Mandiant goes viral after China hacking report

Fri Feb 22, 2013 8:25pm EST
Email This Article |
Share This Article
  • Facebook
  • LinkedIn
  • Twitter
| Print This Article | Single Page
[-] Text [+]

By Jim Finkle

(Reuters) - Cybersecurity company Mandiant Corp won plaudits from its peers and made front-page news around the world this week when it published a report that purportedly traced a series of cyberattacks on U.S. companies to a Shanghai-based unit of the Chinese army.

But some hackers have turned the tables on the cyber-expert by creating malicious versions of its 74-page report that were infected with computer viruses. They emailed the tainted reports to their victims this week in a bid to wreak havoc under Mandiant's name.

Though the episode was embarrassing, the company said its systems were not breached. "Mandiant has not been compromised," the company said on its corporate blog.

Mandiant was founded in 2004 by Kevin Mandia, a former U.S. Air Force cyber-forensics investigator who co-authored an influential textbook on the subject. The company made its name by automating processes used to investigate computer breaches.

Mandiant was largely unknown outside the computer security industry until Monday, when it fingered the People's Liberation Army's Shanghai-based Unit 61398 as the most likely driving force behind a Chinese hacking group known as APT1.

China's Defense Ministry issued a flat denial of the accusations and called them "unprofessional." But Mandiant won kudos for the unprecedented level of detail in its report, including the location of a building in Shanghai's Pudong financial hub from which Mandiant said the unit had stolen "hundreds of terabytes of data from at least 141 organizations across a diverse set of industries beginning as early as 2006."

Other security companies that have published reports on cyberattacks have shied away from so clearly identifying their perpetrators.

"It was a wonderful report," said Michael Hayden, a former director of the CIA and National Security Agency, who is now with the Chertoff Group. "Everybody is saying 'it's about time.'"   Continued...

Part of the building of 'Unit 61398', a secretive Chinese military unit, is seen in the outskirts of Shanghai February 19, 2013. The unit is believed to be behind a series of hacking attacks, a U.S. computer security company said, prompting a strong denial by China and accusations that it was in fact the victim of U.S. hacking. REUTERS/Carlos Barria (CHINA - Tags: POLITICS SCIENCE TECHNOLOGY MILITARY) - RTR3DZ82