Page 1 of 1
Chineese Hacking and Mandiant
Posted: Tue Feb 19, 2013 10:12 am
by Eric!
Anyone see this
little hacking report and the
Appendix? I can't say I've ever seen anything like it. It's packed full of political details, satellite images and ironic quotes declaring innocence of hacking. It's pretty odd.
The weirdest thing is this is a private company that monitored these hackers for years and just watched them steal terabytes of data without telling anyone? I've never heard of them, not that that means much, but I was surprised to learn Mandiant's 2012 revenue was more than $100 million. "Some of its analysts bill $650 per hour, according to two people with direct knowledge of its rates, though the company says its average rate is half that."
Re: Chineese Hacking and Mandiant
Posted: Tue Feb 19, 2013 3:58 pm
by califdon
I don't know much about this and hadn't seen that document, but I have heard of Mandiant in the past year or so, in connection with enterprise security issues. I believe Mandiant's clients are large corporations and perhaps some government agencies, so I don't think they have been guilty of not telling anyone; they certainly have been telling their clients. It is common, however, for both corporations and government agencies to tend to not go public with information about attacks against their own systems, at least partly because they don't want the hackers to know how successful they've been, and sometimes for competitive and public relations reasons. I don't see this document or Mandiant's actions as particularly strange, although the fact that China and other countries and non-state groups have been hacking our data and perhaps our command-and-control networks is a very real danger, IMHO. Anyway, thanks for calling our attention to this report.
Re: Chineese Hacking and Mandiant
Posted: Wed Feb 20, 2013 8:36 am
by Eric!
Perhaps you haven't seen the report, but the headlines are everywhere from CNN, NYT, to all the small security blogs.
I got the definite impression that they just watched the thefts in order to gather information. In some cases they watched them steal things for over 4 years. Had they alerted the victims it would have hurt their intel gathering. However it seems irresponsible to let them run as rampant as their report claims without warning the victims.
And then they pinpoint a building? From 5 million IP addresses in Shanghai? What if these computers were zombies? Would l33t hackers really be using their own computer for attacks? The idea isn't even mentioned. Likewise nothing is mentioned of the fact that the PRC has unusual levels of internet traffic surveillance and they can shut off sites instantly when they see stories they don't like. If the PRC is denying it, why can't they prove it?
Having lived and worked in high-tech in Asia I get the automatic suspicion because the PRC doesn't have any qualms with stealing information. I'm just not convinced this report isn't a bit of PR.
After all getting $650 an hour would be nice.
Re: Chineese Hacking and Mandiant
Posted: Wed Feb 20, 2013 12:27 pm
by califdon
Yes, I have seen the accounts in the news media, but generally they don't have the details that I'd like to know, such as some that you mentioned, so I don't follow it in much detail. For example, I still haven't seen anything that would lead me to believe that Mandiant deliberately failed to report known activity against their clients. Maybe they did, I just haven't seen that reported.
As to how they could pinpoint a building, I assume they wouldn't reveal their methodology, in any case.
But I'm sure you're right, that the report is basically PR. Anything that any commercial enterprise releases to the public is bound to be prepared for that purpose. I'd like to think otherwise, but that's just basic business practice: don't spend money on anything that doesn't attract new customers or reduce your costs. When a company sponsors an athlete or makes a big donation to a charity, it's for the purpose of gaining name recognition and prestige--in other words, attract more customers. If they did otherwise, their shareholders would revolt.
Re: Chineese Hacking and Mandiant
Posted: Thu Feb 21, 2013 2:03 pm
by Eric!
califdon wrote:I still haven't seen anything that would lead me to believe that Mandiant deliberately failed to report known activity against their clients.
I don't doubt they protected their own clients. But in their APT tracking it was obvious to me they didn't alert some of the victims. For example the 6 terabytes stolen over 4.5 years from a warehouse company. How could so much data be taken over such a long time if the victim was made aware of the activity? Sometimes they move hackers carefully into a honeypot/net-type system, but wouldn't they brag about protecting this company from actual theft of "real data"?
I read this thing and thought to myself we'll these guys really want to blame this on the PRC, but they don't prove it. It does however grab a lot of press and money. Since Mandiant is very tight with the NSA, there's a mutual benefit in the rhetoric.