Chinese firm hired Blaster hacking group, says U.S. cable

Companies with ties to Chinese government, military have access to Windows source code

Chinese security firms with ties to the Chinese military have hired hackers, including the group responsible for the original Blaster worm, U.S. diplomats alleged in a 2009 cable published Saturday by WikiLeaks.

The companies also have access to the source code to Microsoft Windows.

According to the U.S. State Department's daily security briefing of June 29, 2009, Topsec of Beijing had employed "a known Chinese hacker" from June 2002 to March 2003. Identified as Lin Yong, aka "Lion," the hacker served as a senior security service engineer to "manage security service and training."

Topsec, China's largest security vendor, provides training and support service for the People's Liberation Army (PLA), and was partially funded by the Chinese government, the cable continued, citing an interview in state-run media with the firm's founder and chairman, He Weidong.

The cable originated with the Secretary of State's office, was labeled "Secret" and was not to be shown to any foreign nationals.

Another company, Venustech, also of Beijing, used the services of a hacking group called XFocus, which was reportedly responsible for crafting the original Blaster worm in mid-2003, the security briefing said.

XFocus posted proof-of-concept code in July 2003 just weeks after a vulnerability in Microsoft's Windows operating system was revealed. That code, later modified, became the basis for Blaster, a worm that spread rapidly among Windows 2000 and Windows XP machines.

Court documents from the trial of U.S. teenager Jeffrey Lee Parson, who was arrested and charged with creating a Blaster variant, also named XFocus as the group that reverse-engineered a Windows patch to build the initial worm.

In 2004, Parson pleaded guilty and was sentenced to 18 months in prison.

The ties between government-backed companies and hackers is part of China's "nationally-funded 'network attack scientific research projects,'" the cable explained.

Both Topsec and Venustech also have ties to Microsoft.

The firms are among several in China that signed agreements with the U.S. developer in 2003 that gave them access to Windows' source code . The Chinese government also has access to the source code.

The State Department noted that it was no surprise that Topsec and Venustech had hired hackers.

"While links between top Chinese companies and the PRC [People's Republic of China] are not uncommon, it illustrates the PRC's use of its 'private sector' in support of governmental information warfare objectives," the cable stated. "As evidenced with Topsec, there is a strong possibility the PRC is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities."

America researchers and security analysts have long suspected that China's military has extensive cyberwarfare capabilities. In 2007, a Department of Defense report claimed that the PLA had first-strike know-how , and had created military units charged with developing viruses to attack enemy computer networks.

Topsec and Venustech did not immediately reply to a request for comment.

WikiLeaks, which struggled last week to remain online , has published over 900 of the 250,000 confidential State Department messages that it released to several news organizations more than a week ago.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is .

Read more about security in Computerworld's Security Topic Center.

Copyright © 2010 IDG Communications, Inc.

Bing’s AI chatbot came to work for me. I had to fire it.
Shop Tech Products at Amazon