Chinese hackers lurked in the U.S. Chamber of Commerce network for six months without being detected, enjoying unrestricted access although it is unknown what information they exploited, according to a published report.
While the Chamber says it hasn't discovered any harm done to its members as a result of the hack, it seems the attackers targeted information about specific individuals, according to a report in The Wall Street Journal.
[ Prevent corporate data leaks with Roger Grimes' "Data Loss Prevention Deep Dive" PDF expert guide, only from InfoWorld. ]
MORE ON SECURITY: 2011's biggest security snafus
"What was unusual about it was that this was clearly somebody very sophisticated, who knew exactly who we are and who targeted specific people and used sophisticated tools to try to gather intelligence," Chamber's COO David Chavern told the Journal.
The Chamber says the target of the attack seemed to be four Asia-policy workers, six weeks of whose email was stolen.
Security experts regard this type of attack as an advanced persistent threat, one that uses sophisticated means to burrow into a network, stay hidden, and compromise data and the network for an extended period.
Chamber officials aren't sure when the infiltration started but estimate it lasted from November 2009 through May 2010 when it was shut down by disconnecting and destroying certain networked computers, the report says.
BACKGROUND: What is an Advanced Persistent Threat?
The attack of new ones may be ongoing, the report says. A Chamber official told the newspaper that a thermostat in a townhouse owned by the Chamber was communicating with an IP address in China and a printer spit out pages of Chinese characters, the report says.
The compromise was discovered by the FBI, which detected Chamber files on Chinese servers and notified the Chamber, according to the report. The report says Chinese officials characterize allegations of China's involvement as irresponsible and lacking proof.
The Chamber says the data of fewer than 50 of its members was compromised, and they have been notified.
Methods used by the attackers mirror those of a known group in China. Before shutting down the hackers, the Chamber observed their actions and found they had opened up a half dozen back doors they used to get in and out of the network. They also installed malware that phoned home to servers in China every week or two, the Journal report says.
The Chamber says it has beefed up network security and imposed policies that forbid employees from taking everyday laptops to certain countries, including China.
Read more about wide area network in Network World's Wide Area Network section.