Massive hacker attack on US Chamber of Commerce
According to a report in the Wall Street Journal, in 2010 the US Chamber of Commerce was the victim of a massive hacker attack from China. According to the report, the intruders managed to gain access to the entire system, including information about the three million companies that are members of the Chamber; however, it is not clear exactly what information was stolen. The Chamber of Commerce represents the interests of US businesses in Washington.
A source familiar with the internal investigation told the WSJ that the hacker group responsible for the attack is suspected of cooperating with the Chinese government, although Chinese officials have denied any involvement. The report states that the hackers used spear-phishing – carefully worded emails carrying infected attachments – in order to gain access to the network. This was a complex operation involving more than 300 IP addresses.
The hackers are said to have installed at least six backdoors through which they could freely access the network. The intruders installed tools which they then used to sift through the documents of the Chamber of Commerce, searching for key words.
The break-in was discovered in May 2010 and immediately stopped. At that point the attackers may have had access to the systems for over a year. According to the WSJ, the attack was discovered by the FBI and the Chamber of Commerce was alerted. After observing the hackers' activities, the security overhaul which then followed took place over "one weekend when the hackers, who kept regular working hours, were expected to be off duty."
According to the investigators' findings, four employees who deal with Asian policy are likely to have been the target of the action: for six weeks their email correspondence was stolen.
The Chamber of Commerce has increased its security response as a result of this attack, and its employees are now prohibited from carrying their mobile computers when travelling in countries where there is an increased risk of attack. Instead, such employees will be issued with other computers which will be searched on their return.