[ISN] Commentary: Hacking allegations against China both baseless and revealing

From: InfoSec News <alerts_at_private>
Date: Thu, 21 Feb 2013 00:21:16 -0600 (CST)
http://news.xinhuanet.com/english/indepth/2013-02/20/c_132181511.htm

English.news.cn
2013-02-20

BEIJING, Feb. 20 (Xinhua) -- U.S. cybersecurity firm Mandiant on Monday claimed 
in a report that hackers related to the Chinese military attacked some U.S. 
websites, once again stirring up the "Chinese hackers threat."

Mandiant put forward as its main evidence a claim that many of the cyber 
attacks were launched from IP addresses registered in the Chinese metropolis of 
Shanghai.

However, one does not need to be a cybersecurity expert to know that 
professional hackers usually exploit what is called the botnet in other parts 
of the world as proxies for attacks, not their own computers.

Thus, it is highly unlikely that both the origins of the hackers and the 
attacks they have launched can be located.

That is why China's foreign ministry and defense ministry both described the 
firm's report as "amateurish" when they dismissed Mandiant's false accusations.

However, it is beyond belief that a firm specialized in the field of 
cybersecurity could be so indiscreetly desperate as to jump to a conclusion so 
full of loopholes, unless it has a good reason.

If one takes a closer look at Mandiant's report, it is not too difficult to 
find that it reeks of a commercial stunt.

In a statement accompanying the firm's report, Kevin Mandia, founder and CEO of 
Mandiant, seems to do nothing but market the products and services of his 
company.

"Given the sheer amount of data this particular group (the hackers) has stolen, 
we decided it was necessary to arm and prepare as many organizations as 
possible to prevent additional losses," he said.

Next time, the CEO could simply say: "See the Chinese hackers? Hurry up, come 
and buy our cybersecurity services."

Moreover, the much-hyped threat can also be attributed to some U.S. politicians 
and businessmen who always seek to use China to pursue their personal political 
and commercial interests, especially at a time when the U.S. Congress is about 
to approve a budget plan for the country's new fiscal year.

Without targeting China as a "presumed enemy," they might run short of excuses 
to demand more money to build an even stronger cyber military force or buy 
cybersecurity hardware and services from a company whose CEO used to serve in 
the U.S. air force.

As the birthplace of the World Wide Web, the United States already has a 
matchless superiority and ability to stage cyber attacks across the globe.

Currently, the U.S. military has established a significant cyber force, 
including the 780th Military Intelligence Brigade, which is a regular military 
unit tasked with carrying out cyber missions.

Earlier media reports said Iran was once attacked by U.S. military intelligence 
agencies through the Internet, while, according to China's foreign ministry, a 
majority of the cyber attacks against China come from the United States.

In fact, the credibility of the United States has already been seriously 
questioned because of its government's habit of accusing other nations based on 
phoney evidence.

In 1993, the United States accused "Yinhe," a Chinese cargo ship, of carrying 
banned material for making chemical weapons to Iran. However, no suspected 
goods were found after a joint Chinese-Saudi inspection.

Similarly, facts will eventually prove that the cyber attacks accusations are 
groundless and will only tarnish the image and reputation of the company making 
them, as well as that of the United States.


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 
Received on Wed Feb 20 2013 - 22:21:16 PST

This archive was generated by hypermail 2.2.0 : Wed Feb 20 2013 - 22:14:46 PST