20 February 2013, 11:46

Ugly Gorilla and Chinese Unit 61398 to replace Osama and Al-Qaeda as the new global threat, or “How do we sell our overpriced product?”

Ugly Gorilla and Chinese Unit 61398 to replace Osama and Al-Qaeda as the new global threat, or “How do we sell our overpriced product?”

A company selling network security services has issued an extremely detailed report on how the Chinese Army is relentlessly attacking Western computer networks and companies. With the war on terror not really producing enough terrorists to justify the hyper security state of America, they need a new focus to justify cracking down on the last bit of freedom Americans have, namely the Internet. The threat to the world is now from the Chinese Army and the evil hacker UglyGorilla, and they will get you. Really! Run for the hills!

When a message is being delivered by a messenger whose self interests are served by the message, one must always be wary.

A cyber security firm named Mandiant, based in Alexandria, Virginia, 26 minutes from the unincorporated community of Langley (the metonym for the CIA) in McLean, Virginia, has come out with a much publicized and self-serving report detailing the evil and dangerous threat posed by relentless Chinese hackers.

The report claims that advanced threat “actors”, or the more ominous sounding “Advanced Persistent Threat” (APT), operating in China and with the blessing of the Chinese Government, have been conducting, quote: “… a cyber espionage campaign against a wide range of victims since 2006” unquote.

The experts at Mandiant have no doubt done a huge amount of hacking themselves because they have, according to their own claims, “discovered” a mountain of information about that these evil Chinese “hackers” who are a part of the 2nd Bureau of the People’s Liberation Army, General Staff Department Unit 61398. Mandiant claims their information is from “open source observations” yet they make many claims that, if they are true, point to a concentrated attack on a very well defined location and the accessing of information that for China would be considered secret.

The hackers at Mandiant, or as the West would call them “cybersecurity personnel”, (U.K. Guardian calls Western hackers who attack China “cybersecurity forces”), have apparently discovered that Unit 61398 is involved in work that for China is a “state secret” and that they are involved in “harmful Computer Network Operations”.

The spying that the hackers at Mandiant have done on China does not stop there, they have named the exact building where Unit 61398 is apparently located, its physical address, the layout of the compound and the buildings, its square footage, when it was built, how many people work there, the kind of wiring and infrastructure at the facility, the training requirements of the personnel, how many networks they use, the exact data they have “stolen”, the tools the Chinese supposedly use, the exact length of time they have accessed a “victims” network (example 1,764 days), the number of victims, exactly how many terabytes of data were stolen and even three individuals who are guilty of “following orders”.

Mandiant’s hacking is superb, (Oh I am sorry when they do it, it is called “cyber security”), and they even give names to these evil Chinese “hackers”: UglyGorilla, DOTA and SuperHard! (Very Chinese sounding names of course) They even claim to have: “… videos showing actual attacker sessions and their intrusion activities”! They state this on page 5 of their report, right above a paragraph detailing their “security” products and which ones you can buy.

On page 6 Mandiant does say they are: quite possibly, perhaps a little, maybe a wee bit: mistaken, and the operations may be taking place not in the headquarters of Unit 61398 itself but quote: “… right outside of Unit 61398’s gates.”

The rest of the 74 page report gives details about the structure of the Communist Party of China and includes many pages detailing how the information was obtained, what the threats are and how you can purchase their products.

According to Mandiant’s website the threat is dire and the only one who can save you is Mandiant. Their site says, quote: “Mandiant is the ONLY information security company that can both: A) TELL A COMPANY WHEN IT HAS BEEN COMPROMISED AND B) TELL WHAT THE MATERIAL IMPACT OF THE BREECH WAS!!!

They call this an “extraordinary statement” but personally I would go with a company that could STOP THE THREAT BEFORE IT HAPPENED! Not tell me about it afterwards.

Mandiant is in the business of selling threats, (well okay in the business of responding to attacks), so the entire report may only be a self-serving marketing gimmick and it would seem China is the great (APT). This assessment can only be further backed up by their own gratuitous plugging of their products and the exaggerated language present on their site.

Some examples: “makes us the go-to company for organizations that are looking to protect their most valuable assets”, “advanced persistent threat (APT) and other targeted attackers that are attempting to compromise your most valuable assets”, “known nefarious domains to perform malicious activity”, “persistent attackers execute a series of activities to entrench themselves and compromise your systems. If you manage to kick them out, rest assured they will be back”, “Skilled, determined attackers can break, enter and succeed within minutes. Other times, they spend days plotting, establishing backdoors and fortifying their positions inside your company” and “There is no such thing as perfect security. Attackers get smarter and change tactics all of the time.” But with all this they will help you, for a price of course.

According to SC Magazine “Mandiant Intelligent Response”, the only thing to protect you from the Chinese super hackers will only cost you a mere $86,000.00. Yes that’s right ONLY $86,000.00. (Mandiant was too modest to post pricing anywhere on their site hence SC’s price quote and no other prices were found).

The Guardian seems to agree and so does Obama, the threat is real and you are a target and China is everywhere, just like Al-Qaeda: behind every tree.

$86,000.00. No problem. OR if you only have $80,000 and can’t seem to find that other $6,000 measly bucks, I will give you John’s security advice for free, two simple and cheap things any organization handling sensitive information knows: NEVER connect a sensitive and/or secure network to the Internet and ALWAYS hire people you know you can trust.

As for China, I think they might have grounds to file a complaint as it seems that they have been hacked. Or then again, maybe Obama needs to target UglyGorilla with a drone.

Imminent threats! Evil plots and relentless Communist attack! That is what has made (Langley) Virginia great and the profiteers rich! Is that UglyGorrila in your server?

The views and opinions expressed here are my own. I can be reached at robles@ruvr.ru

    and share via