Kevin Mandia, who uncovered Chinese hacking, describes how he stumbled onto one of the largest domestic security breaches ever.
FORTUNE — When 42-year-old Kevin Mandia went public last February with a 60-page report detailing the Chinese theft of American trade secrets, the move propelled his cybersecurity firm Mandiant to the forefront of a national security fire storm.
The story of how Mandia discovered one of America’s largest security breaches ever — and how he prepared that damning report — is reconstructed in this issue of Fortune, which also sports Mandia’s mug on the cover. But the former Air Force intelligence officer also recalled the experience onstage at this year’s Brainstorm Tech conference, held in Aspen, Colo. Mandia noticed a pattern emerge after seven years of working with 150 or so corporate clients: an increasing number of cyberattacks originated from China, in particular, Shanghai.
For Mandia, life after the release of “APT1: Exposing One of China’s Cyber Espionage Units,” doesn’t appear to have drastically changed. “When we released this report, I sat at my desk and was like, ‘I wonder what’s going to happen,'” he said. While his computer system remains intact, Mandia admits several “spearfishing” attempts have been made.
A highly-targeted kind of cyberattack, “spearfishing” is often only conducted after the hacker has collected a significant amount of personal information about their target. In Mandia’s case, that has meant getting suspicious-looking receipts purportedly from the one and only car service he uses. Creepy? For most, sure. But since Mandia’s business revolves around responding to cyber threats, he brushes off these such personal attempts. “I have no trouble sleeping at night,” he said.
The Mandiant CEO also described how cyberattacks have shifted largely to humans targeting other humans, spearfishing being just one example where a human target might click on something that appears to come from a trusted source. Such attacks may be the most dangerous of all, not just because of the attacker but also their recipient. Explained Mandiant: “You really can’t firewall human nature. You can’t say, ‘Don’t click that link. Don’t open that email.’ They’re going to do that anyway.”