More

    Chinese Military’s Response to Hacking Allegations Filled with Deception, Security Firm Says

    Last week, my colleague Sue Marquette Poremba wrote a great post about the report by Mandiant that the Chinese military is aggressively engaged in cyberattacks against targets in the United States. As she noted in her post, “Not surprisingly, the Chinese government is denying any involvement in the attacks, but it appears that Mandiant has some damning evidence that the Chinese were involved this time around.” What hasn’t been reported is that there is evidence that the Chinese were engaged in deceptive behavior in denying the allegations.

    That evidence comes in the form of an analysis of the denial conducted by QVerity, a security firm founded by former CIA officers that provides training and consulting services in deception detection and critical interviewing techniques. (Full disclosure: As I’ve previously noted, I’m a partner in QVerity.) The company concluded that the Chinese “exhibited a high level of deceptive behavior in addressing the allegations.”

    The allegations were addressed in a four-paragraph statement issued on Feb. 20 by China’s Ministry of Defense in response to the Mandiant report. QVerity conducted a paragraph-by-paragraph analysis of the statement, listing the deceptive behaviors exhibited in each paragraph. The analysis was conducted on the English translation of the statement, which was issued in Chinese, on the basis of QVerity’s deception-detection methodology, as detailed in the book, “Spy the Lie: Former CIA Officers Teach You How to Detect Deception.” Here’s an excerpt from the analysis, which includes the full text of one of the paragraphs from the statement, followed by the deceptive behaviors that were identified in that paragraph:

    “Mandiant’s claim that the Chinese military engages in cyber espionage has no basis in fact. First, the report, in relying solely on linking IP addresses to reach the conclusion that the hacking attacks originated from China, lacks technical proof. Everyone knows that the use of usurped IP addresses to carry out hacking attacks happens on an almost daily basis. It is widely understood that this is a common practice online. Second, there is still no internationally clear, unified definition of what constitutes a ‘hacking attack.’ There is no legal evidence behind the report’s subjective conclusion that the everyday gathering of online information amounts to cyberspying. Third, cyberattacks are by nature transnational, anonymous and deceptive, and the origin of attacks is highly uncertain. It is therefore irresponsible to publish these claims, and it is not conducive to solving the problem.”

    ·         Unintended message: “First, the report, in relying solely on linking IP addresses to reach the conclusion that the hacking attacks originated from China, lacks technical proof.” By focusing on the literal meaning of what a person says, we can spot unintended messages, which are conveyed without the person even realizing it. Here, the unintended message appears to be that the allegation is false not because the Chinese military didn’t engage in hacking, but because the accuser lacks proof.

    ·         Convincing statements: “Everyone knows that the use of usurped IP addresses to carry out hacking attacks happens on an almost daily basis. It is widely understood that this is a common practice online.” Convincing statements are statements that are made to influence the audience’s perception. They are intended to convince us of something, rather than to convey information that gets to the truth of the matter at hand. 

    ·         Failure to understand a simple word or phrase: “There is still no internationally clear, unified definition of what constitutes a ‘hacking attack.’” In an interview scenario, we refer to this behavior as failure to understand a simple question. This strategy is typically used when a person feels trapped by the wording of the question and needs to shrink its scope.

    ·         Unintended message: “There is no legal evidence behind the report’s subjective conclusion that the everyday gathering of online information amounts to cyberspying.” Here, the unintended message appears to be that it’s not a matter of the Chinese military not being engaged in cyberspying, but that there’s no legal evidence to prove it.

    ·         Convincing statement: “Cyberattacks are by nature transnational, anonymous and deceptive, and the origin of attacks is highly uncertain.”

    ·         Attack behavior: “It is therefore irresponsible to publish these claims, and it is not conducive to solving the problem.” When the truth isn’t a person’s ally and he’s backed into a corner, especially when the matter at hand has potentially serious consequences, he often resorts to attacking his questioner or accuser. Here, the Ministry is attacking not only Mandiant for reporting the claims, but the media for publishing them.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles