China May Have Intended To Get Caught In The New York Times Hacking Scandal
By Robert Johnson via Business Insider
Earlier this week, Mandiant, a company hired by The New York Times to track down hackers that invaded the paper’s database, unleashed a report blaming China for the invasion.
The document went on to illustrate a complex military cyber-espionage unit based in Shanghai, that had been busy scouring the networks of more than 140 companies.
While accusations continue to fly and denials resound, there are now some who believe China may actually have meant to be caught.
“They’re very careful not to cover their tracks very well,” Yael Shahar, an Israeli cybersecurity expert at the International Institute for Counter-Terrorism, told the National Journal. “It’s a projection of power; it’s not that they’re trying to hide it,” adding that it enhanced Chinese self-perceptions of “face” to leave a calling card.
In other words, the Chinese hackers may have wanted to be exposed as a public demonstration to Washington of Beijing’s level of skill and infiltration.
The Chinese government denies such claims.
CNBC hosted one Chinese ministry spokesman who said Mandiant’s claims are “unfounded accusations based on preliminary results,” and that “China resolutely opposes hacking actions and has established relevant laws and regulations, and taken strict law enforcement measures to defend against online hacking activities.”
We posted the full report and the findings seem more than preliminary. What’s been detailed since Tuesday’s report is even more beguiling.
The Washington Post and the National Journal took time to explore how Mandiant got the break that led them to China’s elite cyber-espionage ring. It seems to imply that the hackers did an intentionally “sloppy” hack job.
First, it’s important to look at how most tech-savvy Chinese military hackers discretely access social networks. The bulk of them set up a Virtual Private Network, or VPN, to get them across the “Great Firewall of China” that blocks much of the Web from general users. Basically, it’s how crafty people access the World Wide Web from China.
Picture a bunch of different doors everywhere, but the footprints across the floor (those hacking via VPN) are all the same.
When Mandiant looked around at the “doors” opening from China’s network of servers they saw all the VPN footprints. But what caught their attention was a couple of users not using a VPN who were accessing Facebook and Twitter from China.
Rather than logging out of the “attack infrastructure” and into one of the VPNs, these two Chinese military hackers — “UglyGorilla” and “DOTA” — went straight from their military terminal to social media sites, and to Google.
This is strange because it means they were not not practicing basic online security.
Accusations, denials, outrage, and indignation have been shooting back-and-forth between nations for days and there’s the distinct possibility that being exposed is what Beijing had in mind all along.