostly mentioned negatively (for security reasons) in Cablegate, at least thus far. What will be revealed in the remaining 99% of Cablegate (the part which has not been published yet)?

In actual security news (not leaks of old confidential reports), Vista 7 is being bricked by software which claims to improve Windows security:

THOSE WHO ARE RUNNING 64-bit Windows 7 systems should not download the update for AVG Technologies' AV software.

AVG has withdrawn the update after complaints that the update completely bricked systems by forcing computers to go into an infinite crash loop.


Users of GNU/Linux and BSD never have such problems. Why won't the US government encourage adoption of Free software, whose transparency makes it secure? It's the same fallacy about secrecy which toppled both Windows security and now the US government. It arguably censors Wikileaks more zealously than other governments.

Comments

Recent Techrights' Posts

Sheriff of Cork & Debian Edward Brocklesby or Brockelsby Street confusion
Reprinted with permission from Daniel Pocock
Who Is This Backup FOR, the NSA?
As Admfubar put it, "backups for everyone..."
Microsoft's Siege of Libya Coming to an End
One might be tempted to guess the users deleted Windows and installed something else
New Talk by Dr. Richard Stallman Published Two Days Ago By CeSIUM - Centro de Estudantes de Engenharia Informática da Universidade do Minho (Portugal)
The FSF no longer mentions Richard Stallman's talks, but we will
Name the Threats and Threat Actors
Looking back to 2006, there was Novell and gregkh (partly salaried by Microsoft), so these are familiar territories
The "Other" SPLC
You know you're winning the debate when censorship is explored
Microsoft: By Default, Destroy Linux
Here is what the very "polite" Microsoft Boccassi had to say
Perens on a Stick
Remember what Novell did and how few (barely anyone) sided with Novell
Andrew Tanenbaum Gets an Award for His Work on MINIX
ACM one week ago
Twitter's Fall to Irrelevancy in Europe
Musk bought a dud
 
