Update: Chinese hackers breached U.S. Chamber of Commerce
Attackers may have accessed data undetected for a year, says Wall Street Journal
Chinese hackers once broke into computers at the U.S. Chamber of Commerce and had access to everything on the organization’s systems, including information on about 3 million of its members.
A Chamber of Commerce spokesman this afternoon confirmed reports that the intrusion was discovered and shut down in May 2010, about a year after the hackers gained access to the business organization’s networks.
According to a report in today’s Wall Street Journal, investigators have been unable to determine specifically what information may have been compromised. However, it appears that the hackers targeted four Chamber employees who worked on Asia policy, the Journal said. About six weeks’ worth of email belonging to those four employees is believed to have been stolen. In total, emails belonging to about 50 members of the Chamber appear to have been stolen, the Journal reported.
The highly targeted attack appears to have been carried out by an organized group of hackers thought to be affiliated with the Chinese government. The attackers appeared to know who to target and what data to go after, according to the Chamber’s chief operating officer, David Chavern. The Journal story quotes Chavern as describing the attackers and their attack methods as being very sophisticated.
The Chamber learned about the intrusion only after being informed of it by the FBI. Upon discovering the breach, the Chamber unplugged its compromised systems and even destroyed some of them as part of a systematic security overhaul. The overhaul was conducted during a 36-hour period when the hackers, who apparently were monitoring the compromised systems continuously, were on a break. It’s unclear whether the hackers used their access on the Chamber’s network to send booby-trapped emails to members in an effort to gain a foothold on their networks as well.
The Chamber of Commerce spokesman today said the Journal report is accurate but declined to provide further details.
However, a source with knowledge of the attacks, who requested anonymity, said that the scope was limited and the Chamber’s response was swift. Investigations by law enforcement and cybersecurity firms showed that four employees were targeted in the breach.
Since the intrusion was discovered, the Chamber has invested heavily in sophisticated security tools that can detect and isolate future attacks, the source said.
The Chinese Embassy in Washington did not respond immediately to a request for comment.
Attacks such as this are not uncommon. Over the past few years, numerous U.S. government, military and commercial entities have been victims of what security analysts say is a systematic campaign by hackers based in China to steal U.S. intellectual property as well as trade and military secrets.
As far back as the early 2000s a Chinese hacking group called Titan Rain is believed to have stolen large volumes of U.S. military and nuclear information. Last year, Google publicly claimed that agents working on behalf of the Chinese government had broken into its computers and those of more than 30 other multinational companies.
It was later determined that the attacks had originated from computers with IP addresses belonging to two academic institutions in China. One of those institutions was also believed to have been linked to a 2001 attack on a White House site. Google threatened to withdraw its operations from China as a result of the attacks, but later changed its mind.
In most cases, the attacks have been highly targeted and persistent and designed to establish a permanent and surreptitious foothold in an organization’s networks. Security analysts have often described the attacks as hard to detect and even harder to deal with. In many such intrusions, the attackers actively monitor the networks of their victims looking for signs that they have been detected so they can either erase their tracks or dig themselves even deeper into the network. In the case of the attack on the Chamber, for instance, the hackers built at least six back doors into compromised systems, making it possible to “come and go as they pleased,” according to an unidentified source quoted by the Journal.
“Chinese hackers go after useful business information,” said James Lewis, director and senior fellow at the Center for Strategic and International Studies in Washington. “The Chamber would be a good target,” he said. Lewis noted that while he doesn’t have details of the attack on the Chamber, it appears to be consistent with what Chinese hackers have done in the past. “Hacking is normal business practice in China,” he said.
Chinese officials themselves have vigorously denied the accusations and have said there’s a lack of evidence to support the claims that attacks have taken place. The Journal story quotes a spokesman from the Chinese embassy in Washington as saying that cyberattacks are prohibited under Chinese law and that China is often the victim of similar attacks.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld