Chinese hackers broke into computers at the U.S. Chamber of Commerce and had access to everything on its systems including information on about 3 million of its members, according to a report in today's Wall Street Journal.
The report quotes unnamed sources as saying that the intrusion was discovered and shut down in May 2010, possibly a year after the hackers may have first gained access to the chamber's networks.
According to the Journal, investigators have been unable to determine specifically what information may have been compromised. However, it appears that the hackers targeted four Chamber employees who worked on Asia policy, the Journal said. About six weeks' worth of email belonging to these four employees is believed to have been stolen. In total, emails belonging to about 50 members of the Chamber appear to have been stolen, the Journal reported.
The highly targeted attack appears to have been carried out by an organized group of hackers thought to be affiliated with the Chinese government. The attackers appeared to know whom to target and what data to go after, according to the chamber's chief operating officer David Chavern. The Journal story quotes Chavern as describing the attackers and their attack methods as being very sophisticated.
The chamber learned about the intrusion only after being informed by the FBI. Upon discovering the breach, the Chamber unplugged its compromised systems and even destroyed some of them as part of a systematic security overhaul. The overhaul was done over a 36-hour period, when the hackers, who apparently were monitoring the compromised systems continuously, were on a break. It's unclear if the hackers used their access on the chamber's network to send "booby-trapped" emails to members in an effort to gain a foothold on their networks as well.
Neither the chamber nor the Chinese Embassy in Washington responded immediately to a request for comment.
Attacks such as this are not uncommon. Over the past few years, numerous U.S. government, military and commercial entities have been victims of what security analysts say is a systematic campaign by hackers based in China to steal U.S. intellectual property as well as trade and military secrets.
As far back as the early 2000s a Chinese hacking group called Titan Rain is believed to have stolen large volumes of U.S. military and nuclear information. Last year, Googlepublicly claimed that agents working on behalf of the Chinese government had broken into its computers and those of more than 30 other multinational companies.
The attacks were later identified as originating from computers with IP addresses belonging to two academic institutions in China . One of those institutions was also believed to have been linked to a 2001 attack on a White House site. Google threatened to withdraw its operations from China as a result of the attacks, but later changed its mind.
In most cases, the attacks have been highly targeted and persistent and designed to establish a permanent and surreptitious foothold in an organization's networks. Security analysts have often described the attacks as hard to detect and even harder to deal with. In many such intrusions, the attackers actively monitor the networks of their victims looking for signs that they have been detected so they can either erase their tracks or dig themselves even deeper into the network. In the case of the attack on the chamber, for instance, the hackers built at least six backdoors into compromised systems allowing them to "come and go as they pleased," according to an unidentified source quoted by the Journal.
"Chinese hackers go after useful business information," said James Lewis, director and senior fellow at the Center for Strategic and International Studies in Washington. "The chamber would be a good target," he said. Lewis said that while he doesn't have details of the attack on the Chamber, it appears to be consistent with what Chinese hackers have done in the past. "Hacking is normal business practice in China," he said.
Chinese officials themselves have vigorously denied the accusations and have pointed to a lack of proof and evidence to support the claims. The Journal story quotes a spokesman from the Chinese embassy in Washington as saying that cyberattacks are prohibited under Chinese law and that China is often the victim of similar attacks.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org .
Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.