Hackers in China have recently gotten attention for reportedly attempting to steal industrial technology secrets and hacking US satellites, and now a Wall Street Journal report claims Chinese citizens were discovered hacking US Chamber of Commerce in May of 2010. The first breech is believed to have occurred in November of 2009 or even earlier, giving the hackers at least six months of administrator-level access to the Chamber's network. It isn't know (or wasn't revealed) exactly how much information was stolen; the Chamber says that fewer than 50 of its members were compromised, but they also said the hackers stole at least six weeks of emails from four individuals who worked on Asia policy.
As to how the hackers got in, it sounds like a "spear phishing" attack was to blame, with targeted users clicked on fraudulent links or email attachments. The FBI found out about this breach and alerted the Chamber, which then hired outside investigators to determine the extent of the data theft. The Chamber has since overhauled its network security and prevents its employees from taking mobile devices into countries with a high infiltration risk (like China) — but there's still some strange and suspicious behavior, like a printer spontaneously printing pages of Chinese characters. At this point, the Chamber feels the best thing it can do is find breeches quickly, because it believes it's "nearly impossible" to keep hackers out entirely.
Image credit: jiazi (Flickr)
There are 21 Comments. Add yours.
They just want their money back.
Posted on Dec 21, 2011 | 12:47 PM EST reply Recommend (5) Flag actions
It seems like one thing we could do is better train our government employees to be better at detecting things like phishing attacks. You know for starters, don’t blindly trust link in emails/email attachments.
Posted on Dec 21, 2011 | 12:48 PM EST reply Recommend (3) Flag actions
Oops I meant employees dealing in government.
Posted on Dec 21, 2011 | 12:51 PM EST reply Recommend Flag actions
The US Chamber of Commerce is not a government agency, actually.
Posted on Dec 21, 2011 | 12:52 PM EST reply Recommend (2) Flag actions
Either way the staff are the actually security threat. If you’re. Ot intelligent enough to have separate email for work and personal use and to not open links from unknown origins then you shouldn’t be allowed to use the network.
Posted on Dec 21, 2011 | 1:58 PM EST reply Recommend Flag actions
For the record, the “US Chamber of Commerce” is a private lobbying group that has nothing to do with the government.
Posted on Dec 21, 2011 | 12:48 PM EST reply Recommend (9) Flag actions
A right-wing one too.
Posted on Dec 21, 2011 | 12:51 PM EST reply Recommend (2) Flag actions
Not sure how that applies to a security breach, but ok.
Posted on Dec 21, 2011 | 12:52 PM EST reply Recommend Flag actions
Until like a year ago I thought the US Chamber of Commerce was part of the government. Thank you for spreading the word.
Posted on Dec 21, 2011 | 1:26 PM EST reply Recommend (1) Flag actions
Working in a corporate environment with a lot of elderly co-workers, I’ve definitely witnessed phising attempts and those same elderly co-workers clicking those links. Employees need to be trained better!
Posted on Dec 21, 2011 | 12:50 PM EST reply Recommend Flag actions
Wouldn’t you think that the Governments would have an internal only email system or at least stripping malicious links? Seriously, I give up
Posted on Dec 21, 2011 | 12:52 PM EST via mobile reply Recommend Flag actions
The US Chamber of Commerce is not part of the US government.
Posted on Dec 21, 2011 | 1:24 PM EST reply Recommend (1) Flag actions
Plus how do you have a system that strips malicious links? You could have one that red flags emails and get rid of some. But you couldn’t make an algorithm that caught all of the bad links, because hackers would inevitably find a loophole in your algorithm.
Posted on Dec 21, 2011 | 1:30 PM EST reply Recommend (1) Flag actions
True, but at least some spam filtering would be good. I don’t know much about how America works, sorry!
Posted on Dec 21, 2011 | 8:14 PM EST via mobile reply Recommend Flag actions
This story should be edited to clarify to readers that the US government was not hacked. The US Chamber of Commerce has (for them) a fortuitous name that gives others the impression that they have American imprimatur. They don’t. They’re basically a cartel of business owners with right-wing interests.
Posted on Dec 21, 2011 | 12:53 PM EST reply Recommend (6) Flag actions
Oh really now mayor? You must be one of the hackers.
Posted on Dec 21, 2011 | 1:08 PM EST reply Recommend Flag actions
Well, he is right after all. The US Chamber is an independent nonprofit entity that secures money from businesses under the guise of advocating for small business, but actually just lobbies for big business. They have no official affiliation with the US Gov.
Posted on Dec 21, 2011 | 1:37 PM EST reply Recommend (1) Flag actions
So very very true.
That part about the printers printing Chinese characters at random truly sucks.
Posted on Dec 21, 2011 | 2:24 PM EST via mobile reply Recommend Flag actions
The clarification should be that this was not a story about the US government being hacked. I’m sure there have been attempts to hack the government agencies, and I’d be amazed if not at least a few of them have been successful.
Posted on Dec 21, 2011 | 3:11 PM EST reply Recommend Flag actions
Would be hilarious if they printed “All your base are belong to us” in Chinese.
Posted on Dec 21, 2011 | 3:09 PM EST reply Recommend Flag actions
Er, because the Chamber’s lost its pants?
Posted on Dec 22, 2011 | 1:26 AM EST reply Recommend Flag actions
Something to say? Choose one of these options to log in.