This analysis was originally written for ChinaFile at the Asia Society in October, 2014.
It was written because of the New York Times and Sony hacks, when the cybersecurity firm Mandiant was called in to trace the breaches. Mandiant issued a report presenting the forensic evidence that the Chinese were behind the break-in. Mandiant felt the evidence was important enough to issue a report that was available to private companies, government agencies and the general public.
For various reasons, the size of the shop and the need for technical expertise to do the fact-checking, my piece went unpublished by China file.
In the wake of the recent cyber-attack on the United States government agency, the Office of Personnel Management (OPM), this piece became relevant. I thought it was important enough to post this on my blog. I will follow up this piece with more on China's accession to ICANN and its recent call for imposing a "code of conduct" on the internet (Washington Examiner). Given China's track record of censorship on the internet, I feel this deserves reporting.
The world of technology moves very fast. This piece is meant to be a snapshot.
In January of 2013, the New York Times went public with the story that it had been the victim of a hack attack that had been traced to the Chinese. They were the first of U. S. media company to go public. The victim list would later include the Washington Post and the Wall Street Journal.
The Chinese dismissed the accusations.
In February of 2013, the Mandiant Company released the “APT 1 Report: Exposing One of China’s Espionage Units."
(The acronym APT stands for Advanced Persistent Threat and refers to cyber attacks by a nation-state actor, the most advanced level of threat category. APT 1 is considered a Tier One threat, higher than a non-state player, a criminal entity or an individual player.)
Mandiant, a computer security firm headquartered in the greater Washington, D. C. area, had a track record of investigating security breaches of all types and at all levels of threat at hundreds of organizations around the world.
Mandiant had been following breaches of more than 20 groups with origins in China and APT 1 was one of them, “a single organization that had conducted cyber espionage against victims since at least 2006.” (Mandiant Report, 2)
The groundbreaking element of the report was that for the first time, the forensic evidence tracked back to a specific location and to specific hackers. There was no doubt that the advanced persistent threat came from the People’s Liberation Army (PLA). The report included photographs of the real world buildings and gave their street addresses.