FireEye is fully denying a claim made in a recently published book which said the company had hacked back against the Chinese Army in order to obtain inside information on the group.
The incident in question is in David Sanger's book The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age in which he describes how Mandiant, a FireEye subsidiary, came to obtain certain information on APT1. One passage states, according to a FireEye blog
, that the company's “investigators reached back through the network to activate the cameras on the hackers' own laptops."
“We did not do this, nor have we ever done this. To state this unequivocally, Mandiant did not employ "hack back" techniques as part of our investigation of APT1, does not ‘hack back' in our incident response practice, and does not endorse the practice of ‘hacking back,'” the blog states.
SC Media has attempted to contact Sanger via Twitter for a response on FireEye's statement.
However, FireEye goes on to say the mistake is understandable as some of the techniques and video Mandiant showed Sanger while he was covering the initial APT1 in 2013 could have given the impression that the researchers were in fact inside the Chinese computers. This includes Sanger being able to watch APT1 operators interacting with some command and control servers.
“To someone observing this video "over the shoulder" of one of our investigators, it could appear as live system monitoring. Nevertheless, Mandiant did not create these videos through "hacking back" or any hacking activity. All of these videos were made through information obtained via consensual security monitoring on behalf of victim companies that were compromised,” FireEye said.