Shhh, Don’t Tell Anyone! Mandiant Credits Anonymous with Helping Uncover China Hacking
Earlier today, the NYT posted this:
An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups — known to many of its victims in the United States as “Comment Crew” or “Shanghai Group” — to the doorstep of the military unit’s headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area.
“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”
What the NYT won’t tell you, Huffington Post will — namely, that Mandiant’s researchers credit Anonymous with providing the big break needed to crack the case:
Security researchers and government officials have long claimed that China is behind a growing number of cyber attacks against American computer networks, a charge that China has repeatedly denied. But Mandiant’s 73-page report was unusual in its level of detail, going so far as to profile the identities of three hackers who are believed to be working for the Chinese military. Mandiant said it was able to find connections between two of those hackers and China’s People’s Liberation Army by relying on public data first revealed by the hacker group Anonymous.
In February 2011, Anonymous gained access to the website rootkit.com — an online forum where hackers and researchers share information about hacking techniques — and published personal data of more than 40,000 registered users online. The data included email and IP addresses.
The breach was one of dozens by Anonymous over the past two years and gained relatively little media attention. But now, two years later, security researchers say the data was valuable in helping them find links between hackers and the Chinese military.
“We are fortunate to have access to the accounts disclosed from rootkit.com,” the Mandiant report said.
You can read the Mandiant report here.
Photo by Gary Lerude under Creative Commons license