This morning, private cybersecurity firm Mandiant released a report tying 141 computer attacks since 2007 to a single 12-story office building in Shanghai. That building is believed to be the headquarters of Chinese Army Unit 61398. The New York Times commissioned the report and posted a detailed article about the findings last night.
Because it reveals to attackers exactly what the defense knows, the publication of this kind of security report is very rare--especially when the report addresses the computer security of private businesses like The New York Times (which announced January 30 that it had been the victim of cyberattacks over the past four months). Such reports also make it harder to detect the same kind of attacks in the future, as hostile hackers adapt around defenses. In this case, however, both The New York Times and Mandiant felt it was important to publicize the style, national origins, and magnitude of these attacks. They hope to alert the private sector to its shared vulnerabilities, as well as to highlight the single source (the Chinese military) launching the attacks.
The Chinese government has denied responsibility for the attacks, but the hacking focused on information technology, high-end electronics, biotechnology, and transportation--all industries that China has previously identified as national priorities.
Government-linked hackers and attacks against companies like The New York Times are the future of espionage. Fortunately, the Obama administration seems to recognize that: The President announced a new cyber defense initiative aimed at better coordinating information about cyber attacks between intelligence and business, and US Cyber Command is on a major hiring spree.
But before treating this as some form of cyberwar, let's keep in mind that the goal was information theft, not property destruction. This is espionage, not sabotage. By publishing their security report, Mandiant and The New York Times are trying to deny government-linked hackers the safe cover of national deniability.
Microwave the site from space. There's an old Chinese proverb that goes something like this "If you know where the flees are on a dog, kill the dog the fleas are still there, kill the fleas the dog is still there. However if you cook the dog the fleas will die while you satisfy your appetite.
Im not sure I understand why the gov is making all of this known.... Are they trying to get Americans worked up and pissed off about a cyber threat?
Why not just do some cyber espionage, why let this info out now? I assume we have a James bond, why not drop him outside the front door and let him f*ck and murder his way to the 12th floor, to presumably fight a boss.
But seriously could somone fill me in on what benefits we get out of telling the Chinese "We know what you are doing and we know how youre operating".
5 Bucks says that building is completely empty now.
Wanamingo, you are now my favorite person.
The report was released by a private security firm. Private, meaning not associated with the US government.
Also, their purpose is explicitly stated on page 5 of the report.
@ Wanamingo; Why alert the Chinese to the fact that we know? If they are moving their attack apparatus to a new location and hiding their next attack method for dissemination and use until they get set up again, we buy time. They lose time. We make them cycle out of attack, to defense.
Those people are gonna piss me off, and I'm gonna tell our government how to wreck their whole game board. Every goddamn system in that nation.