Mandiant then allowed The Times to break the story on its APT1 report by providing it with an advance copy, allowing time for reporters to "test the conclusions with other experts, both inside and outside government," and providing advance interviews with company leaders. The Times published its story Monday, a day before the official release of the report.
The newspaper acknowledged in its story that while Mandiant is not now working for the Times, "it is in discussions about a business relationship."
Bejtlich acknowledged that the relationship developed between Mandiant and The Times during the investigation of the newspaper hack led to the coordination of a story in The Times on the release of the report.
That is normal, Chester Wisniewski said. "It isn't unusual to prefer your customers when it comes to these things," he said.
"It was mutually beneficial," Bejtlich said. "We were not in a position to talk to others in the intelligence community, but The Times could." He added that Mandiant felt this was the best way to give the report as much exposure as possible.
He acknowledged that some other media outlets scooped by The Times, were upset. "And I'm totally sympathetic to that," he said.
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.