Who Mandiant Is - Essay Example

? The Mandiant Report Paper Who Mandiant is? Of late cyber attack are on the increase across the globe. Mandiant is an agency investigating and advocating for safe computer and data handling practices. The agency has been playing critical role in investigating trends of data handling as well as data theft across the globe. Data theft or data handling methods tend to attract more interest from various stakeholders. Mandiant primary concern has been to investigate the computer security breaches. In it reports, it has established numerous flaws in computer network security as well as identifying perpetrators. The concern identified and highlighted by Madiant is critical to the future of the network industry. The activities of the perpetrators as indicated by Madiant are a threat to the security of various governments across the globe (Lambert, 2013). Why the report was written? Madiant report examines a number of issues; first, it identifies the cropping trends that threaten the network security. The network security is important because it helps in preserving useful information about an institution within a given country. Moreover, illegal acquisition of information is unacceptable across globe. Information laws tend to define the extent to which an institution can seek information or engage each other in acquiring certain information. Unfortunately, the APT1 the main perpetrator in this situation seems to be acquiring certain information from various institutions without the knowledge of these institutions. Second, the report explores cyber espionage campaign. The growing cyber espionage campaign has reached a threatening level. The escalating cyber espionage by a specific perpetrator APT1 over others across the globe is alarming. In response to this observation Madiant wish to bring the attention of the whole world this unscrupulous group. Arguably, by presenting the report to the world, various governments would not only join hands in condemning the act, but would also loud initiatives aimed at creating cyber network environment where such practices do not find space. Lastly, the report is an insight about the escalating trends in the cyber network world. Although the world favors scientific activities, it does not welcome activities that seems to destroy the present gains. Cyber threat should attract condemnation across the globe because of various reasons such as breach of secrecy laws as well as threatening world peace (Lambert, 2013). The intrusion by the perpetrators may lead to leaks in security information, consequently, leading to security lapses. The main question that the report tends to answer is the owner of APT1. The question such as the intention of APT1 as well as who support their activity seems to form the premise of this report. Since the institutionalization of Madiant, it has conducted numerous researches about various cyber espionage, however, the trends of APT1 has been suspicious. The fact that the group has continued to attack various cyber network and still security information tends to suggest that the institution has some hidden objectives. Madiant report is condemnation of cyber espionage activities of China or groups believed to be receiving funding from the Chinese government. Madiant views cyber espionage as a threat peaceful coexistence between countries. Cyber networks run by various institutions especially governmental institutions contain information about a country’s affair (Carr, 2013). This seems to suggest that hacking such information contributes to leakage and exposure of such information to unauthorized identities. The suspicions of Madiant stems from the fact that the host country of APT1 does not show any support towards curtailing the activities of this group. If the Chinese government were not an interested party to the cyber espionage, it would take an initiative towards curtailing the missions of this group. Another suspicion of Madiant is the fact that APT1 trends are similar to those attributed to Chinese department of defense (US News, 2013). It follows, from this observation that the trends employed by the perpetrator are not strange to the Chinese government. In a superficial view, one might mistake report as a victimization of the Chinese authority, but a critical look seems to support the assertion that the Chinese government is responsible either funding or supporting the activities of APT1. Evidently, the areas pointed out by the report seem to illustrate the collaboration between the Chinese government and APT1 in advancing activities that hinder cyber network security. Other literatures seem to point of the Chinese government attitude of limiting or monitoring cyber network (US News, 2013). Although the Chinese laws allows the government to monitor private information of various institutions, this law does not extend to the global scale On this note, the report seems to suggest that the activities of APT1 is illegal and instigated by the Chinese government to illegally seek security information of their rival countries. Arguably, of what intention does the Chinese government harbor the activities of APT1? Who is APT1? Madiant established that APT1 is the 2nd Bureau of People’s Liberation Army (PLA) General Staff Department’s Designator (MUCD) as Unit 61398. It made this conclusion after monitoring the work of Unit 61398 which China regards as a secret service. Other factors that led to the disclosing the identity of APT1 include the tracking of APT1 network in Shanghai specifically in Pudong New Area where Unit 61398 exist. The evidence of trace adduced against APT1 explored the activities of the group as well as its link with the Military Units. The fact that China Telecom supplied network fiber to the national defense further cements the notion of Maridiant. What conclusions led Mandiant to believe that APT1 is who they think it is? Madiant focused its research on a number of factors including composition of APT1, it methodology, as well as the length it has taken in attacking cyber networks. Further, the tracking of the IP addresses of various units believed to be perpetrating cyber espionage led to a single conclusion that the APT1 had its base in Shanghai new the military unit. Madiant established that APT1 attacked 141 companies from 20 industries. The consistency in tracing the source of the attack creates the grounds for arguing that APT1 is a government sponsored firm. Additionally, the nature of attacks that it conducts seems to track specific information. APT1 steals confidential information of institutions that it has attacked. In some cases, it has monitored information of some institutions for 365 days. Largely, if the APT1 were not an agency of the Chinese government then this government would have indicated interest in closing on their activities. Madiant has been able to trace the IP address of the APT1 to China. Any other pertinent facts and conclusions APT1 conducts its attacks periodically once it has established access to the victim’s network and steal broadband category of information including confidential information, patent information, and test result, property manufacturing procedures, partnership agreement, and emails of organization leadership among others. The tools used by APT1 to attack or access the network of the victims seems to unique and has not been used elsewhere by any other network attackers. APT1 focuses in compromising the organization across a wide range of English speaking countries. Among the 141 APT1 victims, 87% of them tend to companies from English speaking countries. Moreover, APT1 targets companies, which they feel is a threat to the strategic growth of the Chinese companies. APT1 maintains versed infrastructure of computer system across the globe. Madiant has provable fact that APT1 controls thousands of systems that support their computer intrusion activities. For instance, in the last two years, APT1 established a minimum of 937 command and control servers hosted on 849 distinct IP addresses in 13 countries. From 2011 January to 2013 January, APT1 actors conducted attack from 832 IP addresses. Further, over the years, 2551 FQDNs attribute to APT1. Other factors suggesting that APT1 is Chinese government agency include the fact that the APT1 uses Chinese language as well as IP addresses registered in Shanghai. Tracking of IP addresses is crucial factor in establishing the whereabouts of the cyber network espionage (Lambert, 2013). Largely, the amount of data that attribute APT1 activities to Shanghai tend provides conclusive evidence that the organization belongs to the Chinese government. The security code applied by APT1 is similar to that used by the Chinese military. The linking between the military and APT1 activities tend to cement the fact that the attackers belong to the Chinese government. Further, APT1 is interested in stealing crucial information of rival companies in English speaking countries. References Carr, J. (2013). Mandiant APT1 Report Has Critical Analytic Flaws. Retrieved on 11 Nov, 2013 from http://jeffreycarr.blogspot.com/2013/02/mandiant-apt1-report-has-critical.html Lambert, P. (2013). What the Mandiant report reveals about the future of cyber espionage. Retrieved on 11 Nov, 2013 from http://www.techrepublic.com/blog/it-security/what-the- mandiant-report-reveals-about-the-future-of-cyber-espionage/ US News. (2013). This is How China Hacks America: inside the Mandiant Report. Retrieved on 11 Nov, 2013 from http://www.thedailybeast.com/articles/2013/02/19/this-is-how-china- hacks-america-inside-the-mandiant-report.html. Read More