Welcome Guest. | Log In | Register | Membership Benefits
  • |   Email this page E-mail
  • |  Print Print
  • |   Bookmark and Share

U.S. Chamber Of Commerce Hit By Chinese Cyberspies

Targeted attack against the nation's business lobbying organization zeroed in on Asian policy intelligence, according to The Wall Street Journal

Dec 21, 2011 | 03:14 PM | 

By Kelly Jackson Higgins
Dark Reading
The latest casualty in China's alleged cyberespionage campaign against U.S. interests? The U.S. Chamber of Commerce.

Information on the Chamber's 3 million members representing most of the top companies in the U.S. was potentially exposed in a targeted attack that might have been in operation for more than a year and was eventually halted by the Chamber in May 2010, according to a report today inThe Wall Street Journal.

The Chamber poses an attractive target for spies with its corporate membership representing U.S. business interests, so it's no surprise it would be in the bull's eye of so-called advanced persistent threat (APT) actors, security experts say.

"It doesn't surprise me at all," says Jeff Schmidt, founder and CEO of JAS Global Advisors. "It's an amalgamation of American businesses: What better place [for these attackers] to go than the U.S. Chamber?"

What was most striking about this attack was evidence that the perpetrators specifically went after four employees of the lobbying organization who work on Asia policy, pilfering six weeks' worth of their emails. The six-month long campaign involved some 300 IP addresses and compromised email of close to 50 members, who were told about the breach. Among the information exposed in the emails were trade policy documents, meeting notes, trip reports, schedules, and the names of members who are in contact with the Chamber, according to the article.

The Chamber's Asian group, among other things, helps U.S. businesses conduct business in China and Hong Kong. "That would be incredibly valuable information from a strategic perspective," says Anthony Bargar, executive vice president of cybersecurity solutions for Foreground Security. "It's not only what data was stolen [here], but we should not discount what [may have been] manipulated to steer companies into China."

And it's unclear whether the attackers were truly government agents or possibly Chinese businesses going after potential competitors, he says.

The FBI reportedly informed the Chamber that servers based in China were stealing data from the organization, and U.S. officials say the attacks were waged by a group with ties to the Chinese government. The attackers might have been inside the network for more than a year, according to the report. Chinese officials denied any wrongdoing, stating that cyberattacks are illegal in China and that its country is a victim of such attacks.

[Security consultants and the feds are tracking a dozen groups responsible for advanced threats -- all out of China. See Dastardly Dozen: A Few APT Groups Carry Out Most Attacks.]

Given the number of potential victims affected by the Chamber hack, what was surprising was that word of the attack didn't leak publicly until now, experts say. APT-type attacks such as this one are characteristically stealthy and unrelenting, often going on for long periods of time before the victims discover them, if at all.

The Chamber's attackers appear to have infiltrated its network starting at the latest in November 2009, according to the report. Like a typical APT, they took pains to hide their tracks and set up multiple backdoors with which to come and go and regularly siphon information to their computers in China. The attack was shut down after the Chamber shut down and destroyed some of its computers and then did a major security makeover.

David Chavern, chief operating officer of the Chamber, told The Journal that the attack appeared to be highly sophisticated. "What was unusual about it was that this was clearly somebody very sophisticated, who knew exactly who we are and who targeted specific people and used sophisticated tools to try to gather intelligence," he said. Even so, the Chamber says there has been no sign of any fallout or damage to the lobbying organization or its membership.

Joe Gottlieb, president and CEO of Sensage, says the attack demonstrates how these types of attackers are becoming more sophisticated. "This attack demonstrated a new level of sophistication in numerous dimensions. The hackers were able to choose the targeted organization -- the U.S. Chamber of Commerce. They were able to choose the people within that organization that mattered to them -- the individuals known to be working on Asia policy," he says. "They were able to obtain all email content, including attachments, exchanged between these individuals and other organizations, several of which must have been relevant to the matters of interest." Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.



Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dark Reading encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dark Reading moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Dark Reading further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
Subscribe to RSS



Advanced Threats Reports

report Smarter, Stealthier, Sneakier Malware
Increasingly sophisticated and targeted attacks are making it more difficult for organizations to detect and defend against the latest malware. In this compendium of recent coverage from Dark Reading, you?ll get a look at some of the newest -- and most dangerous -- malware on the Web, and what you can do to stop it.

report Secure Software Development Lifecycles: Reducing Risk Throughout the App Dev Process
The application layer has long topped the attacker hit list, and we continue to hear about data breaches exploiting software vulnerabilities. Yet secure application development remains a low priority in most enterprises. In this report, we provide a blueprint for making security an integral part of the software development life cycle.

report Stuxnet Reality Check: Are You Prepared for a Similar Attack?
Stuxnet is a sophisticated, targeted weapon that proved utilities' seemingly isolated SCADA networks could be compromised, potentially disrupting energy production and distribution. In this report, we'll explain how Stuxnet penetrated Iranian nuclear facilities and propagated through their networks, and guide you in protecting against a comparable attack on your organization.

Other reports from the Advanced Threats Tech Center:

Related Content

Proactively Eliminate Risk in Software: HP Fortify Software Security Center
With business software virtually accessible from anywhere, applications now overreach standard perimeter defenses. Enterprises are finding that the effective way to secure software is by employing a Software Security Assurance (SSA) program to proactively eradicate risk.

Expert Guide to Application Security - Real-time Hybrid Analysis
Explore the next generation of hybrid security analysis - what it is, how it works, and its benefits. This white paper details how hybrid application security enables organizations to resolve critical software security issues faster and at a lower cost than any other available technology.

A Mainstay Partners Study: Does Application Security Pay?
Measuring the Business Impact of Software Security Assurance Solutions: a study of 17 organizations that implemented solutions from Fortify Software, combining industry research and benchmark analysis to identify, qualify, and quantify the full range of benefits seen from their SSA investments.

Aberdeen Benchmark Report: Securing Your Applications
Is application security actually "free?" Aberdeen's research confirms that the annual cost of application security initiatives is outweighed by the benefits. Review how all respondents, from Best-in-Class to Laggards, experienced a positive return on their annual application security investments.

White Paper: Rationalizing AppSec Using Fortify
An evaluation of Fortify's software security assurance (SSA) solutions in context of the cumulative impact of software security vulnerabilities and the investments made to address them. Read IANS' assessment and key insights from end users in real-world enterprise software development environments.