Chinese hackers infiltrated US Chamber of Commerce
The computer systems of the US Chamber of Commerce, a lobbying group that represents the interest of US businesses and trade organizations, have been infiltrated by hackers.
According to several sources familiar with the investigation, it seems that the hackers have initially gained access by sending spear phishing emails rigged with malicious links to the Chamber’s employees. One (or more) of them must have followed the link and unknowingly installed the malware.
Once this initial foothold was established, the hackers proceeded to set up many backdoors into different parts of the network, and started to search for information.
According to the WSJ, the breach was discovered in May 2010 by the FBI, and the Chamber immediately hired private computer investigators to find out how it happened and what information was compromised.
The investigation revealed that the hackers had access to the network at least since November 2010, and likely even before that. According to the WSJ sources, some aspects of the attack led the investigators to believe that a hacking group operating out of China was the culprit.
They have also found evidence of the hackers searching for financial and budget information contained in a variety of documents, including the email correspondence of four Chamber employees who worked on Asia policy, but they can’t confirm that the documents have also been stolen – although they very likely have.
They did find out that the intruders have established a network of computers on IP addresses located in China from which the malware was receiving instructions and to which it could send the stolen information.
The Chinese Embassy in Washington and the Chinese Foreign Ministry predictably denied that the Chinese government had anything to do with the attack and repeated their well known position that hacking is illegal in China and that their systems are also targeted continually by hackers.
Following the investigation, the Chamber of Commerce has ramped up its network security and cleaned up its systems, but has admitted that they still do occasionally discover things like a thermostat communicating with an Internet address in China or a printer spewing out pages in Chinese characters.
David Chavern, the Chamber’s Chief Operating Officer, admitted that it is nearly impossible to keep people out. “The best thing you can do is have something that tells you when they get in. It’s the new normal. I expect this to continue for the foreseeable future. I expect to be surprised again.”