Security

Crouching Pterodactyl, Mandiant Dragon

Leave a comment

Mandiant has an entertaining and on-going series of presentations called “State of the Hack”. In the latest episode they offered a series of slides on the threat of intellectual property and brand theft, naturally starting with the U.S. Air Force.

Corporate espionage is a serious problem globally. The Mandiant program is far more focused, however. They ignore all theft perpetrated by everyone other than China from America. I won’t try to guess why they fixate, but I also can’t help but point out that in their zeal to demonstrate the connection they mistakenly label the following image as a “China Dragon”:

Kudos to them for putting a link to the original source in their slide. I always try to do that myself and really appreciate seeing attribution. So I went to the link in their slide and right away noticed, prominently displayed at the top of the photo, the following phrase:

This is what the pterodactyl looks like

Oops. That’s no Dragon.

I guess they also don’t want you to know the photo is by Sharon.

Then I did the side-by-side comparison that they recommended, with images of the Predator B, and I noticed many clear differences.

Also not a Dragon

Maybe I see differences instead of similarities because I’m too far into the trees/details of things and missing the big-picture forest from Mandiant’s view.

I suspect if you pull back far enough not only does the word “pterodactyl” look a lot like “dragon” but eventually everything looks like it comes from China. Bada bing. I’ll be here all week.

The presentation as a whole is still worth a watch. A celebrity defense argument that comes later that is far more interesting to me. Or maybe I can digest it more easily because it doesn’t go into claims of the motives of the attacker. I find that I agree with their assessment of defensive measures, not least of all because I presented on this issue at the RSA SF Conference in 2010 and earlier at CSAS — social networking exposure parallels the lessons from celebrity exposure.

So I can guess that on most security theory I would likely agree with the presenters. But when they head down their path of focused attribution it leaves me cold, which only makes an obvious error even more difficult to ignore.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.