“We probably kicked the hornet’s nest,” says Kevin Mandia, as he publishes a 76 page report on Chinese hacking secrets.
That China is interested in hacking Western networks should come as no surprise, but private cybercrime expert Kevin Mandia of Mandiant has gone the extra step and told us how he thinks they’re doing it. A 76 page report, detailing seven year’s worth of Mandiant research, has gone up on the web for all to see, and it’s a tale of Ugly Gorillas and Harry Potter fans hiding behind the Great Firewall of China, operating out of a bland office block outside Shanghai.
Mandiant profiles the personalities it believes is behind the APT1 group, from Ugly Gorilla – AKA Jack Wang, whose work carries the signature “No Doubt to Hack You” – to DOTA, a possible Defense of the Ancients fan who also loves Harry Potter. Meanwhile SuperHard works for himself as well as China, and offers to sell Trojans to whoever pays. While the group cannot be conclusively linked to the authorities, Mandiant’s report points out that “in a State that rigorously monitors Internet use, it is highly unlikely that the Chinese Government is unaware of an attack group that operates from the Pudong New Area of Shanghai … Therefore the most probable conclusion is that APT1 is able to wage such a long-running and extensive cyber espionage campaign because it is acting with the full knowledge and cooperation of the government.”
Mandiant is a recent creation, and for a while in 2004 Kevin Mandia, former military cybercrime investigator, was its sole employee. He’d given up a private sector career because he saw a niche; there wasn’t anybody else doing what Mandiant now does, though that has since changed. Now he has over 300 employees, and more than enough work to keep them all busy.
“We probably kicked the hornet’s nest,” says Mandia, adding that “tolerance is just dwindling. People are tired of the status quo of being hacked with impunity, where there’s no risk or repercussion.” Mandia’s organization is one of many digital forensics private contractors, which takes on work from private companies and governments alike. If you want their services, it’ll cost; estimates average around the $400/hour mark. But if you were thinking the time has come to strike back, Mandia urges caution. “The only time [retaliatory hacking] would really work is if we got all the bad guys out of our networks in the first place,” Mandia says. “Then you can start playing that game.”
If you want to read the Mandiant report, here it is.
Source: Guardian
