Update: Chinese hackers breached U.S. Chamber of Commerce
Attackers may have accessed data undetected for a year, says Wall Street Journal
Computerworld - Chinese hackers once broke into computers at the U.S. Chamber of Commerce and had access to everything on the organization's systems, including information on about 3 million of its members.
A Chamber of Commerce spokesman this afternoon confirmed reports that the intrusion was discovered and shut down in May 2010, about a year after the hackers gained access to the business organization's networks.
According to a report in today's Wall Street Journal, investigators have been unable to determine specifically what information may have been compromised. However, it appears that the hackers targeted four Chamber employees who worked on Asia policy, the Journal said. About six weeks' worth of email belonging to those four employees is believed to have been stolen. In total, emails belonging to about 50 members of the Chamber appear to have been stolen, the Journal reported.
The highly targeted attack appears to have been carried out by an organized group of hackers thought to be affiliated with the Chinese government. The attackers appeared to know who to target and what data to go after, according to the Chamber's chief operating officer, David Chavern. The Journal story quotes Chavern as describing the attackers and their attack methods as being very sophisticated.
The Chamber learned about the intrusion only after being informed of it by the FBI. Upon discovering the breach, the Chamber unplugged its compromised systems and even destroyed some of them as part of a systematic security overhaul. The overhaul was conducted during a 36-hour period when the hackers, who apparently were monitoring the compromised systems continuously, were on a break. It's unclear whether the hackers used their access on the Chamber's network to send booby-trapped emails to members in an effort to gain a foothold on their networks as well.
