This morning, private cybersecurity firm Mandiant released a report tying 141 computer attacks since 2007 to a single 12-story office building in Shanghai. That building is believed to be the headquarters of Chinese Army Unit 61398. The New York Times commissioned the report and posted a detailed article about the findings last night.
Because it reveals to attackers exactly what the defense knows, the publication of this kind of security report is very rare–especially when the report addresses the computer security of private businesses like The New York Times (which announced January 30 that it had been the victim of cyberattacks over the past four months). Such reports also make it harder to detect the same kind of attacks in the future, as hostile hackers adapt around defenses. In this case, however, both The New York Times and Mandiant felt it was important to publicize the style, national origins, and magnitude of these attacks. They hope to alert the private sector to its shared vulnerabilities, as well as to highlight the single source (the Chinese military) launching the attacks.
The Chinese government has denied responsibility for the attacks, but the hacking focused on information technology, high-end electronics, biotechnology, and transportation–all industries that China has previously identified as national priorities.
Government-linked hackers and attacks against companies like The New York Times are the future of espionage. Fortunately, the Obama administration seems to recognize that: The President announced a new cyber defense initiative aimed at better coordinating information about cyber attacks between intelligence and business, and US Cyber Command is on a major hiring spree.
But before treating this as some form of cyberwar, let’s keep in mind that the goal was information theft, not property destruction. This is espionage, not sabotage. By publishing their security report, Mandiant and The New York Times are trying to deny government-linked hackers the safe cover of national deniability.