Groupthink is an amazing thing. The publicity surrounding attacks on the New York Times, Wall Street Journal, Washington Post, Facebook, Apple, et al. proves nothing except the saw about propaganda: if you say something often enough, it becomes truth.
A quick scan through English-language China news reveals that on the basis of one report, it is now indisputable fact that a Chinese military organization was responsible for the above-mentioned attacks. So far, the only substantive criticism of Mandiant’s report has come from Jeffrey Carr, CEO of the cybersecurity firm Taia Global, who says the report has “critical analytic flaws.”
In summary, my problem with this report is not that I don’t believe that China engages in massive amounts of cyber espionage. I know that they do – especially when an executive that we worked with traveled to Beijing to meet with government officials with a clean laptop and came back with one that had been breached while he was asleep in his hotel room.
My problem is that Mandiant refuses to consider what everyone that I know in the Intelligence Community acknowledges – that there are multiple states engaging in this activity; not just China. And that if you’re going to make a claim for attribution, then you must be both fair and thorough in your analysis and, through the application of a scientific method like ACH, rule out competing hypotheses and then use estimative language in your finding. Mandiant simply did not succeed in proving that Unit 61398 is their designated APT1 aka Comment Crew.
And that about sums it up. With so many other actors out there, any attribution that does not conclusively exclude them (Russia, Israel, France, and others) should be taken with many grains of salt. Mandiant has made minimal effort to rule out other possibilities, demonstrating the type of confirmation bias that a wary and responsible press would do well to question.
On top of that, the New York Times even admits that while the email accounts of David Barboza (Shanghai bureau chief) and Jim Yardley (former Beijing bureau chief, now South Asia bureau chief) were compromised, no documents pertaining to the Wen Jiabao story “were accessed, downloaded, or copied,” in the words of Jill Abramson, executive editor at the NYT.
“Computer security experts found no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied.”
And the holes proliferate. Carr touches on several reasons why the NY Times’s claims — bolstered by Mandiant, which sees China as a “go-to culprit” (Carr’s words) — don’t stand up to critical analysis. Examples:
The Beijing Workday Argument. The hackers could have been from anywhere in the world. The timezone that Mandiant imagines as a Beijing workday could easily apply to a workday in Bangkok, Singapore, Taiwan, Tibet, Seoul, and even Tallinn – all of whom have active hacker populations.
The Lanxiang Vocational School Argument. The article mentioned that the hackers were traced back to the “same universities used by the Chinese military to attack U.S. military contractors in the past.” If memory serves, one of those was the Lanxiang Vocational School in Jinan, the capital of Shandong province and home to a PLA regional command center. Actually, Jinan is an industrial city of six million people and more than a dozen universities. IP Geolocation to one school means absolutely nothing.
Furthermore, even if the Chinese government was involved in cyber espionage against the New York Times, it wouldn’t use its military for that. It would use its Ministry of State Security (China’s equivalent of the CIA). And they wouldn’t be stupid enough to run the attack from their own offices, which if you’re interested in checking IP addresses, is in Beijing – 274 miles from Jinan.
Again, this doesn’t mean that China is definitely not hacking. Rather, our perspective is skewed. Perhaps the question we should be asking isn’t “Who did it?” but rather “Who benefits?” So far, it appears to be US policymakers bent on beefing up cyber-security legislation using China as the go-to bogeyman. Naturally, lots of media have fallen in step, regurgitating a tired, not-at-all subtle narrative that we should know better than to accept at face value.