Seven reasons why claims of PLA hacking fail the test
Graeme Maxton says the claim that the PLA is running an organised hacking operation from a building in Shanghai not only lacks convincing evidence, but its timing is also too convenient
Recently, a US company few of us had heard of gained instant fame for saying the People's Liberation Army was behind a lot of computer hacking. That may be. But the claims made by Mandiant should also be treated with caution, and not just because they have been vigorously denied.
There are seven reasons.
First, the report said exactly what many people wanted to hear. It reinforced the belief that China is the world's worst cyber bogeyman and gives Western diplomats another cudgel to wield in Beijing. Neither Iran nor Afghanistan is a credible cyber villain and with the US State Department wanting to turn up the heat in the Pacific, it was useful to have someone point the finger at China. In truth, many big governments have sophisticated hacking capabilities today, particularly the US.
Second, the timing of the report was extremely useful for the US defence industry. The US military is facing the biggest cuts to its budget for years, with the potential for widespread reductions imminent. A report that strengthens the case for additional spending, especially when it appears to come from an independent source, was just what was needed.
Third, the timing of the report was also perfect for Mandiant, and this was not a coincidence. The company published its findings just days before a big annual get-together on computer security, the RSA Conference. Like many of its rivals in years gone by, it issued a sensationalist report before the meeting started because it was looking for the limelight.
The fourth reason we should raise an eyebrow is the fact that Mandiant is a private company that sells IT security. The report did not come from a dedicated government intelligence unit or some private investigation firm. It came from a company which is trying to sell IT security. It is in the firm's interests to tell the world that there are nasty threats and to point the finger at everyone's favourite baddie.
Fifth, if you read the report, and it appears few journalists or commentators have done so, it is easy to see that it is high on accusations but less meaty when it comes to evidence. Many conclusions are rather far-fetched, appearing to fit a hypothesis more than proving a solid case. There are a lot of fancy charts, some highly complicated program tables and a generous sprinkling of unnecessary Chinese characters to give it an air of authenticity.
