Published December 21, 2011
WASHINGTON – A group of hackers in China breached the computer defenses of America's top business-lobbying group and gained access to everything stored on its systems, including information about its three million members, according to several people familiar with the matter.
The break-in at the U.S. Chamber of Commerce is one of the boldest known infiltrations in what has become a regular confrontation between U.S. companies and Chinese hackers. The complex operation, which involved at least 300 internet addresses, was discovered and quietly shut down in May 2010.
It isn't clear how much of the compromised data was viewed by the hackers. Chamber officials say internal investigators found evidence that hackers had focused on four Chamber employees who worked on Asia policy, and that six weeks of their email had been stolen.
It is possible the hackers had access to the network for more than a year before the breach was uncovered, according to two people familiar with the Chamber's internal investigation.
One of these people said the group behind the break-in is one that U.S. officials suspect of having ties to the Chinese government. The Chamber learned of the break-in when the FBI told the group that servers in China were stealing its information, this person said. The FBI declined to comment on the matter.
A spokesman for the Chinese Embassy in Washington, Geng Shuang, said cyberattacks are prohibited by Chinese law and China itself is a victim of attacks. He said the allegation that the attack against the Chamber originated in China "lacks proof and evidence and is irresponsible," adding that the hacking issue shouldn't be "politicized."
The Chamber moved to shut down the hacking operation by unplugging and destroying some computers and overhauling its security system. The security revamp was timed for a 36-hour period over one weekend when the hackers, who kept regular working hours, were expected to be off duty.
Damage from data theft is often difficult to assess.
People familiar with the Chamber investigation said it has been hard to determine what was taken before the incursion was discovered, or whether cyberspies used information gleaned from the Chamber to send booby-trapped emails to its members to gain a foothold in their computers, too.
Chamber officials said they scoured email known to be purloined and determined that communications with fewer than 50 of its members were compromised. They notified those members. People familiar with the investigation said the emails revealed the names of companies and key people in contact with the Chamber, as well as trade-policy documents, meeting notes, trip reports and schedules.
"What was unusual about it was that this was clearly somebody very sophisticated, who knew exactly who we are and who targeted specific people and used sophisticated tools to try to gather intelligence," said the Chamber's Chief Operating Officer David Chavern.