Bejtlich said Mandiant felt the timing of the report's release was good for two other reasons. "This is a time when there is a real push for security," he said. "The president just signed an Executive Order, our CEO had just testified on intelligence sharing and there are bills coming [in Congress on cybersecurity.]"
He added that there has been some frustration in the security community about the administration's apparent unwillingness to confront China. He said having White House Press Secretary Jay Carney talking about, "speaking to the Chinese in the most serious tones," is not enough. "We're here to play a part, and we wanted to present the evidence."
Bejtlich said Mandiant felt that this Army unit in particular would be particularly damaged by this. "We don't think they can pivot quickly to backup plan. This was an attempt to make life difficult for the adversary."
Gary McGraw, CTO of Cigital, suggested another possible reason. "I think the Chinese goaded them into it," he said, noting that Chinese officials, in denying any involvement with the hack of The New York Times, said it was "unprofessional" to make the accusation "without any conclusive evidence."
"They probably figured, 'OK, we'll show you some evidence,'" McGraw said.
There are also questions about the comingling of media strategy with Mandiant's commercial interest. The New York Times had hired Mandiant in January to trace an attack on the computers of reporters and other employees following the newspaper's stories on the financial dealings of China's Premier Wen Jerboa.
Mandiant then allowed The Times to break the story on its APT1 report by providing it with an advance copy, allowing time for reporters to "test the conclusions with other experts, both inside and outside government," and providing advance interviews with company leaders. The Times published its story Monday, a day before the official release of the report.
The newspaper acknowledged in its story that while Mandiant is not now working for the Times, "it is in discussions about a business relationship."
Bejtlich acknowledged that the relationship developed between Mandiant and The Times during the investigation of the newspaper hack led to the coordination of a story in The Times on the release of the report.
That is normal, Chester Wisniewski said. "It isn't unusual to prefer your customers when it comes to these things," he said.
"It was mutually beneficial," Bejtlich said. "We were not in a position to talk to others in the intelligence community, but The Times could." He added that Mandiant felt this was the best way to give the report as much exposure as possible.
He acknowledged that some other media outlets scooped by The Times, were upset. "And I'm totally sympathetic to that," he said.
Sign up for Computerworld eNewsletters.