Hackers Embed Virus in Mandiant Report

ZDNet’s Eileen Yu reported on Monday that hackers have distributed virus-infected versions of a report released last week by security firm Mandiant which linked the Chinese army to cyberattacks on U.S. corporations:

When downloaded, the tainted versions would allow hackers to remotely control infected computers after users attempted to read the report which was released last week by U.S. IT security vendor, Mandiant.

A blog post by Symantec said hackers used the report as “bait”, embedding a malware called, Trojan.Pidief, into fake reports which displayed a blank PDF document when opened. Unbeknownst to users, the tainted report would trigger the exploit code for Adobe Acrobat and Reader Remote Code Execution Vulnerability.

Symantec highlighted an e-mail in Japanese purported to be from someone in the media industry which contained a PDF attachment of the fake Mandiant report.

Cybersecurity has become a wedge in Sino-U.S. relations in recent years, and lately the two sides have traded accusations of hacking. The New York Times’ David Sanger reported earlier this week that the Obama administration is more willing than ever to call out the Chinese directly over the hacking issue:

Defining “enemies” in this case is not always an easy task. China is not an outright foe of the United States, the way the Soviet Union once was; rather, China is both an economic competitor and a crucial supplier and customer. The two countries traded $425 billion in goods last year, and China remains, despite many diplomatic tensions, a critical financier of American debt. As Hillary Rodham Clinton put it to Australia’s prime minister in 2009 on her way to visit China for the first time as secretary of state, “How do you deal toughly with your banker?”

In the case of the evidence that the People’s Liberation Army is probably the force behind “Comment Crew,” the biggest of roughly 20 hacking groups that American intelligence agencies follow, the answer is that the United States is being highly circumspect. Administration officials were perfectly happy to have Mandiant, a private security firm, issue the report tracing the cyberattacks to the door of China’s cybercommand; American officials said privately that they had no problems with Mandiant’s conclusions, but they did not want to say so on the record.

In the next few months, American officials say, there will be many private warnings delivered by Washington to Chinese leaders, including Xi Jinping, who will soon assume China’s presidency. Both Tom Donilon, the national security adviser, and Mrs. Clinton’s successor, John Kerry, have trips to China in the offing. Those private conversations are expected to make a case that the sheer size and sophistication of the attacks over the past few years threaten to erode support for China among the country’s biggest allies in Washington, the American business community.

“America’s biggest global firms have been ballast in the relationship” with China, said Kurt M. Campbell, who recently resigned as assistant secretary of state for East Asia to start a consulting firm, the Asia Group, to manage the prickly commercial relationships. “And now they are the ones telling the Chinese that these pernicious attacks are undermining what has been built up over decades.”

Meanwhile, Ezra Klein of the Washington Post reports that Chinese hackers may be wrong to focus on the U.S. capital as much as they do:

The Chinese look at Washington, and they think there must be some document somewhere, some flowchart saved on a computer in the basement of some think tank, that lays it all out. Because in China, there would be. In China, someone would be in charge. There would be a plan somewhere. It would probably last for many years. It would be at least partially followed. But that’s not how it works in Washington.

What the Chinese hackers are looking for is the great myth of Washington, what I call the myth of scheming. You see it all over. If you’ve been watching the series “House of Cards” on Netflix, it’s all about the myth of scheming. Things happen because the Rep. Frank Underwood has planned for them to happen. And when they don’t happen, it’s because someone has counterplanned against him.

I almost feel bad for the Chinese hackers. Imagine the junior analysts tasked with picking through the terabytes of e-mails from every low-rent think tank in Washington, trying to figure out what matters and what doesn’t, trying to make everything fit a pattern. Imagine all the spurious connections they’re drawing, all the fundraising bluster they’re taking as fact, all the black humor they’re reading as straight description, all the mundane organizational chatter they’re reading.

They’re missing our real strength, the real reason Washington fails day-to-day but has worked over years: It’s because we don’t stick too rigidly to plans or rely on some grand design. That way, when it all falls apart, as it always does and always will, we’re okay.