Mandiant's release on Tuesday of a mother lode of information on Chinese hacking efforts could turn out to be a financial mother lode for the company itself.
Mandiant, founded in 2004, was well known in Internet security circles for cybercrime response and forensics before this week. But by the end of the day of the release of its 60-page report on what it said was proof of efforts by a Chinese military unit to hack into 141 businesses, most of them in the U.S. -- it was one of the highest-profile security companies in the world.
The report, titled "APT1: Exposing One of China's Cyber Espionage Units," led mainstream television network news broadcasts on Tuesday evening, and was featured on everything from National Public Radio to tech journals and blogs. Company founder Kevin Mandia, a retired Air Force officer, was interviewed by multiple media outlets.
The timing could be very good for Mandiant. Several security experts said they think it will go public sometime this year, although Mandiant CSO Richard Bejtlich would not comment on that. And, as Anne Flaherty of the Associated Press put it in an explainer on the company, the report "puts Mandiant front-and-center at a critical time on a national debate about cybersecurity. Its founder [Mandia] testified earlier this month to the House Intelligence Committee on hacking threats."
But it also raised questions about how the report was rolled out, and whether the information it collected could have been made public earlier, to assist companies that may have been hacked by APT1 or "Unit 61398" of the Chinese People's Liberation Army, but were not among Mandiant's clients. Mandiant has been tracking APT1 and other such groups in China since 2006.
The company suggested in its report that the targets of APT1 likely went well beyond its clientele. "The activity we have directly observed likely represents only a small fraction of the cyber espionage that APT1 has conducted," the report said.
But Bejtlich told CSO Online on Wednesday that Mandiant has issued public reports consistently on advanced persistent threats (APT). He said the firm's January 2010 M-Trends report specifically addressed them.
The difference in this report, he said, was that it finally felt confident enough to name a specific Chinese group, with government sponsorship, as the source of a large group of attacks. "We believed we had a really good case," he said.
Chester Wisniewski, a senior security adviser at Sophos, said that Mandiant, as a private, for-profit enterprise, doesn't really owe anyone anything. "They are entitled to share what they please," he said.
"It isn't exactly news to those of us in the business of protecting businesses from these types of attacks," he said, aside from the attribution to as specific team in China. "Most of the malware samples were already being detected by our antivirus and I presume the same to be true for others."
Sign up for Computerworld eNewsletters.