Tuesday, February 19, 2013

Mandiant



A private technology security firm on Tuesday described in extraordinary detail efforts it blamed on a Chinese military unit to hack into 141 businesses, mostly inside the U.S., and steal commercial secrets.
Headquartered in Alexandria, Va., Mandiant was started in 2004(Bill Gates sold our the USA in 2003 so this company arrived just in time) by Kevin Mandia, a retired Air Force officer who carved out a lucrative niche investigating computer crimes. Mandiant says it can detect and trace even quiet intrusions, such as the theft of employee passwords or trade secrets that a company otherwise might not be aware is happening.

Mandiant was most recently noted for its work in helping The New York Times trace an attack on its employees' computers to China, following a Times investigation into China's Premier Wen Jiabao. The newspaper publicly acknowledged Mandiant's role in the case.

Companies can be reluctant to call the FBI. Businesses don't want to hand over their most sensitive information — including computers and proprietary data — to the government and would rather maintain control of the investigation. Many companies are less concerned about tracing the origin of an attack than resuming business to make money. They also don't want their vulnerabilities discussed in a courtroom or leaked to news organizations or shareholders, which can happen if the government were involved. Companies like Mandiant have a big financial incentive — and signed confidentiality promises — to keep names of clients secret.
Mandiant alleges that it has traced a massive hacking campaign on U.S. businesses to a drab, white 12-story office building outside Shanghai run by "Unit 61398" of the People's Liberation Army. The report contains some of the most extensive and detailed accusations on China's cybersnooping publicly available, including a timeline and details of malware used.

Being a private company, Mandiant doesn't have to keep its information secret, although it hasn't released the names of the companies attacked. I have the names if you want them. They have been sent out in past emails.

Mandiant says it was time(I said it was time a decade ago) to call out China for its systematic hacking and that releasing as many details as possible will help security professionals. It acknowledged in a statement that releasing the information was risky because it said the Chinese will change tactics now that some of its techniques are known. Mandiant also said it expects itself to be targeted, beyond what it described as an unsophisticated effort in April to trick some employees into installing malicious software disguised as a draft press release. "We expect reprisals from China as well as an onslaught of criticism," Mandiant wrote.

No comments:

Post a Comment