Mandiant says it was able to track an extensive hacking campaign back to the Chinese military in part by exploiting China's own Web restrictions.
China's "Great Firewall" blocks Web access to, among other things, Facebook and Twitter. People in China can get around the firewall, and very Web-savvy Chinese often do, by using Virtual Private Networks. But Chinese hackers already have access to what is presumably an extremely sophisticated VPN: the very servers they use for their foreign hacking.
This is where the hackers may have gotten into trouble. To be totally safe, they would log out of the servers used for cyber-attacks before logging into a separate, more low-key VPN that they could use to access U.S.-based social media sites.
Instead of following that procedure, according to Mandiant's report, some of the hackers got lazy: "The easiest way for them to log into Facebook and Twitter is directly from their attack infrastructure. Once noticed, this is an effective way to discover their real identities."
When the hacker uses the "attack" servers to log in to Twitter or Facebook, he or she unintentionally links the espionage servers with specific Facebook and Twitter accounts — in other words, with specific human beings.