Chinese Hackers Breached U.S. Chamber of Commerce, Report Says

Attackers may have accessed data undetected for a year, says Wall Street Journal

. What's this?

By Jaikumar Vijayan

December 21, 2011Computerworld — Chinese hackers broke into computers at the U.S. Chamber of Commerce and had access to everything on its systems including information on about 3 million of its members, according to a report in today's Wall Street Journal.

The report quotes unnamed sources as saying that the intrusion was discovered and shut down in May 2010, possibly a year after the hackers may have first gained access to the chamber's networks.

According to the Journal, investigators have been unable to determine specifically what information may have been compromised. However, it appears that the hackers targeted four Chamber employees who worked on Asia policy, the Journal said. About six weeks' worth of email belonging to these four employees is believed to have been stolen. In total, emails belonging to about 50 members of the Chamber appear to have been stolen, the Journal reported.

The highly targeted attack appears to have been carried out by an organized group of hackers thought to be affiliated with the Chinese government. The attackers appeared to know whom to target and what data to go after, according to the chamber's chief operating officer David Chavern. The Journal story quotes Chavern as describing the attackers and their attack methods as being very sophisticated.

The chamber learned about the intrusion only after being informed by the FBI. Upon discovering the breach, the Chamber unplugged its compromised systems and even destroyed some of them as part of a systematic security overhaul. The overhaul was done over a 36-hour period, when the hackers, who apparently were monitoring the compromised systems continuously, were on a break. It's unclear if the hackers used their access on the chamber's network to send "booby-trapped" emails to members in an effort to gain a foothold on their networks as well.

Neither the chamber nor the Chinese Embassy in Washington responded immediately to a request for comment.

Attacks such as this are not uncommon. Over the past few years, numerous U.S. government, military and commercial entities have been victims of what security analysts say is a systematic campaign by hackers based in China to steal U.S. intellectual property as well as trade and military secrets.

As far back as the early 2000s a Chinese hacking group called Titan Rain is believed to have stolen large volumes of U.S. military and nuclear information. Last year, Googlepublicly claimed that agents working on behalf of the Chinese government had broken into its computers and those of more than 30 other multinational companies.

Originally published on www.computerworld.com. Click here to read the original story.
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER