Image: clipart.com
Mandiant, a Virginia-based cybersecurity firm, gave America a wake-up slap across the face this week by detailing how Chinese military hackers are infiltrating U.S. companies. And Wednesday, President Barack Obama's administration responded by announcing a broad plan to fight the cybertheft of trade secrets that included diplomatic pressure to discourage it.
The White House didn't specifically mention China, nor did he offer details on diplomatic consequences. But experts have long suspected that China was behind much of the hacking and data theft in U.S. companies, and the Mandiant report, "APT1: Exposing One of China's Cyber Espionage Units [PDF]," left no doubt.
"This [report] ought to elevate the dialogue to the boardroom and to the general counsel office," Grady Summers, Mandiant vice president, told CorpCounsel.com.
It also increased the pressure on the Obama administration to speak more forcefully than it has so far. As part of the plan's rollout, Attorney General Eric Holder spoke of increased efforts by the U.S. Department of Justice. He also didn't specifically mention China or the Mandiant report.
"The Department has also gathered valuable intelligence about foreign-based economic espionage," he said. " We've forged strong relationships with law enforcement partners, private sector experts, and international allies.
"And we've begun to raise awareness about the devastating impact of these crimes — and to encourage companies to report suspected breaches to law enforcement."
Summers said it was clear from the White House's message that it has the right perspective and that the administration is devoting more attention to the problem.
"I'm personally hoping to see more aggressive action taken, though," Summers added. "As we showed in the report, China has overstepped boundaries with their intensive, long-term cyberespionage, and we're hoping that they will be held accountable for it."
The report, which was released Tuesday, states, "Our research and observations indicate that the Communist Party of China is tasking the Chinese People's Liberation Army (PLA) to commit systematic cyberespionage and data theft against organizations around the world."
Mandiant wrote more than 70 pages of details, including photos and video, showing how hackers in China's PLA Unit 61398 are penetrating corporate America. The hackers, working from a 12-story office building in Shanghai, are also infiltrating financial institutions, power companies, pipelines, and air traffic control centers, according to the report.
The report says Mandiant observed intrusions into 141 companies from 2006 to the present, with the hackers periodically revisiting the victim's network over months or even years, and stealing broad categories of intellectual property ranging from technology blueprints to business plans to emails. It didn't name the companies.
It called this type of hacking "advanced persistent threats," and labeled the Chinese unit "APT1."
Chinese officials denounced the report as "untenable," while counter-accusing the United States of hacking into their computers.
In the report, Mandiant said, "It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively ... We hope that this report will lead to increased understanding and coordinated action in countering APT network breaches."
Some of the reaction to the report was swift and strong. "If the Chinese government flew planes into our airspace, our planes would escort them away. If it happened two, three, or four times, the President would be on the phone and there would be threats of retaliation," Shawn Henry, former FBI executive assistant director, told the Associated Press. Henry is president of the security firm CrowdStrike.
"This is happening thousands of times a day," Henry told the AP. "There needs to be some definition of where the red line is and what the repercussions would be."
Jody Westby, chief executive of Global Cyber Risk in Washington, D.C., agreed. The report, she said, highlights the seriousness of the issue, to law firms as well as to every industry sector.
"The administration has to start focusing on it as a diplomatic issue," Westby said. "We need them to start standing up to nation states that we think are sponsoring cyberespionage. It is costing our companies money and goes to our national and economic security."
The Mandiant report also contains detailed indicators to help companies spot the Chinese intruders. "It is our sincere hope that this report can temporarily increase the costs of Unit 61398's operations and impede their progress in a meaningful way," Mandiant said.
"We are acutely aware of the risk this report poses for us," Mandiant added. "We expect reprisals from China as well as an onslaught of criticism."
But Michael DuBose, managing director and leader of the cyberinvestigations practice for consultant Kroll Advisory Solutions, called the information sharing "a good thing all around."
Dubose, a federal prosecutor for 23 years including four years as chief of the computer crime section at DOJ, added, "The threats already exist, so to extent that you can give others a heads up to their existence and they can investigate their own networks, it is a very positive thing."
On Wednesday, Mandiant's Summers said supporters have outnumbered critics "about a thousand to one. And organizations are telling us they are already using the data to scan their logs."
