Chinese Hackers Infiltrate U.S. Chamber Of Commerce Computers
The sophisticated attack involved 300 Internet addresses and at least a half-dozen backdoors that the hackers created in the Chamber's systems to communicate with servers in China, The Wall Street Journal reported, quoting people familiar with the Chamber's internal investigation. The hackers had been in the lobbying group's computers at least from November 2009 to May 2010, when the Chamber quietly shutdown the infected systems.
Investigators did not know how much information was stolen, the newspaper said. What is known is that the hackers focused on four employees who worked on Asia policy. The thieves managed to take six weeks of their e-mail, which included names of companies, key Chamber contacts, trade-policy documents, meeting notes, trip reports and schedules.
Brandy Peterson, chief technology officer for Kansas City, Mo.-based FishNet Security, said the Chamber is one of an increasing number of organizations that are specifically targeted by hackers motivated by the money they can earn stealing high-value information. "It does appear that there was a significant level of sophistication in the attack," he said.
Because targets within the Chamber included people who travel to Asia, the organization had the added worry of having those employees picking up a computer virus while on a public Wi-Fi in a hotel or foreign cafe. "Depending on where you travel and how targeted you are, it can be a real problem," Peterson said.
The Federal Bureau of Investigation notified the Chamber that its data was being stolen by servers in China. After monitoring the hacker activity to determine the extent of the compromise, the Chamber unplugged and destroyed some computers and overhauled its security system. The changes included a large investment in detection equipment to enable the Chamber to discover and isolate attacks quickly.
The hacker group is suspected of having ties with the Chinese government, which has denied any involvement.