IDA-backed Mandiant takes the fight to Chinese hackers
Published 24/02/2013 | 04:00
Chinese army computer hackers have been accused of masterminding a series of high-profile cyber attacks in the past week, and an IDA-backed firm is helping to fight online intruders from its Dublin base.
US IT security firm Mandiant set up operations in Dublin before Christmas and plans to employ up to 100 staff.
"We're setting up engineering production and we've already started recruiting. We'll be producing and developing the technology to help our customers," said Tom Keating, Mandiant's managing director of engineering in Ireland.
"There's a 24/7 security operations centre being set up where we'll be working with clients and helping to monitor their systems and expanding our own capabilities."
Recent news stories divulged that the computer systems of major news organisations including the New York Times, Wall Street Journal and Washington Post had been breached by hackers with alleged connections to the Chinese government.
Unsuccessful attempts were made to infiltrate the computers of Bloomberg LP, which owns Bloomberg Businessweek, as well, said Ty Trippet, a company spokesman.
China's censors are accused of trying to stifle dissent by reaching across the ocean to expose the anonymous sour-ces of Western journalists who have written negative stories about the country.
After detecting the breaches, newspapers contacted Mandiant, a nine-year-old company based in Alexandria, Virginia, with a reputation among industry insiders for technical proficiency and large egos. It also has a budding business on the frontlines of US companies' intensifying war with cyber spies.
Irish companies are highly likely to have been infiltrated by Chinese hackers, according to Mr Keating.
"I wouldn't be surprised if many organisations in Ireland have been compromised," he said . "It has to have happened here given how prevalent it is globally and how many international companies are in Ireland. But indigenous companies are at risk, too. They have information that people want.
"The latest threat report will make people think. Financial companies or those with personal information will have to start looking to see if they've been compromised. It's very bad out there. People are not fully aware how bad it is. This is big."
Mandiant has a well-publicised contract to work with the British security services' cyber terrorism outfit based at GCHQ in Cheltenham. Mr Keating declined to give information on whether the company has any major irish clients.
"I can't speak about that. I can't confirm or deny anything," he said.
"There has been a perception – and it's changing – about what is implied by having Mandiant in. People are asking, 'Have they been hacked?' But that is all changing. People do want Mandiant in now. They are the experts."
In a wave of cyber attacks beginning in 2009, dubbed Operation Aurora by security firm McAfee, sophisticated hackers in China breached the corporate networks of Google, Yahoo!, Juniper Networks, Adobe and dozens of other prominent technology companies and tried to access their source code.
The hackers seemed narrowly focused on military technology and telecommunications companies as early as 2000. They were seen as a way to purloin intellectual property and narrow the marketplace advantages enjoyed by US rivals over Chinese companies.
"These are not just casual hackers. There are organisations and criminal gangs, but a lot of it is state-sponsored and it's primarily from China," Mr Keating told the Sunday Independent.
Wiley Rein, a prominent Washington law firm working on a trade case against China, was hit in 2011, and the White House was targeted last year. Last month, hackers breached the website of the Council on Foreign Relations and rigged it to deliver malware to anyone who visited it.
Chinese hacking groups have aggressively targeted Western oil and gas companies and often their law firms and investment banks, too, as a way to get proprietary financial information, sometimes in advance of an acquisition by a Chinese company.
In 2011, when debt-plagued Chesapeake Energy put billions of dollars of its natural gas holdings on the market, its investment bank was targeted.
"You can almost think of it as part of their due diligence," said Richard Bejtlich, Mandiant's chief security officer, who said the data are often stolen by military-sponsored hacking groups and then given to Chinese companies.
"It's almost like they're thinking, 'When we report our finances, they're all garbage, so yours are probably garbage, too. I'm just going to steal it straight from you and get the real story'."
The question of whether Mandiant is better than its rivals in combating international hacking is a big topic of discussion in security circles. The company unabashedly claims it is. It says it has assembled dossiers on dozens of hacking gangs, including 22 in China.
For example, a large percentage of computer attacks from China are performed by APT 1, a Shanghai-based group also known as the Comment Crew that gained notoriety last year for obtaining the emails of the president of the European Union Council.
Mandiant said it believes the New York Times was targeted by APT 12, a stealthier group known primarily for hitting defence contractors. According to the company, the attackers had complete access to the newspaper's internal network but stuck to rifling through the files of two reporters who had written a series of stories about the personal wealth of China's Communist Party leadership.
(Additional reporting by Bloomberg)