Chinese Hackers Used 'Spear Phishing' To Attack U.S. Chamber Of Commerce
As hackers from China snooped around the computer system of the U.S. Chamber of Commerce last year, many Chamber employees started receiving a dramatic uptick of spam emails.
The messages, which tried to entice recipients to click on malicious links, appeared to be coming from known Chamber employees. But their Yahoo and Hotmail addresses had been hijacked by hackers, according to a former employee, who spoke on condition of anonymity.
"A few people did click on them," the former employee said in an interview with The Huffington Post.
After the hackers were caught in May 2010, the Chamber made massive upgrades to its network security, including installing a new spam filter on staff email accounts; giving encryption keys that generated new passwords every 30 seconds to employees working remotely; and banning employees traveling to China from bringing laptops, the former employee said.
The employee's account confirms and sheds new light on a Wednesday story in the Wall Street Journal that reported hackers in China broke into the computer network of the U.S. Chamber of Commerce, gaining access to documents and communications with its 3 million members.
The incident, which went unnoticed for at least six months, marks yet another high-profile security breach linked to hackers in China.
By accessing those employees' emails, the hackers "would have a pretty good idea of who is driving policies in Asia and which companies the Chamber was regularly interacting with," the former employee told the Huffington Post.
It remains unclear how the hackers accessed the Chamber's system or what information was pilfered. But the former employee's account points to a technique that security experts call "spear phishing." The method involves hackers sending emails that appear as trusted sources in an effort to trick recipients into clicking on malicious links. After recipients clicks on the link, hackers can gain unauthorized access to confidential data on their computers.
While the Chamber does not typically communicate with its members about intellectual property, the hackers would still have found value by infiltrating the Chamber's computer system by leveraging that access to penetrate the networks of its members, experts say.
"It's not about the Chamber; it's about whom they touch," said Tom Kellermann, chief technology officer of mobile security company AirPatrol Corp. "The hackers were trying to tap into the systems of the Chamber's constituencies."
After the hackers were caught, Stan Harrell, the Chamber's Chief Information Officer, told employees that investigators watched the hackers "snoop around the system," where they were "more or less looking around, prying for information," the former employee said.
The hackers who breached the Chamber appear to be among a group of a dozen hacker groups in China connected to China's People's Liberation Army that security experts say are responsible for the majority of cyber-spying, according to the Journal.
China has repeatedly denied sponsoring hacking, despite increasingly blunt accusations from U.S. corporations and government officials.
In August the security firm McAfee revealed a massive spying operation with more than 70 targets in 14 countries that experts claimed originated in Beijing. In October, hackers, potentially from China, were able to disrupt U.S. satellites through a Norwegian ground station connected to the Internet, according to a draft of the annual report by the U.S.-China Economic and Security Review Commission. And a November report by U.S. intelligence officials said the Chinese government was aggressively stealing American military, technology and economic secrets by hacking into U.S. computer networks.
"Chinese actors are the world's most active and persistent perpetrators of economic espionage," according to the report by the Office of the National Counterintelligence Executive, which collected the assessments of 14 American intelligence agencies.