Mandiant goes viral after mainland hacking report

By Jim Finkle ,Reuters

Cybersecurity company Mandiant Corp. won plaudits from its peers and made front-page news around the world this week when it published a report that purportedly traced a series of cyberattacks on U.S. companies to a Shanghai-based unit of the Chinese army. But some hackers have turned the tables on the cyber expert by creating malicious versions of its 74-page report that were infected with computer viruses. They emailed the tainted reports to their victims this week in a bid to wreak havoc under Mandiant’s name. Though the episode was embarrassing, the company said its systems were not breached. “Mandiant has not been compromised,” the company said on its corporate blog. Mandiant was founded in 2004 by Kevin Mandia, a former U.S. Air Force cyber forensics investigator who co-authored an influential textbook on the subject. The company made its name by automating processes used to investigate computer breaches. Mandiant was largely unknown outside the computer security industry until Monday, when it fingered the People’s Liberation Army’s Shanghai-based Unit 61398 as the most likely driving force behind a Chinese hacking group known as APT1.

China’s Defense Ministry issued a flat denial of the accusations and called them “unprofessional.” But Mandiant won kudos for the unprecedented level of detail in its report, including the location of a building in Shanghai’s Pudong financial hub from which Mandiant said the unit had stolen “hundreds of terabytes of data from at least 141 organizations across a diverse set of industries beginning as early as 2006.” Other security companies that have published reports on cyber attacks have shied away from so clearly identifying their perpetrators. “It was a wonderful report,” said Michael Hayden, a former director of the CIA and National Security Agency, who is now with the Chertoff Group. “Everybody is saying ‘it’s about time.’”

The report did not identify the victims of APT1 or Mandiant’s customers, though the company says it has worked for about 40 percent of the Fortune 500. When asked why he had decided to go public with this report, Mandia, 42, told Reuters, “There is mounting frustration in the private sector. Tolerance is shrinking. We also have a bunch of employees here who are ex-military who sense that frustration and said, ‘Let’s push this out.’” The report comes ahead of next week’s annual RSA Conference on security in San Francisco, where Mandiant will showcase its products to help companies identify security breaches.