Mandiant gains instant fame after Chinese hack report

By Taylor Armerding, CSO |  Data Protection

The difference in this report, he said, was that it finally felt confident enough to name a specific Chinese group, with government sponsorship, as the source of a large group of attacks. "We believed we had a really good case," he said.

Chester Wisniewski, a senior security adviser at Sophos, said that Mandiant, as a private, for-profit enterprise, doesn't really owe anyone anything. "They are entitled to share what they please," he said.

"It isn't exactly news to those of us in the business of protecting businesses from these types of attacks," he said, aside from the attribution to as specific team in China. "Most of the malware samples were already being detected by our antivirus and I presume the same to be true for others."

Bejtlich said Mandiant felt the timing of the report's release was good for two other reasons. "This is a time when there is a real push for security," he said. "The president just signed an Executive Order, our CEO had just testified on intelligence sharing and there are bills coming [in Congress on cybersecurity.]"

He added that there has been some frustration in the security community about the administration's apparent unwillingness to confront China. He said having White House Press Secretary Jay Carney talking about, "speaking to the Chinese in the most serious tones," is not enough. "We're here to play a part, and we wanted to present the evidence."

Bejtlich said Mandiant felt that this Army unit in particular would be particularly damaged by this. "We don't think they can pivot quickly to backup plan. This was an attempt to make life difficult for the adversary."

Gary McGraw, CTO of Cigital, suggested another possible reason. "I think the Chinese goaded them into it," he said, noting that Chinese officials, in denying any involvement with the hack of The New York Times, said it was "unprofessional" to make the accusation "without any conclusive evidence."

"They probably figured, 'OK, we'll show you some evidence,'" McGraw said.

There are also questions about the comingling of media strategy with Mandiant's commercial interest. The New York Times had hired Mandiant in January to trace an attack on the computers of reporters and other employees following the newspaper's stories on the financial dealings of China's Premier Wen Jerboa.

Originally published on CSO |  Click here to read the original story.
Join us:






Data ProtectionWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Ask a Question