The U.S. Chamber of Commerce, the largest business lobbying group in the world, was hacked and all of the information stored on its computer systems was accessible to the hackers, who are suspected to have operated out of China and may have had Chinese government ties. This, according to a stunning report published Wednesday in The Wall Street Journal.
A Chamber spokesperson told TPM in a statement that the Chamber could “confirm that the quotes and background information provided by the Chamber to the Journal are accurate.”
Even more worrisome, the brazen hack might have remained undetected for up to a year, according to The Journal‘s report, which notes that the Chamber only became aware of the intrusion when it was alerted by the FBI.
It is unclear at this time how the FBI became aware of the attack in the first place. The FBI declined to comment on the report to TPM, only saying that companies are encouraged to report any suspected cyber-intrusion to their local FBI office. (The FBI, it should be noted, has taken a more conspicuous role in pursuing international hacking incidents against U.S. companies as of late, reportedly assisting in the Philippine National Police department’s apprehension of suspected hackers of AT&T customers.)
According to The Journal‘s sources close to the Chamber’s investigation, “the group behind the break-in is one that U.S. officials suspect of having ties to the Chinese government.”
Yet a spokesperson for the Chinese embassy told The Journal that the Chamber’s allegations that the attack originated from China “lacks proof and evidence.” That’s hardly an outright denial, however.
Still, the paper doesn’t offer an explanation as to what specific evidence — aside from the specificity and sophistication of the attack — leads the Chamber and government officials to conclude someone with Chinese government ties was behind the attack.
That said, the Chamber is apparently still experiencing strange events that may be related to the attack, including a thermostat communicating with a Chinese IP address and a printer randomly printing pages with Chinese characters.
The Chamber became aware of the hack in May of 2010 and the Chamber’s network was secured shortly thereafter by actually trashing some computers wholly and revamping its security system, according to the report.
Of the Chamber’s 3 million member companies and organizations, correspondence with at least 50 was compromised and these organizations were subsequently alerted, according to the report.
Despite that, “Chamber officials said they haven’t seen evidence of harm to the organization or its members,” the The Journal reported.
Indeed, sources close to the Chamber told TPM that the attack’s scope was limited to four employees and the Chamber acted swiftly and aggressively to end the attack and implement new security features to prevent it from happening again.
That’s conducive with the Journal‘s reporting that four employees working on Asian policy at the chamber were the primary targets of the attack and that six weeks-worth of their email had been compromised.
Such specificity on the part of the hackers is part of a growing wave of what security researchers call targeted attacks, in which hackers identify specific people within a company or organization whose computers they want to infiltrate and design the attacks around the targets, often using social media to pinpoint them. Then the hackers will often stoop to a common method of intrusion, such as emailing a target a Microsoft Word document containing malware.
Targeted cyber attacks are also the primary means by which hackers install “advanced persistent threats,” that is — threats designed to stay under the radar for as long as possible, allowing the hackers to conduct a longterm campaign of espionage and/or sabotage. The hackers in these cases tend to be out for something besides money and are more likely to be working to disrupt or access information for business, political, or military purposes. Stuxnet was the most infamous advanced persistent threat so far, and Duqu, another malware found around the globe in 2011, may be another.
Based on the length of time that the Chamber’s intrusion remained undetected, it appears to have been an advanced persistent threat as well.
It’s also worth pointing out that the report comes just a month after the U.S. China Economic Review Commission, a Congressional advisory panel, published its annual report stating that two U.S. government satellites experienced interference from hackers on the ground and that such interference was conducive with Chinese military writings.
We’ve reached out to the Commission for more information on this attack on the Chamber and will update when we receive a response.
