It's Absurd Only China Gets Caught for Hacking: Expert
Writer for CNBC.com
In the wake of the uproar over China's alleged hacking of U.S. corporations this week, the CEO of U.S.-based cyber security firm Taia Global has weighed into the debate, arguing it's unfair to pinpoint China as the only source of hacking.
This week a controversial report from U.S. internet security firm Mandiant pointed the finger at a group associated with China's People's Liberation Army - suspected to be based in a 12-storey building near Shanghai - for stealing data from 141 global companies since 2006.
Following the report, the Chinese Defense Ministry made a public statement defending China and denying any involvement in illegal hacking. But critics remained unconvinced, with the CEO of news publication Business Insider calling the hacking "basically an act of war," on Wednesday.
On Thursday, Taia Global's CEO Jeffrey Carr took up for China, questioning why China is the only country that seems to be accused of cyber attacks.
"We know that many countries are engaged in these activities and yet only China ever seems to be caught, which to me, again statistically, appears to be an impossibility," Carr, who is also a cyber security analyst, told CNBC Asia's "Squawk Box."
Carr attacked the report for unfairly targeting China specifically and leaving out other countries, which are known to be embroiled in cyber security espionage, including Russia, for instance.
Russia was accused of launching cyber attacks on Estonia in 2007 after a Soviet war memorial was moved in Tallinn, Estonia and was condemned by the Kremlin, the BBC reported at the time.
"They tend to focus only on China, when in fact there are many countries that engage in intellectual property theft or trade secret theft. So this unnecessarily escalates tensions between the U.S. and China when it doesn't have to be," he said.
Carr also launched a scathing attack on inaccurate methodology used in the Mandiant report.
"I have problems with the report. One, that they never established that the Chinese military is doing the hacking, that's the report's big announcement," said Carr. "It's the Chinese military, it's this particular People's Liberation Unit (PLA) unit based in Shanghai, and they never established that that is true. In order to do that they have to eliminate all other possibilities and they failed to do that," he said.
According to Carr, Mandiant's cited methods of using Internet Protocol (IP) addresses and strings of code to identify the location of a computer or device to source the location of the hackers are invalid and using these tools provided an "exceedingly weak piece of evidence".
(Read More: Hackers Doing No Favors for China's Image)
"[Using] IP geographical location is extremely unreliable. But even if you accept it as valid, it's only geo-locating to that portion of Shanghai, which happens to have five million people. It's a major metropolitan area and it's a hub for financials and business. So it means nothing. Every major city in China has a PLA outpost," he said.
Tensions have mounted over the hacking scandal after a string of negative headlines, where various corporates have publicly voiced concerns about hacking from alleged Chinese sources. Several media organizations and corporates, most recently technology giant Apple and social networking firm Facebook, have joined the tirade of accusations against China.