A claim by a prominent cyber security reporter that security firm Mandiant, a subsidiary of multinational security outfit FireEye, hacked into the computers of a Chinese military unit while it was investigating the activities of the group, known as APT1, appears to have alarmed the company which has issued a detailed denial.
The claims were made by David Sanger, a reporter from The New York Times, in a book titled The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age.
In one passage, Sanger wrote: "One day I sat next to some of Mandia’s team, watching the Unit 61398 hacking corps at work; it was a remarkable sight.
How can you misinterpret seeing leather jackets? He either made it up, or he saw it. https://t.co/aykdu7n4Yd
— Ryan Naraine (@ryanaraine) 25 June 2018
"My previous mental image of PLA officers was a bunch of stiff old generals sitting around in uniforms with epaulets, reminiscing about the glory days with Mao. But these guys were wearing leather jackets or just undershirts, and probably saw Mao only if they visited his mausoleum in Tiananmen Square.”
{loadposition sam08}Mandiant issued a lengthy statement in which it said, in part: "As a standard practice, in an effort to protect companies from unauthorised intrusions, we implement consensual network monitoring agreements with many victim organisations for the purposes of helping better secure those organisations.
"The videos Sanger viewed were from Windows Remote Desktop Protocol (RDP) network packet captures (PCAP) of Internet traffic at these victim organisations. Mandiant has never turned on the webcam of an attacker or victim system."
FireEye is known to be close to the US Government, with the company's chief executive, Kevin Mandia, claiming recently that US Government spooks produce "nice" malware when compared to that of other states.
Employees of private US company Mandiant hacked into computers of Chinese military, eventually resulting in APT1 report. The privatized hackback enabled US gov to more vocally criticize Chinese military hacking of US companies since there was now public unclassified reporting. https://t.co/v18HMgNvow
— Artturi Lehtiö (@lehtior2) 23 June 2018
Another statement was issued by Richard Bejtlich of Tao Security, a former Mandiant employee, who also wrote a lengthy post, denying that the company had hacked back.
Also casting doubt on Sanger's claims — and his entire book, in fact — was former NSA hacker Dave Aitel, the chief security officer of offensive security firm Immunity that was acquired by Cyxtera Technologies earlier this year.
Aitel had his own blog post attacking Sanger's book, claiming that citations were needed at various points in the tome.
A bill was introduced in the US Congress last year that would allow victims of hacking to go on the offensive when they were attacked.
The Active Cyber Defence Certainty Act, sponsored by Republican Tom Graves of Georgia and and Democrat Kyrsten Sinema of Arizona, permits individuals and companies to hack back if their aim is to disrupt, monitor or attribute the attack, or destroy stolen files.