Feeds

Chinese hackers 'slurped 50 MB of US gov email'

Windows source code tapped, say WikiLeaked docs

Internet Security Threat Report 2014

The Chinese government may have used its access to Microsoft source code to develop attacks that exploited weaknesses in the Windows operating system, according to a US diplomatic memo recently published by Wikileaks.

The June 29, 2009 diplomatic cable claims that a Chinese security firm with close ties to the People's Republic of China, got access to the Windows source under a 2003 agreement designed to help companies improve the security of the Microsoft operating system. Topsec allegedly worked with a government organization known as CNITSEC, short for the China Information Technology Security Center, which actively worked with “private sector” hackers to develop exploits.

“Additionally, CNITSEC enterprises has recruited Chinese hackers in support of nationally-funded 'network attack scientific research projects,'” the cable stated. “From June 2002 to March 2003, TOPSEC employed a known Chinese hacker, Lin Yong (a.k.a. Lion and owner of the Honker Union of CHINA), as senior security service engineer to manage security service and training.”

The memo continues:

“While links between top Chinese companies and the PRC are not uncommon, it illustrates the PRC's use of its 'private sector' in support of governmental information warfare objectives, especially in its ability to gather, process, and exploit information. As evidenced with TOPSEC, there is a strong possibility the PRC is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities.”

Topsec Chairman, He Weidong, allegedly told a Chinese news outlet that half of his company's start-up capital came from that country's government. Topsec started out in 1995 with funding of just $4,400, and by 2002, had earnings about $440 million. It is now China's largest provider of information security products and services, according to the cable.

“Interestingly, shareholders did not receive bonuses, as all earnings went for future investment,” the memo stated. “Weidong also stated a bank loan was never used.”

It's one of a handful of documents published in the past week that outlines US diplomatic concerns about Chinese-sponsored hacking against foreign-based companies and governments.

According to a separate cable, attackers with ties to the Chinese government and military compromised US computer systems in early 2008 to get access to sensitive government communications. The collective operated under the moniker of BC, short by Byzantine Candor.

“During this time period, the actors exfiltrated at least 50 megabytes of e-mail messages and attached documents, as well as a complete list of usernames and passwords from an unspecified USG agency,” the memo stated. “Additionally, multiple files were transferred to the compromised ISP system from other BC-associated systems that have been previously identified collecting e-mail messages from additional victims.”

The same November 3, 2008 memo outlines another BC attack that actively infiltrated at least one US government agency after compromising “multiple systems located at a US Internet service provider (ISP).” Chines hackers also sent a booby-trapped Microsoft Word file to Canadian government officials in October 2008. BC actors have been carrying out social engineering attacks against US government organizations date back since 2002.

“BC intruders have relied on techniques including exploiting Windows system vulnerabilities and stealing login credentials to gain access to hundreds of USG and cleared defense contractor systems over the years,” it continues. “In the US, the majority of the systems BC actors have targeted belong to the US Army, but targets also include other DoD services as well as DoS, Department of Energy, additional USG entities, and commercial systems and networks.” ®

Update

Microsoft provided the following comment:

"Microsoft's Government Security Program (GSP) is a global initiative that enables governments to increase their assurance in system security by providing a managed review of Microsoft source code, as well as offering prescriptive security guidance and technical training. Review of source code by participants in the Government Security Program is provided in a managed and audited environment requiring authentication and security measures."

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.