A diplomatic memo from June of 2009 reveals that the Chinese security firm TOPSEC had access to the source code for Microsoft Windows and allowed the Chinese government to provided it to hackers in order to develop targeted attacks to exploit weaknesses in the operating system.
The company reportedly has close ties with the Chinese government, and gained access to the source code in a 2003 agreement aimed at shoring up security for the widely used product.
The company turned over the code to the China Information Technology Security Center, which then recruited independent hackers to develop the attacks.
The memo was part of the recent classified document dump by WikiLeaks, which has set off a firestorm of controversy.
According to a Register UK report, he memo states:
“While links between top Chinese companies and the PRC are not uncommon, it illustrates the PRC's use of its 'private sector' in support of governmental information warfare objectives, especially in its ability to gather, process, and exploit information. As evidenced with TOPSEC, there is a strong possibility the PRC is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities.”
TOPSEC is China's largest provider of information security products and services, and received a significant portion of its start-up funding from the Chinese government.
Another classified communication in the WikiLeaks release shows that the Chinese government also extracted emails, usernames and passwords from an unknown U.S government agency.
“During this time period, the actors exfiltrated at least 50 megabytes of e-mail messages and attached documents, as well as a complete list of usernames and passwords from an unspecified USG agency."
The memos confirm earlier reports that the Chinese government is actively using Chinese companies to conduct cyber espionage against the United States.