Meet the Company That’s Profiting From Chinese Hacking

A building alleged by the Internet security firm Mandiant to be the home of a Chinese military-led hacking group

Photo by Peter Parks/AFP/Getty Images

A big story out today seems to confirm longstanding suspicions that computer-hacking emanating from China is an official tool of PRC government policy, in this case People’s Liberation Army Unit 61398. The sources pointing in that direction are multiple, but a key source of information is a detailed 60-page report from U.S.-based cybersecurity firm Mandiant, released today for all to read.

And of course Mandiant’s not just releasing this information for fun. Chinese hacking is big business for them. Brad Stone and Michael Riley reported earlier this month for Businessweek that Mandiant’s 2012 revenue of more than $100 million represented a 76 percent year-on-year increase. They say they represent 30 percent of the Fortune 100. Mandiant is so dominant in the China-focused counter-espionage game that the New York Times’ reporting on the Mandiant report and other sources of information abotu Chinese hacking had to include an awkward disclaimer:

Times reporters then tested the conclusions with other experts, both inside and outside government, who have examined links between the hacking groups and the army (Mandiant was hired by The New York Times Company to investigate a sophisticated Chinese-origin attack on its news operations, but concluded it was not the work of Comment Crew, but another Chinese group. The firm is not currently working for the Times Company but it is in discussions about a business relationship.)

In other words, this is a company in the right place at the right time (I have no idea whether Slate or The Washington Post Company has or has ever had or will ever have a business relationship with Mandiant). One unique advantage of performing this kind of service is that a very large share of the people in a position to contract for these kind of computer services are in no real position to assess the quality of the services being rendered. There was an old saying in the IT industry that “nobody ever got fired for buying IBM.” In other words, for a long time senior executives didn’t know much about buying computer equipment but they did know that IBM was the industry leader that everyone else bought. Eventually, of course, that changed. But today I’d say Mandiant is in a similar position. They’ve positioned themselves as the standard player in a field that a lot of people are alarmed about, but few executives can really speak to with experience or knowledge. It’s nice work if you can get it. So nice, in fact, that in the movie version obviously Mandiant itself rather than the People’s Liberation Army would be behind the hacking. Or perhaps they’re in cahoots.