The Wall Street Journal published a story today that is no doubt causing consternation in many US businesses today. According to the story, a hacking group based in China was able to fully penetrate the U.S. Chamber of Commerce's computer systems in November 2009, if not before. The intrusion, in which administrator level passwords were stolen, was not discovered until May 2010 by the US Federal Bureau of Investigation (FBI). The FBI immediately informed the Chamber, at which time the Chamber began to take measures to close off the intrusion. The WSJ says that all the Chamber's systems may not be completed secure even now.
The U.S. Chamber of Commerce says on its web site that it is "... the world’s largest business federation representing the interests of more than 3 million businesses of all sizes, sectors, and regions, as well as state and local chambers and industry associations."
The WSJ article says that the hacking appeared to target information related to Asian policy matters, as well as other types of financial information related to Chamber activities. The story states that:
"The intruders used tools that allowed them to search for key words across a range of documents on the Chamber's network, including searches for financial and budget information, according to the person familiar with the investigation. The investigation didn't determine whether the hackers had taken the documents turned up in the searches."
The intruders also left multiple back doors into the Chamber's IT systems in case the intrusion was discovered. Some 50 of the Chamber's members and at least 4 of its employees email accounts are known to have been compromised. There is a worry that these email accounts were used to send phish to other Chamber members or associates as a way to break into these members' IT systems as well. The speculation is that the Chamber's system was itself likely compromised through a phishing email to one of its employees.
The Chinese government said it was not involved in the hack attack at all, although the WSJ says that U.S. officials suspect that the hackers "... of having ties to the Chinese government." One indication is that the hackers tended to keep regular business hours. The WSJ story stated that:
"The Chamber moved to shut down the hacking operation by unplugging and destroying some computers and overhauling its security system. The security revamp was timed for a 36-hour period over one weekend when the hackers, who kept regular working hours, were expected to be off duty."
The WSJ also says that the Chamber suspects that it hasn't fully ridden itself of the intruders, given what it continues to experience. For instance,
"A thermostat at a town house the Chamber owns on Capitol Hill at one point was communicating with an Internet address in China, [the Chamber said], and, in March, a printer used by Chamber executives spontaneously started printing pages with Chinese characters."
Why the Chamber of Commerce decided to keep the information of the intrusion quiet for the past 18 months wasn't explained in the WSJ article, and I am sure many of the Chamber's members are most unhappy to be hearing about this for the first time via the press. The Chamber's web site has no press release response to the WSJ article, which I find interesting.
The news also kind of makes you wonder who else has been successfully hacked, but isn't publicly owning up to it either.