Tom Ridge School
of Intelligence Studies and Information Science
Mercyhurst University
Why Choose Intel at Mercyhurst?
Why Choose Intel at Mercyhurst?
The Ridge School focuses its intelligence programs on the knowledge, theory, skills, and technology that intelligence professionals must understand to be successful in the 21st century. Learn More »
Fall 2015 Deadline Extended!
Fall 2015 Deadline Extended!
We are extending our 2015 application deadlines for the Master of Science in Applied Intelligence & the Master of Science in Data Science. Apply Now »
Offering Graduate Certificates Online!
Offering Graduate Certificates Online!
Receive a Graduate Certificate in Applied Intelligence or in Business Analytics and Intelligence without stepping foot in a classroom! List of Certificate »
Innovative Techniques to Take Your CI Practice to the Next Level: A Full Day Symposium
Innovative Techniques to Take Your CI Practice to the Next Level: A Full Day Symposium
Join regionally based CI Professionals at Mercyhurst's Inaugural Symposium - the first of its kind in this region. Our featured keynote speakers, Michelle Settecase of Ernst & Young, Patrick Daly from Parker-Hannifin and Michael Finnegan of Target will present at the symposium. Learn More »

News & Events

Intel students asked to review security firm, Mandiant's, findings

Posted on Thursday, February 21, 2013 at 3:34 PM

Maybe it wasn’t China. Maybe it was, but suppose it wasn’t. That’s the reaction of at least one computer security consultant to yesterday’s blockbuster report from the security firm Mandiant, which accused a unit of China’s People’s Liberation Army of carrying out a series of hacking attacks against companies in the U.S., Canada, the U.K. and elsewhere over a series of years.

Jeffrey Carr, CEO of Taia Global, writes today in a blog post that he thinks Mandiant’s report is full of holes.

“In summary, my problem with this report is not that I don’t believe that China engages in massive amounts of cyber espionage,” he writes. “My problem is that Mandiant refuses to consider what everyone that I know in the Intelligence Community acknowledges — that there are multiple states engaging in this activity; not just China.”

Carr explains that Mandiant’s report doesn’t include a thorough analysis of alternative explanations, the purpose of which would be to exhaust the alternatives and thus narrow down the range of possible conclusions. He says that intelligence agencies like the Central Intelligence Agency routinely engage in a vetting process known as Analysis of Competing Hypotheses (ACH). This is something, Carr argues, that Mandiant didn’t do. Thus its rather explosive allegation isn’t ironclad.

“This [ACH] is rarely if ever done by information security companies, and it’s the single biggest objection that I have when it comes to individuals making claims of attribution to nation states,” he writes.

There are, Carr notes, more than 30 countries that have military hacking capabilities who may or may not have the capabilities noted by Mandiant. Also, one of Mandiant’s primary claims has to do with the attacks being traced to a certain area of outer Shanghai, an area where there are a lot of people and a lot of computers. And if the attackers are indeed in China, why wouldn’t they take greater care to cover their tracks?

In the academic world, research papers go through a process called peer review before they’re published. Carr suggests that Mandiant’s report should be subjected to the same thing. He suggests that students at the Mercyhurst University Institute for Intelligence Studies (Mercyhurst, in case you didn’t know, is sort of a feeder school for the intelligence community) take Mandiant’s findings and run them through a thorough review.

“If you’re going to make a claim for attribution, then you must be both fair and thorough in your analysis and, through the application of a scientific method like ACH, rule out competing hypotheses and then use estimative language in your finding,” he writes. “Mandiant simply did not succeed in proving that Unit 61398 is their designated APT1 aka Comment Crew.”

Read full article.

All Things D

February 20, 2013 at 7:46 am PT


Contact Us Today!