Hacking allegations against China rejected
SOME US security experts have rejected the US cybersecurity firm Mandiant’s allegations on cyber attacks from China, lambasting it “full of holes”.
Gary McGraw, CTO at Cigital, said that It is good that Mandiant found the source of advanced persistent threats (APT) in real time, but emphasizing that it is vastly different from being able to pinpoint the source of a cyberattack that takes place in a fraction of a second.
The comment came after US cybersecurity firm Mandiant last month released a report which alleged that a secret Chinese military unit in Shanghai was behind years of cyber attacks against US companies.
In Jeffrey Carr’s words. “It is full of holes,” the CEO of digital security consultancy Taia Global said in a blog post cited by Wall Street Journal website.
Carr pointed out that the entire body of evidence in the report is shaky, adding that he wanted to see standards of proof for online crimes that have been agreed by the whole information security industry.
“If you’re going to make a claim for attribution, then you must be both fair and thorough in your analysis and, through the application of a scientific method like Analysis of Competing Hypotheses(ACH), rule out competing hypotheses and then use estimative language in your finding,” he argued, adding that the method is something that Mandiant didn’t do.
It went without saying that “consequently its explosive allegation isn’t ironclad,” he wrote.
ACH is known as a vetting process routinely adopted by the intelligence agencies like the Central Intelligence Agency.
In his writing, Carr gave more evidence for his argument. “My problem is that Mandiant refuses to consider what everyone that I know in the Intelligence Community acknowledges—that there are multiple states engaging in this activity.”
There were more than 30 countries worldwide that may have military hacking capabilities noted by the company, he said, explaining that the report didn’t include a thorough analysis of alternative explanations, aiming to exhaust the alternatives and thus narrow down the range of possible conclusions.
Moreover, James Arlen, a senior con- sultant with Leviathan Security Group, expressed similar concerns about Mandiant’s report.
In addition, he claimed that US itself did not have entirely clean hands, adding that the US and Israel were behind the Stuxnet worm used to attack Iranian nuclear facilities.
“What Mandiant does not say, and which I think is important for readers to remember, is that APT0 is the United States of America,” he said.
In Mandiant’s report, it claimed that more than 20 APT groups originate in China, specifying that APT1 is a single organization of operators that has conducted a cyber espionage campaign against a broad range of victims since at least 2006.
According to the Washington Post, the American cybersecurity force is still expanding. The paper reported that the Pentagon is planning to ask for 4,000 additional civilian and military employees to be added to the US Cyber Command.
A US defense department official was quoted as saying that the US will increase the size of its cybersecurity force fivefold over the next several years. XINHUA