Montag, 6. Dezember 2010

CS6223--S E C R E T STATE 067105

S E C R E T STATE 067105

. . .

S E C R E T STATE 067105

NOFORN

E.O. 12958: DECL: MR
TAGS: ASEC
SUBJECT: DIPLOMATIC SECURITY DAILY

Classified By: Derived from Multiple Sources

SECRET//FGI//NOFORN

Declassify on: Source marked 25X1-human, Date of source: June
27, 2009

¶1. (U) Diplomatic Security Daily, June 27-29, 2009

¶2. (U) Iraq - Paragraphs 7-11

¶3. (U) Significant Events - Paragraphs 12-23

¶4. (U) Key Concerns - Paragraphs 24-43

¶5. (U) Cyber Threats - Paragraphs 44-57

¶6. (U) Suspicious Activity Incidents - Paragraphs 58-64



¶50. (C) EAP China - Beijing TOPSEC founder indicates PRC
investment:


¶51. (S//NF) Key highlights:
o Founder of TOPSEC and iTrusChina notes PRC funding and
directive in media interview.
o TOPSEC is China's largest provider of information security
products and services.
o TOPSEC provides services and training for the PLA and has
recruited hackers in the past.
o Potential linkages of China's top companies with the PRC
illustrate the government's use of its "private sector" in
support of information warfare objectives.


¶52. (SBU) Source paragraph: "During an interview with
journalists from China News Network, chairman of both Beijing
TOPSEC and iTrusChina, He Weidong, spoke about the two
companies, to include investment and contract from the
Chinese Government (People's Republic of China (PRC)) ....
Tianrongxin's capital came from two parts. The Chinese
Government share one part of the investment, and the
management department (of Tianrongxin) share the other part.
He further stated that Tianrongxin was not really a company
but a research institute; in 1995, the company took contracts
from the government's research and development tasks."


¶53. (S//NF) CTAD comment: In November 1995, He Weidong
founded the security company Tianrongxin, a.k.a. Beijing
TOPSEC Network Security Technology Company, Ltd. TOPSEC is a
China Information Technology Security Center (CNITSEC)
enterprise and has grown to become China's largest provider
of information security products and services. TOPSEC is
credited with launching China's first indigenous firewall in
1996, as well as other information technology (IT) security
products to China's market, to include virtual private
networks, intrusion detection systems, filtering gateways,
and security auditing and management systems. Additionally,
in September 2000, Weidong founded the company
Tianweichengxin, a.k.a. iTrusChina, which became the first
experimental enterprise to develop business Public Key
Infrastructure/Certification Authority services approved by
China's Ministry of Industry and Information Technology.


¶54. (SBU) CTAD comment: During an interview with China News
Network, Weidong stated that half of TOPSEC's start-up
capital came from the PRC, with the other half coming from
the company's management department. Additionally, he pointed
out that TOPSEC began not as a company, but as a small
research institute that took contracts from the government's
research and development tasks (NFI). The turning point for
TOPSEC came in 1996 when the company won a significant
contract bid from the Chinese State Statistics Bureau. Since
winning the bid, TOPSEC maintained a 100-percent sales growth
in the following years. Weidong noted the company started out
with 30,000 RMB (approximately $4,400) in 1995, and by 2002,
had earnings of 3 billion RMB (approximately $440,000,000).
Interestingly, shareholders did not receive bonuses, as all
earnings went for future investment. Weidong also stated a
bank loan was never used.


¶55. (S//NF) CTAD comment: Of note, the CNITSEC is responsible
for overseeing the PRC's Information Technology (IT) security
certification program. It operates and maintains the National
Evaluation and Certification Scheme for IT security and
performs tests for information security products. In 2003,
the CNITSEC signed a Government Security Program (GSP)
international agreement with Microsoft that allowed select
companies such as TOPSEC access to Microsoft source code in
order to secure the Windows platform. XXXXXXXXXXXX


¶56. (S//NF) CTAD comment: Additionally, CNITSEC enterprises
has recruited Chinese hackers in support of nationally-funded
"network attack scientific research projects." From June 2002
to March 2003, TOPSEC employed a known Chinese hacker, Lin
Yong (a.k.a. Lion and owner of the Honker Union of China), as
senior security service engineer to manage security service
and training. Venus Tech, another CNITSEC enterprise privy to
the GSP, is also known to affiliate with XFocus, one of the
few Chinese hacker groups known to develop exploits to new
vulnerabilities in a short period of time, as evidenced in
the 2003 release of Blaster Worm (See CTAD Daily Read File
(DRF) April 4, 2008).


¶57. (S//NF) CTAD comment: While links between top Chinese
companies and the PRC are not uncommon, it illustrates the
PRC's use of its "private sector" in support of governmental
information warfare objectives, especially in its ability to
gather, process, and exploit information. As evidenced with
TOPSEC, there is a strong possibility the PRC is harvesting
the talents of its private sector in order to bolster
offensive and defensive computer network operations
capabilities. (Appendix sources 51-52)


Keine Kommentare: