Who should be blamed for the surging malicious exploits against US corporations and organizations over the last few years? Look no further than the People's Liberation Army of the People's Republic of China. Or, at least, that particular army unit that operates out of a downbeat office block in a suburb of Shanghai.
Regular readers will remember that Iran was getting the blame last month for a series of attacks on US financial institutions. But this doesn't just mean the news media is fickle in handing out blame. These latest accusations arise from a report published Tuesday by the security vendor Mandiant, which states:
APT1 is likely government-sponsored and one of the most persistent of China's cyber threat actors. We believe that APT1 is able to wage such a long-running and extensive cyber espionage campaign in large part because it receives direct government support.
No prizes for guessing that:
People's Liberation Army (PLA's) Unit 61398 is similar to APT1 in its mission, capabilities, and resources. PLA Unit 61398 is also located in precisely the same area from which APT1 activity appears to originate.
Which brings us back to that office block.
Mandiant, the company that aided The New York Times in investigating its own recent hacking, is Kevin Mandia's creation. Mandia is not only a former Pentagon security officer, but also a former special investigator with the US Air Force.
The report is impressively thorough, and at least the information on which the allegations are based is transparently offered. In the case of the Iran accusations, we were offered little more than unattributed citations to government officials.
Whether China, Iran, or nongovernment actors are responsible, US enterprises should certainly be on notice, as never before, that their networks are being infiltrated with malicious intent. After all, if Burger King's Twitter feed can succumb ("Just got sold to McDonalds... FREDOM IS FAILURE" [sic]), nothing is sacred.
Back in 2011, McAfee was warning: "Every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact." Eighteen months later, is the enterprise any closer to a solution -- or improved defenses, at least? Perhaps more importantly, are we any closer to securing vital networks like the power grid?
You see, at the end of the day, what matters is not so much whether the People's Liberation Army is running exploits against The New York Times or whether the Leader of the Revolution (in Iran) is personally going under the handle "Martyr Izz ad-Din al-Qassam Cyber Fighters."
After all, it might be in US interests to make these accusations stick. It might be in China's interests to direct US attention on Iran, or vice versa. And, of course, it might be in some third party's interest to stir trouble.
What matters to enterprises and organizations is security, and that begins at home.
— Kim Davis , Community Editor, Internet Evolution