The investigation into the break-in by hackers to the U.S. Chamber of Commerce's servers has revealed a prolonged attack, targeting specific persons in charge of Asia policies, which was ongoing for several months before being discovered, according to sources familiar with the matter speaking to the Wall Street Journal.
Internal investigators found that at least 300 internet addresses were involved and that the hackers even kept regular working hours. Hardware affected by the intrusions were moved offline or destroyed in May 2010 during a 36-hour window in which they knew the hackers would be offline. The Chamber used this time to overhaul its security system and finish the removal of items compromised. Multiple back-door entries were found into the servers, as well as mechanisms that "quietly" communicated with servers in China.
Exactly what was stolen is largely unclear. The investigation revealed that the infiltrators targeted four specific people and that six weeks' worth of emails had been stolen. The official stance is less than 50 employees were affected in total, but with the deep level of access they had over such a long period it is quite possible that a considerable number of documents within the government organization have been seen, copied or stolen.
David Chavern, the Chamber's COO commented, "what was unusual about it was that this was clearly somebody very sophisticated, who knew exactly who we are and who targeted specific people and used sophisticated tools to try to gather intelligence." The American lobbying group was first made aware of the breach after the FBI notified them that servers located in China were stealing their data.
The FBI has denied further requests for information.
According to the Wall Street Journal, two people aware of the Chamber of Commerce's investigation said it is possible the attackers had access for over a year before anyone realised they had been compromised. "One of these people said the group behind the break-in is one that U.S. officials suspect of having ties to the Chinese government," they said.
In response to the news, Geng Shuang, a spokesperson for the Chinese embassy in Washington released a statement saying the allegations lacked proof, evidence and were irresponsible, adding that Chinese law forbids hacking and the country is a victim of attacks as well.
This year has certainly seen a huge increase in attacks originating from China. It was revealed at the beginning of December that China could be leveraging electronics exports to spy on the U.S. as well as recent report published by the Office of the National Counterintelligence Executive which systematically accused both China and Russia of cyber-espionage.