Kevin Mandia has "kicked the hornet's nest." Now, he's waiting to see what the consequences might be.
Mandia's computer security firm, Mandiant Corp., issued a blockbuster report nine days ago accusing the Chinese military of supporting hacker attacks into perhaps thousands of U.S. businesses.
Accusations of nation-state-sponsored hacking are nothing new, but Mandiant provided the most specific and detailed account of computer espionage that the security world has seen to this point. In it, the firm chronicled 141 attacks and even produced a short video allowing observers to watch an attack unfold in real time.
Mandia said his researchers have spent years observing hackers operating from inside an office building in Shanghai as they repeatedly raided his U.S. clients' computer systems, stealing intellectual property. Now, his small company of 300 awaits the consequences. He expects cyber-retribution. Already, he said Thursday in an exclusive interview with NBC News, someone has tried to "spear phish" his employees, sending booby-trapped emails designed to give the attacker control of Mandiant computer systems. Also, within hours of the report, Mandia said, Chinese officials scrambled to hide their tracks, changing registration information for websites listed in the report and taking computers allegedly used in the attacks offline.
Mandia agreed to be interviewed after presenting at the RSA computer security conference in San Francisco, an annual gathering of more than 20,000 experts from around the world. Mandia's speech was a hot ticket; he spoke to a packed audience who applauded several times when he explained that it was time for a U.S. firm to publicly connect the dots and directly accuse the Chinese government of sponsoring attacks on U.S. firms.
So far, the Chinese government has publicly dismissed the report, saying it provides no evidence of state-sponsored attacks. And on Thursday, the Chinese Defense Ministry pushed back, saying that Chinese defense websites are routinely attacked -- 144,000 times monthly -- by computer intruders, many of them based in the U.S.
Long theorized and discussed in hushed, speculative terms, state-sponsored cyberwarfare is now openly discussed at security gatherings like RSA. The 2009 Stuxnet attack on Iranian nuclear facilities, believed to have been orchestrated by U.S. and Israeli experts, was perhaps the first public blow in the increasingly cold cyberwar, but even that attack had its origins in research conducted years earlier. Researchers from Symantec Corp . released a paper this week at RSA saying they have found the first version of Stuxnet dates back to 2005, and that it was designed with even broader attack capabilities.
China's alleged hacking and stealing of U.S. corporate secrets will have serious impacts on the American economy, Mandia said, which is why he felt it was time to make public accusations and "kick the hornet's nest."
"The goal is for the Chinese to get somewhere faster economically. ... They may have shortcut 10 years out of their economic cycle," he said. "... We're going to see the impact emerging. ... It may cause job loss, it may cause loss of (intellectual property), it may cause trade tariffs, it may cause diplomatic headaches."
Watch the rest of the Kevin Mandia interview by clicking “play” above.
* Follow Bob Sullivan on Facebook.
* Follow Bob Sullivan on Twitter
More from Red Tape Chronicles: