Enter multiple symbols separated by commas

Cybersecurity Firm Says It Is Under Attack

Photographer | Collection | Getty Images

Mandiant, the cybersecurity firm that in February released a ground-breaking report detailing the suspected activities of a Chinese military hacking unit, told CNBC on Wednesday it is suffering the consequences of going public.

The firm said it saw "very aggressive reconnaissance" of its online systems after it published the report, which focused on a Shanghai-based Chinese Army unit known as the 2nd Bureau of the People's Liberation Army (PLA) General Staff Department's 3rd Department.

(Read More: China to US on Hacking: You've Got No Proof)

And over the past 10 days, the firm's chief security officer said, Mandiant has found itself under a sustained distributed denial of service attack from computers based in China. "The attack has been sustained, and it's been directed out of China for the most part," said Richard Bejtlich, Mandiant's chief security officer.

However, he cautioned that Mandiant cannot say for sure who is behind the attack—or whether it even comes from the Chinese army unit singled out in its report.

"It could be a patriotic Chinese hacker, or it could be someone who doesn't like Mandiant very much who took over Chinese servers to attack us," Bejtlich said. "It's not sufficient for us to do attribution."

(Read More: Chinese Hacking Defense 'Hard to Believe': Security Expert)

Mandiant's disclosure of a cyber counterattack comes even as U.S. Treasury Secretary Jack Lew is in Beijing meeting with Chinese government leaders. U.S. government officials said persistent hacking is one topic Lew is raising with the Chinese government officials he meets with this week.

Bejtlich said Mandiant has been able to detect changes in the behavior of the Chinese military unit it focused on since its report became public.

"They were caught off guard by this," he said. "I don't think they expected a private company to put this information out there."

(Read More: US Sharing Classified Information to Stop Hack Attacks)

He said Mandiant does not know what's caused the reduction in activity by the Chinese hacking unit, but it may be that they are pausing to assess how they were exposed and what to do about it. "I wonder if their commanders are saying, 'what do we need to do to fix our operations,'" Bejtlich said.

Bejtlich said Mandiant expected a response to its report and that so far the firm's cyberdefenses are holding up to the attack and no information has been compromised.

In the past, Chinese government officials have denied involvement in a systematic cyberespionage campaign against the United States.

-By CNBC's Eamon Javers; Follow him on Twitter: @eamonjavers

Investigations Inc.: Cyber Espionage

  • When a person enters information on a website, like an email or credit card, it gets stored in that company’s data base. Those web-based forms are a simple tool for users, but they are also another way hackers can exploit a company’s system. Instead of inputting a name into the website, cyber spies can put in a specially crafted text that may cause the database to execute the code instead of simply storing it, Alperovitch said. The result is a “malicious takeover of the system,” he said.

    By attacking business computer networks, hackers are accessing company secrets and confidential strategies and creating huge losses for the overall economy.

  • lock_laptop.jpg

    China is working feverishly to counteract its slowest GDP growth in recent years, and one of the ways it’s doing so, say U.S. officials, is through the theft of American corporate secrets.

  • hacker_keyboard_200.jpg

    US businesses are enduring an unprecedented onslaught of cyber invasions from foreign governments, organized crime syndicates, and hacker collectives, all seeking to steal information and disrupt services, cybersecurity experts say.


Technology Explained