The Complex

Now the Chinese Are Hacking Us Through Our Limos

Kevin Mandia, CEO of the cybersecurity company Mandiant, takes a lot of limo rides. Normally, his limo company emails him PDF copies of his invoices after every trip. Recently, though, something changed. "I’ve been receiving PDF invoices not from them, but from an [advanced hacking] group back in China; that’s awesome," said Mandia in D.C. ...

Wikimedia Commons
Wikimedia Commons

Kevin Mandia, CEO of the cybersecurity company Mandiant, takes a lot of limo rides. Normally, his limo company emails him PDF copies of his invoices after every trip. Recently, though, something changed.

"I've been receiving PDF invoices not from them, but from an [advanced hacking] group back in China; that's awesome," said Mandia in D.C. recently. He only caught the attack when the hackers sent receipts on days when he hadn't used the car service. "I forwarded them to our security service, and they said, 'Yup, that's got a [malicious] payload.'"

Emailing a malicious file from a fake or hijacked email account belonging to the acquaintance of a hacker's target is a famous cyber-espionage tactic called spearphishing.

Kevin Mandia, CEO of the cybersecurity company Mandiant, takes a lot of limo rides. Normally, his limo company emails him PDF copies of his invoices after every trip. Recently, though, something changed.

"I’ve been receiving PDF invoices not from them, but from an [advanced hacking] group back in China; that’s awesome," said Mandia in D.C. recently. He only caught the attack when the hackers sent receipts on days when he hadn’t used the car service. "I forwarded them to our security service, and they said, ‘Yup, that’s got a [malicious] payload.’"

Emailing a malicious file from a fake or hijacked email account belonging to the acquaintance of a hacker’s target is a famous cyber-espionage tactic called spearphishing.

Hackers often search Google or social media to find the names of their target’s friends and co-workers. They then create a fake email address in the name of a friend or coworker and fire off carefully written emails containing malware to their target.

Mandiant’s digital networks are routinely attacked by Chinese hackers. This is no surprise given that last February the firm published a detailed report of Chinese military intelligence groups attacking the computers of Western businesses. But what makes this attack on Mandiant different — and what makes it a warning to other American businesses — is the intimate knowledge that the hackers seemed to have about Mandia’s business. How did these Chinese hackers know which limo service the CEO uses?

"I don’t know; that makes me wonder," Mandia told Foreign Policy.

It’s not like that kind of information is just posted on Facebook. Mandia also doubts that Chinese hackers have gained access undetected to his company’s networks — and if they did, why would they send him spearphishing emails? Instead, Mandia suspects that Chinese intelligence operatives simply showed up at public events where he was speaking and took note of his limo company.

"At a lot of these presentations, I’m standing here talking, and there are 10 foreign nationals from China. It could be they saw" Mandia using the limo, he said.

This is a textbook example of how Chinese spies don’t just target American business moguls via spearphishing and other cyberattacks. Instead, they use a combination of old-fashioned espionage and hacking to target anyone they’ve got a serious interest in.

If you thought that espionage was going totally digital, think again. Modern practitioners of espionage, like warfare, are finding ways to combine centuries-old intelligence-gathering methods with digital ones, for more effective results.

John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.

More from Foreign Policy

The Taliban delegation leaves the hotel after meeting with representatives of Russia, China, the United States, Pakistan, Afghanistan, and Qatar in Moscow on March 19.

China and the Taliban Begin Their Romance

Beijing has its eyes set on using Afghanistan as a strategic corridor once U.S. troops are out of the way.

An Afghan security member pours gasoline over a pile of seized drugs and alcoholic drinks

The Taliban Are Breaking Bad

Meth is even more profitable than heroin—and is turbocharging the insurgency.

Sviatlana Tsikhanouskaya addresses the U.N. Security Council from her office in Vilnius, Lithuania, on Sept. 4, 2020.

Belarus’s Unlikely New Leader

Sviatlana Tsikhanouskaya didn’t set out to challenge a brutal dictatorship.

Taliban spokesperson Zabihullah Mujahid

What the Taliban Takeover Means for India

Kabul’s swift collapse leaves New Delhi with significant security concerns.