News

China Hacks Described in Secret U.S. Cables

• By Kurt Mackie
• December 06, 2010

One of the cables published by WikiLeaks late last month cites U.S. diplomatic concerns over a Chinese software security company with access to Windows source code.

According to the June 29, 2009 cable, unearthed by the Guardian here, Beijing-based TOPSEC Network Security Technology Company Ltd. may have a direct connection to Chinese government-sponsored hacking attempts. TOPSEC is an enterprise spin-off of the China Information Technology Security Center (CNITSEC), which tests security software and oversees the Chinese government's IT security certificate program, according to the account.

In 2003, CNITSEC signed a Government Security Program (GSP) agreement with Microsoft that gave it access to Microsoft "source code," with the aim of securing Windows. TOPSEC was also allowed access to that source code as a consequence of the agreement. TOPSEC is described in the diplomatic cable as "China's largest provider of information security products and services."

The cable alleges a relationship exists between CNITSEC spin-off companies, like TOPSEC, and Chinese government-sponsored hacking research.

"As evidenced with TOPSEC, there is a strong possibility the PRC [Peoples Republic of China] is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities," the cable states.

Microsoft, asked about the U.S. cable and the GSP agreement with China, provided the following statement: "Microsoft's Government Security Program (GSP) is a global initiative that enables governments to increase their assurance in system security by providing a managed review of Microsoft source code, as well as offering prescriptive security guidance and technical training," a Microsoft spokesperson stated by e-mail. "Review of source code by participants in the Government Security Program is provided in a managed and audited environment requiring authentication and security measures."

Another diplomatic cable released by WikiLeaks, dated May 18, 2009, provides a few details about the infamous attack on Google and other companies alleged to have originated from China. The cable points to Li Changchun, a member of China's Politburo Standing Committee, as leading the push against Google's Chinese search site, Google.cn. According to a story published on Saturday by the New York Times, Li Changchun put the pressure on Google.cn to censure local search results. However, the cable didn't clarify the source of the hacking attempt targeting Google's U.S. headquarters.

In response to the hack, Google announced a policy change in January in which it would stop censoring search results in China, as required by Chinese law. The hack apparently relied on security flaws in both Windows and Internet Explorer.

Under Google's policy change, Google.cn search traffic was automatically redirected to servers in Hong Kong. However, after Chinese officials complained about the redirection and threatened not to renew Google's Internet content provider license in China, Google changed course and now just provides a link to the Hong Kong servers, according to a June 28 Google blog post. The license for Google.cn was then renewed.

Nonprofit Wikileaks.org, which has published numerous embarrassing cables, is currently under assault by hackers, U.S. government officials and Internet hosting companies. Amazon Web Services recently booted WikiLeaks.org off its servers, citing a policy violation as a reason for terminating the contract.