Links 25/06/2024: Julian Assange Freed From Prison, "AI" Bubble Imploding Some More
Links for the day
Three Points About Julian Assange Plea Deal
There is still a secret problem
[Meme] EFF Became a 'Bunch of Pussies' Working for GAFAM (and Sponsored by GAFAM)
It won't protect people, except very rich people's interests
IBM Does Not Care for the Blind (Wayland Harms Accessibility)
What a punch in the gut
Tux Machines Past 20: Still Thriving
Now 20 years and 2 weeks old
[Meme] Microsoft is Coming /Home
"LOL, REAL SORRY!!!"
Gemini Links 25/06/2024: Old Computer Challenge; An Opinionated GNU/Linux Guide
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, June 24, 2024
IRC logs for Monday, June 24, 2024
IEEE Computer Society on Andrew Tanenbaum, Winner of ACM Award, Who Also Inspired Linux Development
10 years ago
FSF Looking to Raise Money by Adding 200 New Members by July 19
The FSF is in good shape, according to Alexandre Oliva
Not Only Does It Not Add Security... (UEFI as a 'Bug Door')
SecureCore?
Data From Monaco Should Alarm Microsoft
Just how many people are deleting Windows and installing something else this year?
Linux in Central Sahel (Burkina Faso, Mali and Niger)
Vast area, vast number of "Linux users" (if one counts Android as such)
[Meme] Gagging One's Own Staff as a Signal of Corporate Distress
Censorship at Microsoft
Staying the Course
censorship isn't easy against sites that understand ways to resist it
The 'All-Seeing' Microsoft Eye
Microsofters are observing us closely
Links 24/06/2024: Long COVID and "How I Write Blogs"
Links for the day
Allegations That Microsoft is Covering Up Employee Dissatisfaction and Using a Survey to Catch 'Risk' to the Cult Mentality
This favours or gradually socially-engineers a company for sociopathy
'Linux Hint' Inactive for Nearly a Month (It Used to be Very Active)
Their Twitter account hasn't been active for a long time and it's not too clear what's going on
An Unexpected GNU/Linux Trend
Burkina Faso is changing and not just politically
Android (Linux) at New Highs in Burkina Faso, Now Measured at 72% (Windows Was Measured at 98% 15 Years Ago)
based on this month's estimates
With 0.76% for ChromeOS and 3.7% for GNU/Linux (4.5% Total) Burkina Faso Approaches 5% for 'Linux'
More if one counts Android as "Linux"
Gemini Links 24/06/2024: Being Dull and OpenSSH Autoban
Links for the day
EPO Issues in The Hague
a report dated 4 days ago about a meeting that took place 12 days ago
[Meme] Garbage in, Garbage Out (EPO Patent Quality)
"Get back to work"
When the Employer Makes You Too Sick to Go to Work (New EPO Document)
"registering when you are sick"
[Meme] 'Useless' Kids of EPO Examiners
malnourished?
Granting Loads of Monopolies in Europe (to Foreign Corporations of Epic Size and Far Too Much Power Inside Europe) is Vastly More Important Than Raising European Kids Properly?
"Efficiency" first? Whose? Corporations or families? No wonder so many young families are hesitant to have any kids these days; that's particularly true in east Asia and also in north America, not just Europe
[Meme] Putin's Red Flags
Firefox ESR or Firefox USSR
The Corporate/Mainstream Media and Even Social Control Media is Distorting the Record About What Mozilla Actually Did (It Originally Surrendered to Vladimir Putin)
Mozilla being avoided for purely technical reasons (sites not being compatible with it) is one thing. Foolishly, Mozilla is giving people more political reasons to also shun Mozilla. This is suicide.
GNU/Linux Up Some More This Morning, Windows Down Sharply Even in Rich Countries
Microsoft is in trouble in the Muslim world
United Arab Emirates (UAE) Rising... Towards 5% for ChromeOS and GNU/Linux
the latest numbers show it growing from about 0.1% to around 2.4% for GNU/Linux, plus 2.01% for Chromebooks (ChromeOS), i.e. about 5% in total.
Techrights in the Coming Decade: The Free Speech (Online) Angle
Free speech is a fundamental tenet of a free society
Links 24/06/2024: New Research, New Attacks on Justices Sceptical of Patent Maximalists, European Commission for Copyright Maximalists
Links for the day
[Meme] 12 Years a Fedora Volunteer
IBM gives me a 'free' Fedora badge as recognition
IBM Slavery: Not a New Problem
When IBM got rid of Ben Cotton it showed the world how much it valued Fedora
Why They Want to Abolish Master/Slave Terminology (Because This is What They're Turned Free Software Into)
It used to be about community; GAFAM turned that into exploitation and worse
Roy and Rianne's Righteously Royalty-free RSS Reader (R.R.R.R.R.R.) Version 0.2 is Released
They say summer "officially" started some days ago
Torvalds' Number Two Quit Linux a Decade Ago and Has Since Then Earned an Honorary Doctorate
Revisiting Fuzix and Alan Cox
GNU/Linux Reaches All-Time High in Tunisia
Based on statCounter
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 23, 2024
IRC logs for Sunday, June 23, 2024
Edward Brocklesby (ejb) & Debian: Hacking expulsion cover-up in proximity to Oxford and GCHQ
Reprinted with permission from Daniel Pocock
You Know the Microsoft Products Really Suck When...
"Qualcomm and Microsoft go 'beyond the call of duty' to stop independent Copilot+ PC reviews"
IBM and "Regime Change"
Change of regime is not the same as freedom
Microsoft Windows in Nicaragua: From 98% to Less Than 25%
Operating System Market Share Nicaragua
Techrights in the Coming Decade: The Community Angle
Somebody needs to call them out on their BS
Techrights in the Coming Decade: The Software Angle
Gemini Protocol has just turned 5 - i.e. roughly the same age as our Git repositories
Techrights in the Coming Decade: The Patent Angle
Next month marks 10 years since we began covering EPO leaks
Wookey, Intrigeri, Cryptie & Debian pseudonyms beyond Edward Brocklesby
Reprinted with permission from Daniel Pocock
[Meme] Choice Versus Freedom
So When Do I Start Having Freedom? Freedom is choice between the GAFAMs
Digital Liberation of Society at Times of Armed Conflicts and Uncertainty
We have technical contributions, not just written output
Links 23/06/2024: More Microsoft Cancellations, Growing Repression Worldwide
Links for the day
Gemini Links 23/06/2024: The Magician and the Hacker, tmux Tips
Links for the day
Links 23/06/2024: Twitter/X Wants Your Money, Google Reports a Billion DMCA Takedowns in Four Months
Links for the day
Digital Restrictions (Like DRM) Don't Have Brands, We Need to Teach People to Hate the Underlying Restrictions, Not Companies That Typically Come and Go
Conceptually, the hens should fear humans, not the farmer who cages them
Going Above 4% Again
Maybe 4% (or above) by month's end?
[Meme] Debian's 'Cannon Fodder' Economics
Conflicts of interest don't matter
Conviction, jail for Hinduja family, Debian exploitation comparison
Reprinted with permission from Daniel Pocock
According to Microsoft, It's Not a Code of Conduct Violation to Troll Your Victims Whose Files You Are Purging
The group of vandals from Microsoft think it's "funny" (and for a "nominal fee") to troll Microsoft critics
Microsoft Inside Debian is Sabotaging Debian and Its Many Hundreds of Derivatives With SystemD (Microsoft/GitHub Slopware With Catastrophic Bugs is Hardly a New Problem)
What is the moral of the story about The Scorpion and the Frog?
Links 23/06/2024: Hey Hi (AI) Scrapers Gone Very Rogue, Software Patents Squashed at EPO
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, June 22, 2024
IRC logs for Saturday, June 22, 2024
Gemini Links 23/06/2024: LoRaWAN and Gemini Plugin for KOReade
Links for the day