Thursday, October 8, 2009

Chinese IT Firm Accused of Links to Cyberwarfare

Defense News

02/23/09

Chinese IT Firm Accused of Links to Cyberwarfare

By WENDELL MINNICK

TAIPEI — In the past 10 years, Beijing-based Venus Info Tech has become the dominant provider of information technology (IT) network security to the Chinese intelligence and military community.


It also has been accused of providing hacker services that help the Chinese government penetrate foreign government computer networks. Sources also accuse Venus of helping Beijing build the “great firewall of China,” by developing software to monitor and control the domestic Internet.


Finally, Venus has operating agreements with Microsoft and other non-Chinese firms, which Western observers say may help Beijing find vulnerabilities in other governments’ networks.


The firm “is heavily party affiliated and the company personnel go through party indoctrination because they handle state secrets,” said Scott Henderson, author of the book, “The Dark Visitor — Inside the World of Chinese Hackers.”

“I would be very worried about U.S. companies

working with this type of organization; [it] gives them too much access.” Venus officials declined requests for an interview.


The firm’s founder, Yan “Jane” Wang Jia, is an IT legend and former beauty queen who has parlayed her business success into political power.

Referred to as the “Mother of the Great Firewall of China” by several Chinese IT Web sites, she sits on the Chinese People’s Political Consultative Conference (CPPCC), which guides political policy in all areas of government and society.


Venus’ Web sites attest to its burgeoning lists of top-tier security, military and intelligence groups. The English-language site notes work done for the National People’s Congress, the State Secrecy Bureau, and the ministries of Propaganda, Public Security, and Science and Technology.


Venus’ Chinese-language site adds the Ministry of State Security, the China Aerospace Science and Technology Corp., which builds strategic missiles targeting the United States, and multiple People’s Liberation Army (PLA) units, including the General Staff Headquarters, PLA Navy, PLA Air Force, PLA Second Artillery Corps and the Jiuquan Satellite Launch Base.


Henderson notes that several Chinese firms and government agencies have deep access to the source code of Microsoft Windows, the operating system that drives most of the world’s computers.


In 2003, Microsoft opened the code to the China Information Technology Security Certification Center (CNITSEC), a government agency, under a government security plan that was intended to “provide a trustworthy computing environment,” said Tim Chen, then vice president and CEO, Microsoft Greater China, in 2003. He resigned in 2007.


“Depending on the level of access they were provided, it would certainly seem to provide the Chinese with insight into flaws that they could exploit,” Henderson said. “You get enough people poring over the code, and I imagine you could design viruses based on weaknesses you find in the code.”

The original agreement opened Windows access to seven institutions, including Venus, the No. 15 Institute of Ministry of Information Industry, China Software Corp., No. 3 Institute of Ministry of Security, De An Corp., Wellhope Corp., and Beijing Topsec Co.


“These companies represent every major player in the Chinese military and public security apparatus, and ensure that intimate knowledge about the Microsoft source code is available for domestic censorship or foreign computer network exploitation,” said James Mulvenon, director, Center for Intelligence Research and Analysis, a Washington-based consulting firm.


A Microsoft spokesperson said the agreement has since been extended to cover source code for Windows Vista and Microsoft Office 2007.

Hacker Connections?

The fact that Venus is so well connected to Chinese intelligence and military agencies has led to allegations the company is working with various hacker organizations, including former members of a hacker group called the Green Alliance, to improve the government’s cyber warfare capabilities.


“Despite its formal commercial orientation toward telecommunications equipment, Venus Tech appears to employ personnel engaged in ‘white hat hacker’ activity,” which means attempting to penetrate defenses to determine where improvements are needed, Mulvenon said.


Sources said Venus has worked with two hacker organizations that have reinvented themselves as legitimate network-security businesses. One is the nine-year-old, Beijing-based NSFOCUS, whose Chinese-language Web site still refers to the company as the Green Alliance, the name of a hacker group.


“The company Web site also maintains a list of all its founding members, which reads much like a who’s who of Chinese hackers,” Henderson said.


NSFOCUS denies any connection to illegal hacker activities.


“We are dedicated to providing professional security product, solutions and service to our broad customers. NSFOCUS have no relation with any hacker activities, because our company is a normal business company,” said NSFOCUS representative Han Yonggang.


Another firm is XFOCUS, a Beijing-based nonprofit information technology group involved in research and providing network security and services. Mulvenon calls the 11­year-old firm a sophisticated “patriotic hacker” group.


It has “regularly discovered serious vulnerabilities in popular computer operating systems and developed the tools to exploit them for malicious purposes,” Mulvenon said.


“XFOCUS seems to want to be like their big brother NSFOCUS and go legit, but too many of their members still do hacking,” Henderson said. “Venus’ relationship with NSFOCUS and XFOCUS is definitely a concern, given their contacts with U.S. firms.” XFOCUS did not respond to inquiries.