A group of hackers with some connection to the Chinese government breached the Chamber of Commerce and targeted four employees working on Asian policy.
Chamber of Commerce was breached a year ago by Chinese hackers targeting four
employees working on Asia-related policy.
may have had access to the lobbying organization's network for more than a year
before they were blocked and removed in May 2010, two unidentified sources told
The Wall Street Journal
Dec. 21. A
Chamber of Commerce spokesperson confirmed the incident and told eWEEK
that the scope of the attack was
It appears the
attackers infiltrated at least 300 Internet addresses, stole six weeks of email
correspondence from four employees who were focused on Asian policy, and had
access to all the information the Chamber of Commerce has on its 3 million members. It is
not known whether the attackers actually viewed the member information, according
to The Wall Street Journal
unusual about it was that this was clearly somebody very sophisticated, who
knew exactly who we are and who targeted specific people and used sophisticated
tools to try to gather intelligence," David Chavern, the Chamber of Commerce's COO,
told The Journal
were stolen from four employees who focused on Asian policy and contained
information, such as trade policy documents, trip reports and schedules.
The FBI discovered
the breach, and the agency notified the Chamber of Commerce that information was being
stolen. The organization unplugged and destroyed several of the compromised
computers before quietly overhauling its entire network to implement
sophisticated detection equipment that would be able to isolate future attacks
that the Chamber of Commerce had to be alerted by the FBI that data from their
network was heading out to servers in China shows they did not have the
appropriate endpoint-monitoring capabilities and log management technology in
place to see who was accessing their data and where it was going," David
Pack, manager of LogRhythm Labs, told eWEEK
that the attackers had built at least a half-dozen backdoors to be able to
enter the network quietly, sources told The
. The compromised computers also quietly communicated with computers
based in China every week or so, The
infrastructure can be very "porous" and it's difficult for security
teams to "understand it all," Mike Lloyd, CTO of RedSeal Networks,
told eWEEK. The Journal
report highlighted "significant out-bound
holes" as it appears the infiltrators were able to "exfiltrate"
the data they found, Lloyd said. Most organizations build some defenses against
in-bound attacks, but very few effectively know how to control out-bound
traffic, he said.
need to have technology and policies in place to detect outbound network
traffic, detect data leakage and use the right forensics to lock down problems,
according to Pack.
Sources told The Journal
that at least one of the
perpetrators in the group is suspected of having ties to the Chinese government
in Beijing. The Chinese Embassy in Washington told The Journal
that the allegations were "irresponsible."
There has been
a lot of discussion recently in security circles about cyber-war, but this kind
of incident against American organizations is a form of "silent global
economic cold war" that has already been occurring for some time, Anup
Ghosh, founder and CEO of Invincea, told eWEEK
Key research and intellectual property are being "systematically
hoovered" by China, Ghosh said, adding that nations such as China are
"amassing trade secrets to build their own economies on the back of our
events are becoming a lot like car alarms, common to the point that they simply
annoy and are ignored, yet it continues to be an issue that we as a nation
ignore at our own peril," Ghosh said.
It is possible
that the evidence is circumstantial and China may not be involved, Andrew
Storms, director of security operations at nCircle, told eWEEK
. "There sure is a lot of circumstantial evidence
though," he said.
there were reports that Chinese agents had breached and taken control of U.S. government satellites
on four occasions
between 2007 and 2008. There was no proof to tie the Chinese government to
these incidents, but what happened was "consistent" with known
cyber-war techniques the Chinese have used, according to a congressional report.