Now the Chinese Are Hacking Us Through Our Limos

Kevin Mandia, CEO of the cybersecurity company Mandiant, takes a lot of limo rides. Normally, his limo company emails him PDF copies of his invoices after every trip. Recently, though, something changed. "I’ve been receiving PDF invoices not from them, but from an [advanced hacking] group back in China; that’s awesome," said Mandia in D.C. ...

Wikimedia Commons
Wikimedia Commons
Wikimedia Commons

Kevin Mandia, CEO of the cybersecurity company Mandiant, takes a lot of limo rides. Normally, his limo company emails him PDF copies of his invoices after every trip. Recently, though, something changed.

"I've been receiving PDF invoices not from them, but from an [advanced hacking] group back in China; that's awesome," said Mandia in D.C. recently. He only caught the attack when the hackers sent receipts on days when he hadn't used the car service. "I forwarded them to our security service, and they said, 'Yup, that's got a [malicious] payload.'"

Emailing a malicious file from a fake or hijacked email account belonging to the acquaintance of a hacker's target is a famous cyber-espionage tactic called spearphishing.

Kevin Mandia, CEO of the cybersecurity company Mandiant, takes a lot of limo rides. Normally, his limo company emails him PDF copies of his invoices after every trip. Recently, though, something changed.

"I’ve been receiving PDF invoices not from them, but from an [advanced hacking] group back in China; that’s awesome," said Mandia in D.C. recently. He only caught the attack when the hackers sent receipts on days when he hadn’t used the car service. "I forwarded them to our security service, and they said, ‘Yup, that’s got a [malicious] payload.’"

Emailing a malicious file from a fake or hijacked email account belonging to the acquaintance of a hacker’s target is a famous cyber-espionage tactic called spearphishing.

Hackers often search Google or social media to find the names of their target’s friends and co-workers. They then create a fake email address in the name of a friend or coworker and fire off carefully written emails containing malware to their target.

Mandiant’s digital networks are routinely attacked by Chinese hackers. This is no surprise given that last February the firm published a detailed report of Chinese military intelligence groups attacking the computers of Western businesses. But what makes this attack on Mandiant different — and what makes it a warning to other American businesses — is the intimate knowledge that the hackers seemed to have about Mandia’s business. How did these Chinese hackers know which limo service the CEO uses?

"I don’t know; that makes me wonder," Mandia told Foreign Policy.

It’s not like that kind of information is just posted on Facebook. Mandia also doubts that Chinese hackers have gained access undetected to his company’s networks — and if they did, why would they send him spearphishing emails? Instead, Mandia suspects that Chinese intelligence operatives simply showed up at public events where he was speaking and took note of his limo company.

"At a lot of these presentations, I’m standing here talking, and there are 10 foreign nationals from China. It could be they saw" Mandia using the limo, he said.

This is a textbook example of how Chinese spies don’t just target American business moguls via spearphishing and other cyberattacks. Instead, they use a combination of old-fashioned espionage and hacking to target anyone they’ve got a serious interest in.

If you thought that espionage was going totally digital, think again. Modern practitioners of espionage, like warfare, are finding ways to combine centuries-old intelligence-gathering methods with digital ones, for more effective results.

John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.

More from Foreign Policy

A worker cuts the nose off the last Ukraine's Tupolev-22M3, the Soviet-made strategic aircraft able to carry nuclear weapons at a military base in Poltava, Ukraine on Jan. 27, 2006. A total of 60 aircraft were destroyed  according to the USA-Ukrainian disarmament agreement.
A worker cuts the nose off the last Ukraine's Tupolev-22M3, the Soviet-made strategic aircraft able to carry nuclear weapons at a military base in Poltava, Ukraine on Jan. 27, 2006. A total of 60 aircraft were destroyed according to the USA-Ukrainian disarmament agreement.

Why Do People Hate Realism So Much?

The school of thought doesn’t explain everything—but its proponents foresaw the potential for conflict over Ukraine long before it erupted.

Employees watch a cargo ship at a port in China, which is experiencing an economic downturn.
Employees watch a cargo ship at a port in China, which is experiencing an economic downturn.

China’s Crisis of Confidence

What if, instead of being a competitor, China can no longer afford to compete at all?

Federal Reserve Chair Jerome Powell testifies in the U.S. Senate in Washington on Sept. 24, 2020.
Federal Reserve Chair Jerome Powell testifies in the U.S. Senate in Washington on Sept. 24, 2020.

Why This Global Economic Crisis Is Different

This is the first time since World War II that there may be no cooperative way out.

Chinese President Xi Jinping (left) and Premier Li Keqiang applaud at the closing session of the National People's Congress at the Great Hall of the People in Beijing on March 11.
Chinese President Xi Jinping (left) and Premier Li Keqiang applaud at the closing session of the National People's Congress at the Great Hall of the People in Beijing on March 11.

China Is Hardening Itself for Economic War

Beijing is trying to close economic vulnerabilities out of fear of U.S. containment.