Was Mandiant Pushed?

Once in a while, it’s good to revisit and reconsider from a distance.  It’s just over two years since then-unknown Alexandria-based cyber security company, Mandiant vaulted into the media spotlight.  Remember? Mandiant released a report detailing a slew of cyber attacks perpetrated by the Chinese military.  More than sweeping accusations, Mandiant identified specific Red Army IP and physical facility addresses in a bold tell-all counter attack on a sophisticated and persistent Chinese cyber offensive on U.S. targets.

It was a cyber shot heard around the world.  To be sure, Mandiant shocked the world when it released the report.  Many sources inside the Federal government expressed distress and disappointment – their concern, that Mandiant had tipped the U.S. intelligence community’s hand.  The rationale, better not to let our adversaries know we were tracking them.  Removing the blind signaled to the Chinese hackers that they should simply change their addresses and methodologies.

Did anybody see the movie Imitation Games?

Here’s a question – was our government complicit in the Mandiant report?  Was this an early jab in a cyber sparing match between the U.S. and China?  In May 2014 – one year and three months after the Mandiant release, our government took the unprecedented step of identifying and bringing charges against a series of Chinese cyber attackers by name.  Perhaps the Mandiant report was a proxy offensive designed to put the Chinese on notice?

After all, how did a small firm like Mandiant lay hand on such detailed information?  How did it have the nerve to release such a controversial report – which could have capsized the firm by invoking the ire of Uncle Sam?

Let’s say the Federal government did want to leak the report through a proxy – who better than a small firm?  Using a major contractor would have been a far more transparent proxy.  Further, working through a large organization would have been more complex, taken much longer, and amped up the risk of a leak.

It’s doubtful we’ll ever know for sure, but as Alan Turing would tell us, simple things are rarely simple in cyber space.

Do you think Mandiant was pushed?

Steve O'Keeffe
About Steve O'Keeffe
Steve O'Keeffe is the founder of MeriTalk, the government IT network. MeriTalk is an online community that hosts professional networking, thought leadership, and focused events to drive the government IT dialogue. A 20-year veteran of the government IT community, O'Keeffe has worked in government and industry. In addition to MeriTalk, he founded Mobile Work Exchange, GovMark Council, and O’Keeffe & Company.