China-based hackers rifled the computer networks of the U.S. Chamber of Commerce, stealing a large amount of confidential e-mails and documents in what a person familiar with the investigation described as a major security breach of the largest U.S. business lobbying group.
The attack, which occurred in 2010, is part of a recent wave of China-based espionage directed at U.S. companies, business associations and lobbying groups involved in trade policy associated with China, according to the person, who declined to be identified because the matter isn’t public.
In November, the National Association of Manufacturers was attacked by hackers who targeted the computers of four executives who regularly communicate with members of Congress on trade policy.
An initial security review suggested that the ultimate target may have been the chief executive officers of NAM member companies, which include large U.S. manufacturing firms doing business in China, according to Jeff Colburn, NAM’s vice president of information technology.
The Chamber yesterday said communications with less than 50 of its members were affected by the attack and that the organization has undertaken a lengthy investigation. Though the members were notified, the Chamber said it hasn’t seen evidence of harm to the organization or its members.
Chamber officials said they became aware of the intrusion when they were notified by federal law enforcement authorities, who have the ability to track data between victims’ networks the hackers’ command-and-control servers.
The attack on the Chamber of Commerce was reported earlier by the Wall Street Journal.
The National Association of Manufacturers was targeted on Nov. 10 using sophisticated spyware embedded in an e-mail sent to the organization’s lobbyists and executives. The forged e- mail purported to be from a political reporter working for Bloomberg News. The e-mail message concerned a purported story about salaries the officials had earned at Capitol Hill jobs.
An attachment contained spyware designed to download onto the association’s networks and steal e-mails, confidential documents and other information.
An analysis by SpiderLabs, the Chicago-based security division of Trustwave Corp., showed the spyware was developed on a computer with a Chinese-language keyboard. The spyware has been used in other espionage campaigns by China-based hackers, according to Dell SecureWorks, the Atlanta-based security firm.
It is unclear whether the attack had been successful and what, if any, information was accessed, Colburn said. A thorough security review was under way, he said.
“We’re just so ill-equipped for this,” Colburn said, referring to the sophistication of the attackers, who used the name of a real reporter and crafted a query that would be typical of the back-and-forth between the organization and Washington reporters. “We’re taking the standard road to protect against kiddie attacks or phishing stuff from unsophisticated, random attackers.”
Among the e-mails’ targets was a senior vice president who works on U.S. trade policy for the organization.
To contact the reporters on this story: Michael Riley in New York at email@example.com;
To contact the editor responsible for this story: Michael Hytha at firstname.lastname@example.org.