Cybersecurity Report Spotlights Risks to U.S. Business from China

It also increased the pressure on the Obama administration to speak more forcefully than it has so far. As part of the plan's rollout, Attorney General Eric Holder spoke of increased efforts by the U.S. Department of Justice. He also didn't specifically mention China or the Mandiant report.

“The Department has also gathered valuable intelligence about foreign-based economic espionage,” he said. “We've forged strong relationships with law enforcement partners, private sector experts, and international allies. And we've begun to raise awareness about the devastating impact of these crimes ' and to encourage companies to report suspected breaches to law enforcement.”

Summers says it's clear from the White House's message that it has the right perspective and that the administration is devoting more attention to the problem.

China Implicated

“I'm personally hoping to see more aggressive action taken, though,” Summers adds. “As we showed in the report, China has overstepped boundaries with their intensive, long-term cyber-espionage, and we're hoping that they will be held accountable for it.”

The report states: “Our research and observations indicate that the Communist Party of China is tasking the Chinese People's Liberation Army (PLA) to commit systematic cyber espionage and data theft against organizations around the world.”

Mandiant wrote more than 70 pages of details, including photos and video, showing how hackers in China's PLA Unit 61398 are penetrating corporate America. The hackers, working from a 12-story office building in Shanghai, are also infiltrating financial institutions, power companies, pipelines, and air traffic control centers, according to the report.

The report says Mandiant observed intrusions into 141 companies from 2006 to the present, with the hackers periodically revisiting the victim's network over months or even years, and stealing broad categories of intellectual property ranging from technology blueprints to business plans to e-mails. It didn't name the companies.

It called this type of hacking “advanced persistent threats,” and labeled the Chinese unit “APT1.”

Chinese officials denounced the report as “untenable,” while counter-accusing the United States of hacking into their computers.

In the report, Mandiant says: “It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively '. We hope that this report will lead to increased understanding and coordinated action in countering APT network breaches.”

Reaction

Some of the reaction to the report was swift and strong. “If the Chinese government flew planes into our airspace, our planes would escort them away. If it happened two, three, or four times, the President would be on the phone and there would be threats of retaliation,” Shawn Henry, president of the security firm CrowdStrike and former FBI executive assistant director, told the Associated Press. See, “Administration Developing Penalties for Cybertheft,” APNews.com.

“This is happening thousands of times a day,” Henry told the AP. “There needs to be some definition of where the red line is and what the repercussions would be.”

Jody Westby, chief executive of Global Cyber Risk in Washington, DC, agreed. The report, she says, highlights the seriousness of the issue, to law firms as well as to every industry sector. “The administration has to start focusing on it as a diplomatic issue,” Westby says. “We need them to start standing up to nation states that we think are sponsoring cyber espionage. It is costing our companies money and goes to our national and economic security.”

The Mandiant report also contains detailed indicators to help companies spot the Chinese intruders. “It is our sincere hope that this report can temporarily increase the costs of Unit 61398's operations and impede their progress in a meaningful way,” Mandiant says.

“We are acutely aware of the risk this report poses for us,” Mandiant adds. “We expect reprisals from China as well as an onslaught of criticism.”

But Michael DuBose, managing director and leader of the cyber investigations practice for consultant Kroll Advisory Solutions, calls the information sharing “a good thing all around.”

Dubose, a federal prosecutor for 23 years including four years as chief of the computer crime section at DOJ, adds: “The threats already exist, so to extent that you can give others a heads up to their existence and they can investigate their own networks, it is a very positive thing.”

Mandiant's Summers said supporters have outnumbered critics “about a thousand to one. And organizations are telling us they are already using the data to scan their logs.”

Sue Reisinger is a Senior Reporter for Corporate Counsel, an ALM magazine affiliate of Internet Law & Strategy.

Mandiant, a Virginia-based cybersecurity firm, gave America a wake-up slap across the face last month by detailing how Chinese military hackers are infiltrating U.S. companies. And on Feb. 20, President Barack Obama's administration responded by announcing a broad plan to fight the cyber theft of trade secrets that included diplomatic pressure to discourage it. See, “Administration's Strategy on Mitigating the Theft of U.S. Trade Secrets.”

