Update: Chinese hackers breached U.S. Chamber of Commerce
Attackers may have accessed data undetected for a year, says Wall Street Journal
Computerworld - Chinese hackers once broke into computers at the U.S. Chamber of Commerce and had access to everything on the organization's systems, including information on about 3 million of its members.
A Chamber of Commerce spokesman this afternoon confirmed reports that the intrusion was discovered and shut down in May 2010, about a year after the hackers gained access to the business organization's networks.
According to a report in today's Wall Street Journal, investigators have been unable to determine specifically what information may have been compromised. However, it appears that the hackers targeted four Chamber employees who worked on Asia policy, the Journal said. About six weeks' worth of email belonging to those four employees is believed to have been stolen. In total, emails belonging to about 50 members of the Chamber appear to have been stolen, the Journal reported.
The highly targeted attack appears to have been carried out by an organized group of hackers thought to be affiliated with the Chinese government. The attackers appeared to know who to target and what data to go after, according to the Chamber's chief operating officer, David Chavern. The Journal story quotes Chavern as describing the attackers and their attack methods as being very sophisticated.
The Chamber learned about the intrusion only after being informed of it by the FBI. Upon discovering the breach, the Chamber unplugged its compromised systems and even destroyed some of them as part of a systematic security overhaul. The overhaul was conducted during a 36-hour period when the hackers, who apparently were monitoring the compromised systems continuously, were on a break. It's unclear whether the hackers used their access on the Chamber's network to send booby-trapped emails to members in an effort to gain a foothold on their networks as well.
The Chamber of Commerce spokesman today said the Journal report is accurate but declined to provide further details.
However, a source with knowledge of the attacks, who requested anonymity, said that the scope was limited and the Chamber's response was swift. Investigations by law enforcement and cybersecurity firms showed that four employees were targeted in the breach.
Since the intrusion was discovered, the Chamber has invested heavily in sophisticated security tools that can detect and isolate future attacks, the source said.
The Chinese Embassy in Washington did not respond immediately to a request for comment.
Attacks such as this are not uncommon. Over the past few years, numerous U.S. government, military and commercial entities have been victims of what security analysts say is a systematic campaign by hackers based in China to steal U.S. intellectual property as well as trade and military secrets.
As far back as the early 2000s a Chinese hacking group called Titan Rain is believed to have stolen large volumes of U.S. military and nuclear information. Last year, Google publicly claimed that agents working on behalf of the Chinese government had broken into its computers and those of more than 30 other multinational companies.
It was later determined that the attacks had originated from computers with IP addresses belonging to two academic institutions in China. One of those institutions was also believed to have been linked to a 2001 attack on a White House site. Google threatened to withdraw its operations from China as a result of the attacks, but later changed its mind.
In most cases, the attacks have been highly targeted and persistent and designed to establish a permanent and surreptitious foothold in an organization's networks. Security analysts have often described the attacks as hard to detect and even harder to deal with. In many such intrusions, the attackers actively monitor the networks of their victims looking for signs that they have been detected so they can either erase their tracks or dig themselves even deeper into the network. In the case of the attack on the Chamber, for instance, the hackers built at least six back doors into compromised systems, making it possible to "come and go as they pleased," according to an unidentified source quoted by the Journal.
"Chinese hackers go after useful business information," said James Lewis, director and senior fellow at the Center for Strategic and International Studies in Washington. "The Chamber would be a good target," he said. Lewis noted that while he doesn't have details of the attack on the Chamber, it appears to be consistent with what Chinese hackers have done in the past. "Hacking is normal business practice in China," he said.
Chinese officials themselves have vigorously denied the accusations and have said there's a lack of evidence to support the claims that attacks have taken place. The Journal story quotes a spokesman from the Chinese embassy in Washington as saying that cyberattacks are prohibited under Chinese law and that China is often the victim of similar attacks.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His email address is firstname.lastname@example.org.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Why Projects Fail CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Cybercrime and Hacking White Papers | Webcasts