Why Are US Companies Trying to Point Fingers at 'Chinese Hackers?'
Published in GZ Daily
(China) on 21 February 2013
by Huang Kun (link to original)
Sensationalism in the “Chinese hacker” discourse has taken a new turn. On Feb. 19, American Internet security company Mandiant published a report titled, “Exposing One of China’s Cyber Espionage Units.” The Chinese Foreign Ministry and Defense Ministry have responded to the statement with a sharp rebuttal. But one has to ask: Why are companies making a target out of “Chinese hackers?”
Looking at the Mandiant statement, one cannot help but think that it seems suspiciously like some kind of marketing stunt. The company's CEO Kevin Mandia described the so-called “Chinese hacker threat” with the following statement: “Given the sheer amount of data … stolen, we decided it was necessary to arm and prepare as many organizations as possible to prevent additional losses.” You can almost hear the call to spend money on the company’s software and services.
So what exactly is the technical proof behind these accusations? The key findings of the Mandiant report are that a great number of attacks have come from IP addresses registered in Shanghai. But those with even a modicum of knowledge about Internet security know that hackers very seldom use their own computers to directly carry out attacks. They are normally in control of massive numbers of third party computer systems and launch their attacks from behind these virtual walls, known as “botnets.”
Russian Information Agency observer Ivan Shadrin explained that cyber-hacking coming from a certain place does not prove anything, because hackers could always be using a proxy server located in China to carry out attacks. Regardless of whether they are physically located in Istanbul, Moscow or locally in the United States, under these circumstances, Chinese servers can quite possibly be used simply as a springboard.
Taking a closer look at Mandiant’s website, one can discover some interesting information: Founder Robert Mandia's career began in the U.S. Air Force, and at one time he served as a computer security officer at the U.S. Department of Defense. Perhaps by this same token, we should borrow the CV of an American career politician who has subsequently gone on to find success in the private sector and repeatedly make it headline news, somewhat like the American media's treatment of Huawei founder Ren Zheng Fei's military record. In this light, perhaps Robert Mandia's background might be enough to make us stop and think and make the association.
As a matter of fact, the American military successfully constructed Internet brigades a long time ago. For instance, take the 780th Military Intelligence Brigade, which has a public website and a publicly declared mission to conduct “computer networking missions.” Without a doubt, America, the land that gave us the Internet, is in possession of the very strongest in Internet firepower. According to media reports, Iran has been on the receiving end of cyber attacks perpetrated by American military intelligence units.
Time and time again, America has made front-page news out of “Chinese hacker threats.” This probably stems from some Americans’ peculiar psychological complex that always compels them to make something into the target of attack. If there is not a target like the old Soviet Union around to point fingers at, then how in the world will they secure the budget they need from Congress to expand the Internet brigade? For companies like Mandiant, their equipment, software and services are most likely not an easy sell.
On the eve of the ratification of America's new Congressional budget, a number of publications have in rapid succession splashed the words “Chinese cyber attacks” in bold red letters across the media landscape. Meanwhile, Mandiant has tossed their report out there and made “Chinese hackings” into a target, which is a perfect microcosm of the current prevailing practice in America.
The track record of certain Americans in the way of finger pointing is not exactly spectacular. We should all remember that approximately 20 years ago the U.S. accused the Chinese freighter Milky Way of delivering chemical weapon materials to Iran, but ultimately this was proven baseless. The facts will speak for themselves, and at the end of the day, American fabrications will only serve to damage the reputation of the U.S.
Looking at the Mandiant statement, one cannot help but think that it seems suspiciously like some kind of marketing stunt. The company's CEO Kevin Mandia described the so-called “Chinese hacker threat” with the following statement: “Given the sheer amount of data … stolen, we decided it was necessary to arm and prepare as many organizations as possible to prevent additional losses.” You can almost hear the call to spend money on the company’s software and services.
So what exactly is the technical proof behind these accusations? The key findings of the Mandiant report are that a great number of attacks have come from IP addresses registered in Shanghai. But those with even a modicum of knowledge about Internet security know that hackers very seldom use their own computers to directly carry out attacks. They are normally in control of massive numbers of third party computer systems and launch their attacks from behind these virtual walls, known as “botnets.”
Russian Information Agency observer Ivan Shadrin explained that cyber-hacking coming from a certain place does not prove anything, because hackers could always be using a proxy server located in China to carry out attacks. Regardless of whether they are physically located in Istanbul, Moscow or locally in the United States, under these circumstances, Chinese servers can quite possibly be used simply as a springboard.
Taking a closer look at Mandiant’s website, one can discover some interesting information: Founder Robert Mandia's career began in the U.S. Air Force, and at one time he served as a computer security officer at the U.S. Department of Defense. Perhaps by this same token, we should borrow the CV of an American career politician who has subsequently gone on to find success in the private sector and repeatedly make it headline news, somewhat like the American media's treatment of Huawei founder Ren Zheng Fei's military record. In this light, perhaps Robert Mandia's background might be enough to make us stop and think and make the association.
As a matter of fact, the American military successfully constructed Internet brigades a long time ago. For instance, take the 780th Military Intelligence Brigade, which has a public website and a publicly declared mission to conduct “computer networking missions.” Without a doubt, America, the land that gave us the Internet, is in possession of the very strongest in Internet firepower. According to media reports, Iran has been on the receiving end of cyber attacks perpetrated by American military intelligence units.
Time and time again, America has made front-page news out of “Chinese hacker threats.” This probably stems from some Americans’ peculiar psychological complex that always compels them to make something into the target of attack. If there is not a target like the old Soviet Union around to point fingers at, then how in the world will they secure the budget they need from Congress to expand the Internet brigade? For companies like Mandiant, their equipment, software and services are most likely not an easy sell.
On the eve of the ratification of America's new Congressional budget, a number of publications have in rapid succession splashed the words “Chinese cyber attacks” in bold red letters across the media landscape. Meanwhile, Mandiant has tossed their report out there and made “Chinese hackings” into a target, which is a perfect microcosm of the current prevailing practice in America.
The track record of certain Americans in the way of finger pointing is not exactly spectacular. We should all remember that approximately 20 years ago the U.S. accused the Chinese freighter Milky Way of delivering chemical weapon materials to Iran, but ultimately this was proven baseless. The facts will speak for themselves, and at the end of the day, American fabrications will only serve to damage the reputation of the U.S.