The White House didn't specifically mention China, nor did it offer details on diplomatic consequences. But experts have long suspected that China was behind much of the hacking and data theft in U.S. companies, and the Mandiant report, “APT1: Exposing One of China's Cyber Espionage Units” left no doubt.

“This [report] ought to elevate the dialogue to the boardroom and to the general counsel office,” Grady Summers, Mandiant vice president, tells Internet Law & Strategy's ALM affiliate Corporate Counsel.

It also increased the pressure on the Obama administration to speak more forcefully than it has so far. As part of the plan's rollout, Attorney General Eric Holder spoke of increased efforts by the U.S. Department of Justice. He also didn't specifically mention China or the Mandiant report.

“The Department has also gathered valuable intelligence about foreign-based economic espionage,” he said. “We've forged strong relationships with law enforcement partners, private sector experts, and international allies. And we've begun to raise awareness about the devastating impact of these crimes ' and to encourage companies to report suspected breaches to law enforcement.”

Summers says it's clear from the White House's message that it has the right perspective and that the administration is devoting more attention to the problem.

China Implicated

“I'm personally hoping to see more aggressive action taken, though,” Summers adds. “As we showed in the report, China has overstepped boundaries with their intensive, long-term cyber-espionage, and we're hoping that they will be held accountable for it.”

The report states: “Our research and observations indicate that the Communist Party of China is tasking the Chinese People's Liberation Army (PLA) to commit systematic cyber espionage and data theft against organizations around the world.”

Mandiant wrote more than 70 pages of details, including photos and video, showing how hackers in China's PLA Unit 61398 are penetrating corporate America. The hackers, working from a 12-story office building in Shanghai, are also infiltrating financial institutions, power companies, pipelines, and air traffic control centers, according to the report.

The report says Mandiant observed intrusions into 141 companies from 2006 to the present, with the hackers periodically revisiting the victim's network over months or even years, and stealing broad categories of intellectual property ranging from technology blueprints to business plans to e-mails. It didn't name the companies.

It called this type of hacking “advanced persistent threats,” and labeled the Chinese unit “APT1.”

Chinese officials denounced the report as “untenable,” while counter-accusing the United States of hacking into their computers.

In the report, Mandiant says: “It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively '. We hope that this report will lead to increased understanding and coordinated action in countering APT network breaches.”

Reaction

Some of the reaction to the report was swift and strong. “If the Chinese government flew planes into our airspace, our planes would escort them away. If it happened two, three, or four times, the President would be on the phone and there would be threats of retaliation,” Shawn Henry, president of the security firm CrowdStrike and former FBI executive assistant director, told the Associated Press. See, “Administration Developing Penalties for Cybertheft,” APNews.com.

“This is happening thousands of times a day,” Henry told the AP. “There needs to be some definition of where the red line is and what the repercussions would be.”

Jody Westby, chief executive of Global Cyber Risk in Washington, DC, agreed. The report, she says, highlights the seriousness of the issue, to law firms as well as to every industry sector. “The administration has to start focusing on it as a diplomatic issue,” Westby says. “We need them to start standing up to nation states that we think are sponsoring cyber espionage. It is costing our companies money and goes to our national and economic security.”

The Mandiant report also contains detailed indicators to help companies spot the Chinese intruders. “It is our sincere hope that this report can temporarily increase the costs of Unit 61398's operations and impede their progress in a meaningful way,” Mandiant says.

“We are acutely aware of the risk this report poses for us,” Mandiant adds. “We expect reprisals from China as well as an onslaught of criticism.”

But Michael DuBose, managing director and leader of the cyber investigations practice for consultant Kroll Advisory Solutions, calls the information sharing “a good thing all around.”

Dubose, a federal prosecutor for 23 years including four years as chief of the computer crime section at DOJ, adds: “The threats already exist, so to extent that you can give others a heads up to their existence and they can investigate their own networks, it is a very positive thing.”

Mandiant's Summers said supporters have outnumbered critics “about a thousand to one. And organizations are telling us they are already using the data to scan their logs.”

Sue Reisinger is a Senior Reporter for Corporate Counsel, an ALM magazine affiliate of Internet Law & Strategy.