Mandiant says it was the Chinese military what did it
Thing is, I don’t trust Mandiant. (I did a news story on the new ‘China did it’ report on Infosecurity here – but now this is my opinion, not news). Mandiant suffers from being trusted by governments. I do not trust governments – and so, by association, I do not trust Mandiant.
Every time that governments want to pass some new legislation further restricting, or decimating, personal privacy and internet freedom, there is a sudden flurry of Chinese and Iranian hacks – but mostly Chinese. I think many people get it the wrong way round. The proposed legislation is not necessary because of the hacks, the hacks are necessary because of the proposed legislation.
So, in the last few weeks we have had the New York Times, Washington Post, Wall Street Journal, Twitter and Facebook. And today Mandiant says quite categorically that it was the Chinese military what did it. Which just goes to prove that Obama was right to issue his Cybersecurity Executive Order and demand the return of the Cybersecurity Act; that Ruppersberger is right to reintroduce CISPA; that Cameron is correct in his insistence on the Communications Bill; and that the unelected European Commission has only proposed the Cybersecurity Directive for our own good – all because of China.
None of these new laws will do anything much for security; but they will all allow government to maintain closer control over innocent people.
But let’s look at the Mandiant report. It makes strong argument that proof of Chinese involvement is the use of Chinese IP addresses by the hackers. Given the hacking skill that Mandiant bestows upon the Chinese military, I can’t help wondering why China would leave this obvious proof so open when it could easily use some other country’s IP addresses. Must be a double bluff, I guess.
But what about Mandiant’s motives? In the section headed “Why We Are Exposing APT1” (APT1 is the name it gives to the hacking crew it says is really the Chinese military), it says, “It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively.”
The latter part of that statement is pure philanthropy. Good on ‘em. But I’m not quite sure of the relevance of the first part to that second part. If I have a mad axeman at my front door, all I’m really concerned about is keeping him out. It isn’t actually relevant to me whether the axeman is British, American, Chinese or Aztec – I just want to keep him out. The fact is, he could indeed be Chinese. But he could equally be Israeli or British or Iranian or French or Russian or American in Halloween dress. The threat is the issue, not its source; and I don’t see why I need to give up my freedom to go out because my own government says I will be safer if I stay in and give the local policeman the keys to my door.
So for me there is a slight suggestion that perhaps there is another motive behind this report. And that’s where the closeness of Mandiant with the UKUSA government worries me.