Kevin Mandia

I used to describe them as the most polite hackers in cyberspace because they didn't author log files. They didn't delete files. They didn't change your data. They kind of let you know they were there, you know, stealing terabytes of data. And after a while, I started wondering, do they think they're doing anything wrong?

I used to describe them as the most polite hackers in cyberspace because they didn't author log files. They didn't delete files. They didn't change your data. They kind of let you know they were there, you know, stealing terabytes of data. And after a while, I started wondering, do they think they're doing anything wrong?

The New York Times going live really made the difference. Washington Post followed suit, Wall Street Journal. Everybody, you know, kind of came out after that. And it became OK to say that you had been compromised by Chinese cyber espionage. But 2004 to 2011, it really was just sort of a thing that didn't get announced.

The New York Times going live really made the difference. Washington Post followed suit, Wall Street Journal. Everybody, you know, kind of came out after that. And it became OK to say that you had been compromised by Chinese cyber espionage. But 2004 to 2011, it really was just sort of a thing that didn't get announced.

I've done my 10,000 hours of, you know, forensics on these systems, and it was alphabetical. I mean, I hate to say it, these guys were gaining access to machines and just going through the directory that started with A and then the directory that started with B. And they didn't take by file. They just took the whole directory. I used to call it the tank through the cornfield.

I've done my 10,000 hours of, you know, forensics on these systems, and it was alphabetical. I mean, I hate to say it, these guys were gaining access to machines and just going through the directory that started with A and then the directory that started with B. And they didn't take by file. They just took the whole directory. I used to call it the tank through the cornfield.

You know, it was just mowing down files and taking as much as they could.

You know, it was just mowing down files and taking as much as they could.

You know they're there. You see these terrible little scraps of, yeah, they looked at this one file. But you know they looked at 10,000 files. And the evidence has only given you the one. And you're like, oh my god, I'm getting less than 1% visibility into what they're doing here.

You know they're there. You see these terrible little scraps of, yeah, they looked at this one file. But you know they looked at 10,000 files. And the evidence has only given you the one. And you're like, oh my god, I'm getting less than 1% visibility into what they're doing here.

You know, I didn't intend to be the wolf when starting Mandiant or even prior in my career, Nicole. I just thought it was materially important to any security company that you need to have a firsthand view of what attackers are doing. You have an adversary that's trying to evade everything you do in the cyber domain. The most important position to have is kind of own that moment.

You know, I didn't intend to be the wolf when starting Mandiant or even prior in my career, Nicole. I just thought it was materially important to any security company that you need to have a firsthand view of what attackers are doing. You have an adversary that's trying to evade everything you do in the cyber domain. The most important position to have is kind of own that moment.

as you called it, the oh shit moment. It was like November, December, 2009, and a whole bunch of companies got compromised. And the one thing about Google is they had an army of people swarming to respond. So I did go out to California. I remember being somewhere in Googleplex, but more in reality, I noticed the cool bikes and the food.

as you called it, the oh shit moment. It was like November, December, 2009, and a whole bunch of companies got compromised. And the one thing about Google is they had an army of people swarming to respond. So I did go out to California. I remember being somewhere in Googleplex, but more in reality, I noticed the cool bikes and the food.

You know, it was a lot of the companies that were dealing with similar intrusion sets. You know, when we were responding to Google, we had been responding to that exact group for seven years already. It wasn't like we went, well, this is new to us. It was new to Google, I think.

You know, it was a lot of the companies that were dealing with similar intrusion sets. You know, when we were responding to Google, we had been responding to that exact group for seven years already. It wasn't like we went, well, this is new to us. It was new to Google, I think.