US Chamber of Commerce Breach Update

A US Chamber of Commerce spokesman has confirmed that hackers based in China broke into the Chamber’s computers and had access to the organization’s systems, including information on about 3 million of its members for over a year.  The intrusion was discovered and reported to the Chamber by the FBI, and was shut down in May 2010.

According to a report in the Wall Street Journal, investigators have been unable to determine exactly what information was compromised, however, it appears that four particular Chamber employees who worked on Asia policy were targeted.  Several weeks’ worth of about 50 members of the Chamber are believed to have been stolen.

The attack appears to have been carried out by an organized group of hackers affiliated with the Chinese government.  The attackers seemed to have specific information targets in their sights, and pursued specific types of data.  The Journal story identifies the attackers and their attack methods as being very sophisticated.

hackers had implemented at least six back doors into compromised systems to ensure that they maintained unfettered access to the compromised network.  Upon learning about the breach from the FBI, the Chamber unplugged and destroyed some of their systems as part of their response.  Attacks such as this are becoming commonplace events.  Over the past few years, many government entities, military facilities, and related businesses have fallen victim to hackers, stealing intellectual property and military secrets. Chinai s often cited as the source or sponsor of the attacks.

Chinese officials have always denied the accusations, and claim that there is a lack of evidence to support those claims.  The Journal quotes a spokesman from the Chinese embassy in Washington as saying that cyber-attacks are prohibited under Chinese law and that China is often the victim of similar attacks.