A look at Mandiant, allegations on China hacking

February 19, 2013 by Anne Flaherty

(AP)—A private technology security firm on Tuesday described in extraordinary detail efforts it blamed on a Chinese military unit to hack into 141 businesses, mostly inside the U.S., and steal commercial secrets. China denies the claim. Here's a look at the company, Mandiant, and why its report is significant.

What is Mandiant?

Headquartered in suburban Alexandria, Virginia, Mandiant was started in 2004 by Kevin Mandia, a retired Air Force officer who carved out a lucrative niche investigating computer crimes. Mandiant says it can detect and trace even quiet intrusions, such as the theft of employee passwords or trade secrets that a company otherwise might not be aware is happening.

Mandiant was most recently noted for its work in helping The New York Times trace an attack on its employees' computers to China, following a Times investigation into China's Premier Wen Jiabao. The newspaper publicly acknowledged Mandiant's role in the case.

Are there other companies like Mandiant? Why not just call the ?

There are other companies that specialize in cybercrime response and forensics, including CrowdStrike, Kroll Advisory Solutions, and Stroz Friedberg in New York. Others specialize in establishing and testing a company's computer defenses and monitoring traffic to detect hackers or suspicious behavior.

Companies can be reluctant to call the FBI. Businesses don't want to hand over their most sensitive information—including computers and proprietary data—to the government and would rather maintain control of the investigation. Many companies are less concerned about tracing the origin of an attack than resuming business to make money. They also don't want their vulnerabilities discussed in a courtroom or leaked to news organizations or shareholders, which can happen if the government were involved. Companies like Mandiant have a big financial incentive—and signed confidentiality promises—to keep names of clients secret.

What did Mandiant's report say? Why is it important?

Mandiant alleges that it has traced a massive hacking campaign on U.S. businesses to a drab, white 12-story office building outside Shanghai run by "Unit 61398" of the People's Liberation Army. The report contains some of the most extensive and detailed accusations on China's cybersnooping publicly available, including a timeline and details of malware used.

The U.S. government, including its intelligence agencies, almost certainly has similar and even more detailed information but it's regarded as highly classified. Being a private company, Mandiant doesn't have to keep its information secret, although it hasn't released the names of the companies attacked.

Why did Mandiant publish its findings?

Mandiant says it was time to call out China for its systematic hacking and that releasing as many details as possible will help security professionals. It acknowledged in a statement that releasing the information was risky because it said the Chinese will change tactics now that some of its techniques are known. Mandiant also said it expects itself to be targeted, beyond what it described as an unsophisticated effort in April to trick some employees into installing malicious software disguised as a draft press release. "We expect reprisals from China as well as an onslaught of criticism," Mandiant wrote.

Mandiant has an obvious commercial interest in releasing the information, too. The company said its existing customers were already warned about and protected against the techniques it discovered, and it offered a free software tool to companies and organizations to detect suspicious activity.

It puts Mandiant front-and-center at a critical time on a national debate about cybersecurity. Its founder testified earlier this month to the House Intelligence Committee on hacking threats. Last week, President Barack Obama signed an executive order aimed at improving government cooperation with industry, and Congress is weighing various legislative proposals on the matter.

Explore further: China's PLA controls hackers: US IT security firm


Related Stories

China's PLA controls hackers: US IT security firm

February 19, 2013

China's army controls hundreds if not thousands of virulent and cutting-edge hackers, according to a report Tuesday by a US Internet security firm that traced a host of cyberattacks to an anonymous building in Shanghai.

NY Times says Chinese hacked paper's computers (Update)

January 31, 2013

Chinese hackers repeatedly penetrated The New York Times' computer systems over the past four months, stealing reporters' passwords and hunting for files on an investigation into the wealth amassed by the family of a top ...

Twitter, Washington Post targeted by hackers

February 3, 2013

Social media giant Twitter is among the latest U.S. companies to report that it is among a growing list of victims of Internet security attacks, saying that hackers may have gained access to information on 250,000 of its ...

Panetta talks computer hacking issues with Chinese

September 20, 2012

(AP)—Despite several years of escalating diplomacy and warnings, the U.S. is making little headway in its efforts to tamp down aggressive Chinese cyberattacks against American companies and the government.

Haley admits hacking errors; revenue chief resigns

November 20, 2012

(AP)—South Carolina Gov. Nikki Haley says a report on a massive security breach in the state's tax collection agency shows officials could have done more to protect personal information for nearly 4 million taxpayers.

Google complaint highlights China-based hacking

February 3, 2010

(AP) -- Google's accusation that its e-mail accounts were hacked from China landed like a bombshell because it cast light on a problem that few companies will discuss: the pervasive threat from China-based cyberattacks.

Recommended for you

Google to serve next version of Android as 'Oreo"

August 22, 2017

An upcoming update to Google's Android software finally has a delectable name. The next version will be known as Oreo, extending Google's tradition of naming each version after a sweet treat.

Forget oil, Russia goes crazy for cryptocurrency

August 16, 2017

Standing in a warehouse in a Moscow suburb, Dmitry Marinichev tries to speak over the deafening hum of hundreds of computers stacked on shelves hard at work mining for crypto money.

Researchers clarify mystery about proposed battery material

August 15, 2017

Battery researchers agree that one of the most promising possibilities for future battery technology is the lithium-air (or lithium-oxygen) battery, which could provide three times as much power for a given weight as today's ...

Signs of distracted driving—pounding heart, sweaty nose

August 15, 2017

Distracted driving—texting or absent-mindedness—claims thousands of lives a year. Researchers from the University of Houston and the Texas A&M Transportation Institute have produced an extensive dataset examining how ...


Adjust slider to filter visible comments by rank

Display comments: newest first

1 / 5 (1) Feb 19, 2013
Makes you wonder how many Chinese restaurant owners are sleeper agents for the Chinese military. Why do they always seem to have the funding to start a small business, when the majority of most other Americans can't come up with such start up funds?!
not rated yet Feb 19, 2013
Makes you wonder how many Chinese restaurant owners are sleeper agents for the Chinese military. Why do they always seem to have the funding to start a small business, when the majority of most other Americans can't come up with such start up funds?!

You should check into the subsidies ant tax-breaks made available to offshore and immigrant business startups. Then you will understand just how an immigrant(much less an offshore business) who can't speak, read or write a word of the english language can prosper in the Good 'Ol US of A, while a typical native-born citizen has to struggle every day of their working life just to keep clothing, food and roof.
not rated yet Feb 19, 2013
Sorry to have gotten so far off-topic in the previous post.

Anyway, given the current socio/politico/economic situation, I suspect that this disclosure upon the part of Mandiant is just a brazen move to position themselves in the cybersecurity market.

Very good-citizen of them, and all, to make this public disclosure, but it has been "suspected" for some time that massive espionage has been undertaken by elements of the PRC government, yet there has been VERY LITTLE by way of official response from the US gubderment to combat this hacking, which represents a very serious economic threat, indeed, and could represent an even more grave physical threat.

It's hard to imagine what could justify this inaction, isn't it?

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.