Skip Links

Leaked Cables: Chinese Hackers Used Microsoft Source Code To Attack Google & US Government

WikiLeaks cables have shown that Chinese security firms, with ties to the Chinese military, hired hackers, including the group responsible for the original Blaster worm, to exploit Windows vulnerabilities, attack Google and conduct cyber warfare against U.S. government websites.

By Ms. Smith on Tue, 12/07/10 - 7:38pm.

The Chinese government hired the hackers behind the Blaster Worm through private Chinese security firms, gained access to Microsoft source code, then attacked Google and plotted cyber warfare against U.S. government sites, alleged U.S. diplomats in a 2009 cable published by WikiLeaks. According to the Guardian, Chinese authorities hired private security firms to hire experienced hackers, including those who were behind the Blaster Worm, to exploit weaknesses in Windows operating system and to conduct cyber attacks on U.S. government-related websites for the Chinese government.

A secret "U.S. diplomatic security" cable from June 2009 warned, "There is a strong possibility the PRC (People's Republic of China) is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities. Potential linkages of China's top companies with the PRC illustrate the government's use of its 'private sector' in support of information warfare objectives."

The U.S. thinks that ties between government-backed security firms and hackers are part of China's nationally-funded "network attack scientific research project." Chinese security company Topsec is partly funded by the Chinese government and provides training and support for the People's Liberation Army (PLA). Topsec hired known Chinese hacker Lin Yong, aka "Lion," from June 2002 to March 2003 to "manage security service and training." Topsec was funded in 1995 with only $4,400, but by 2002 had earnings around $440 million. According to the cable, Topsec is now China's largest provider of information security products and services.

Another cable obtained by the New York Times directly linked China's political leaders to "Operation Aurora" cyber attacks on Google and other U.S. based companies. "The Google hacking was part of a coordinated campaign of computer sabotage carried out by government operatives, private security experts and Internet outlaws recruited by the Chinese government. They have broken into American government computers and those of Western allies."

This cable from 2008 ties Chinese government and military with Byzantine Candor (BC) attackers who hacked to obtain sensitive government documents. "During this time period, the actors exfiltrated at least 50 megabytes of e-mail messages and attached documents, as well as a complete list of usernames and passwords from an unspecified USG agency. Additionally, multiple files were transferred to the compromised ISP system from other BC-associated systems that have been previously identified collecting e-mail messages from additional victims."

The memo continues: "BC intruders have relied on techniques including exploiting Windows system vulnerabilities and stealing login credentials to gain access to hundreds of USG and cleared defense contractor systems over the years. In the US, the majority of the systems BC actors have targeted belong to the US Army, but targets also include other DoD services as well as DoS, Department of Energy, additional USG entities, and commercial systems and networks."

Microsoft provided the following statement: "Microsoft's Government Security Program (GSP) is a global initiative that enables governments to increase their assurance in system security by providing a managed review of Microsoft source code, as well as offering prescriptive security guidance and technical training. Review of source code by participants in the Government Security Program is provided in a managed and audited environment requiring authentication and security measures."

Yeah, whatever works as a PR patch but the statement about increased assurance in system security measures seems somewhat laughable. Microsoft chose to do business with China and may find the cables a bit embarrassing, since the exploits in Windows were later turned against their "enemy" Google and then the U.S. government. Talking about PR, the Chinese government has often denied allegations of cyber activities such as spying and hacking, and then acted offended when people in other nations just roll their eyes. These cables make believing China's repeated, "we do not condone hacking" that much more impossible to believe.

China recently stated their prospects to prevent future assaults on computer security were grim. According to Reuters, an unnamed Chinese official claimed, "The current situation of our crackdown on hacker attacks is still very grim and the number of hacker attacks and sabotage activities in China are still high." With the Chinese having its hands on Microsoft source code, and most of the world's computers running Windows, it is no wonder U.S. diplomats were worried about the Chinese as a powerful cyber threat.

Like this? Check out these other posts:

Follow me on Twitter @PrivacyFanatic