The Mandiant study is interesting, but not everyone agrees with it

Feb 22, 2013 09:51 GMT  ·  By

China is not the only one criticizing the APT1 report released earlier this week by security firm Mandiant. Experts say the study has a number of flaws, and condemn the company for possibly interfering with ongoing state investigations.

While the report provides some interesting information, it appears to have attracted almost as many critics as supporters. Some say it’s flawed, while others name it a marketing stunt.

Jeffrey Carr, founder and CEO of cyber security firm Taia Global, has published a blog post detailing the critical flaws in Mandiant’s report.

“My problem is that Mandiant refuses to consider what everyone that I know in the Intelligence Community acknowledges - that there are multiple states engaging in this activity; not just China,” Carr wrote.

“And that if you're going to make a claim for attribution, then you must be both fair and thorough in your analysis and, through the application of a scientific method like ACH, rule out competing hypotheses and then use estimative language in your finding. Mandiant simply did not succeed in proving that Unit 61398 is their designated APT1 aka Comment Crew.”

Andrei Bujaki of the Internet Advisors Group has also published an interesting post on why the report “is a joke.”

“The report does not contain a single piece of evidence, contains only a list of domains, IPs and few faked emails, the thin description of a supposedly operation, the description of some tools and of a piece of malware,” Bujaki noted.

Another interesting aspect is related to the phone number of an alleged hacker revealed in the video that Mandiant published along with its report.

A Marketplace correspondent in Shanghai, China, called up the number and reached a 69-year-old woman who said she was a farmer and didn’t even know what hacking was.

On the other hand, Mandiant admits that it’s not the first company to accuse China of launching cyberattacks, but the company argues that it is the first one to “carry the ball for a little bit.”

“What do they want us to do? Get into the third floor of the [Unit 61398] building and start interviewing people? We’ve done the best we can do with the data we have,” Mandiant CEO Kevin Mandia told nywag.com.

In the meantime, here’s a less serious video from NMA World on the activities of the Chinese military hacker unit: