The Wall Street Journal reports today, that a group of hackers from China have compromised the U.S. Chamber of Commerce computer systems. According to the report, the hackers had complete access to their systems including all information stored on the three million members of the organization. The U.S. Chamber is a lobbying organization whose stated purpose it to “fight for free enterprise before Congress, the White House, regulatory agencies, the courts, the court of public opinion, and governments around the world”.
The FBI tipped the Chamber back in May of 2010 and the issue was dealt with quietly according to the WSJ source. It is thought that the compromise was made possible through a tactic called “spearphishing”. Basically, the hacker targets an individual and tries to get them to open up a link or document which contains spyware. Once the spyware gets a foothold in the computer network, it is designed to sniff out user accounts and passwords and send them to the hackers so that they can gain further access into the computer networks.
The extent of what was stolen isn’t fully known. It appears that the breach could have lasted more than a year before being discovered. WSJ sources say that hackers focused mainly on four employees who worked on Asia policy. It is also thought that one of the hackers might have ties to the Chinese government. Geng Shuang, spokesman for the Chinese embassy, said the accusation “lacks proof and evidence and is irresponsible”.
Are there lessons to be learned from this breach? Without fully knowing the facts of the situation it is hard for me to say, but I believe it is important for businesses to realize that there is a very real and hidden danger lurking out there on the web. Our world is interconnected and companies, as well as governments, all over the world are looking for intelligence. It may be for political reasons or simply could be to gain competitive advantage in the marketplace. Whatever the reason, businesses, even small ones, need to place priority on computer security. This is especially true if you electronically store information on your customers such as credit cards and the like.