Foreign Policy

October 14, 2013

Kevin Mandia, CEO of the cybersecurity company Mandiant, takes a lot of limo rides. Normally, his limo company emails him PDF copies of his invoices after every trip. Recently, though, something changed.

"I’ve been receiving PDF invoices not from them, but from an [advanced hacking] group back in China; that’s awesome," said Mandia in D.C. recently. He only caught the attack when the hackers sent receipts on days when he hadn’t used the car service. "I forwarded them to our security service, and they said, ‘Yup, that’s got a [malicious] payload.’"

Emailing a malicious file from a fake or hijacked email account belonging to the acquaintance of a hacker’s target is a famous cyber-espionage tactic called spearphishing.

Hackers often search Google or social media to find the names of their target’s friends and co-workers. They then create a fake email address in the name of a friend or coworker and fire off carefully written emails containing malware to their target.

Mandiant’s digital networks are routinely attacked by Chinese hackers. This is no surprise given that last February the firm published a detailed report of Chinese military intelligence groups attacking the computers of Western businesses. But what makes this attack on Mandiant different — and what makes it a warning to other American businesses — is the intimate knowledge that the hackers seemed to have about Mandia’s business. How did these Chinese hackers know which limo service the CEO uses?

"I don’t know; that makes me wonder," Mandia told Foreign Policy.

It’s not like that kind of information is just posted on Facebook. Mandia also doubts that Chinese hackers have gained access undetected to his company’s networks — and if they did, why would they send him spearphishing emails? Instead, Mandia suspects that Chinese intelligence operatives simply showed up at public events where he was speaking and took note of his limo company.

"At a lot of these presentations, I’m standing here talking, and there are 10 foreign nationals from China. It could be they saw" Mandia using the limo, he said.

This is a textbook example of how Chinese spies don’t just target American business moguls via spearphishing and other cyberattacks. Instead, they use a combination of old-fashioned espionage and hacking to target anyone they’ve got a serious interest in.

If you thought that espionage was going totally digital, think again. Modern practitioners of espionage, like warfare, are finding ways to combine centuries-old intelligence-gathering methods with digital ones, for more effective results.

Previous
Previous

Hacks Against Media Outlets Part of Broader Chinese Cyber Campaign

Next
Next

The U.S. Might be Buying Weapons With Enemy Access Built In