On Dec. 21st, 2011, Siobahn Gorman reported for the Wall Street Journal on how Chinese hackers broke into the US Chamber of Commerce computer systems.  According to the article, the operation was discovered by the FBI, and was shut down back in 2010.  No one knows how long the hackers had access, or what information they took; the Chamber keeps information about its 3 million members and trade/policy communications with individual businesses, so the hackers had access to all of that.  The hacker group that perpetrated the attack has ties to the Chinese government.

The article notes that the hackers likely infiltrated the network after a very highly specialized phising attack (likely spear-phising).  The article quoted the Chamber's Chief Operating Officer David Chavern as saying "What was unusual about it was that this was clearly somebody very sophisticated, who knew exactly who we are and who targeted specific people and used sophisticated tools to try to gather intelligence."

These phising e-mails were so highly tailored that they referenced schedules, trip reports, meeting notes, and the names of people within companies.  I remember that the Chinese attacks on Google also relied on spear-phising.  Again, the weakest link the in the cybersecurity chain is humans.  

Oh, and it get's worse.  The article mentions that the Chinese hacked a thermostat at a Chamber townhouse in DC and used it to communicate with the internet.  Moreover, the Chinese hacked a printer used by Chamber executives, and made it start "printing pages with Chinese characters."  Are they just screwing with us now? 

The source article can be found here.

***

I'm sorry if I get a bit snarky, but the extent of Chinese cyber-espionage is getting absolutely ridiculous.  I can't help but laugh every time there is a new cyberattack and the Chinese embassy is asked for comment.  Every time, the Chinese come back with the same pattern response: "China itself is a victim of cyberattacks, hacking shouldn't be politicized."  I've seen that phrase 20 or 30 times in the short span I have written for this blog.  I really had to laugh when the Chinese embassy, in response to the hacking of the Chamber, said the US "lacks proof and evidence and is irresponsible."  No, we have both proof and evidence.  And there is a certain delicious irony to the perpetrator of one of the greatest intellectual property heists in modern history calling anyone irresponsible. 

I'm getting too worked up, I'm gonna get off my soapbox and go get some eggnog. 

***

Again, we're really looking to make this blog more of a collobrative effort.  So, has your printer started printing paper that reads "China Rules!", or has your thermostat been recently hacked? Tweet to @cyberlawblog

On Dec. 21st, 2011, Siobahn Gorman reported for the Wall Street Journal on how Chinese hackers broke into the US Chamber of Commerce computer systems.  According to the article, the operation was discovered by the FBI, and was shut down back in 2010.  No one knows how long the hackers had access, or what information they took; the Chamber keeps information about its 3 million members and trade/policy communications with individual businesses, so the hackers had access to all of that.  The hacker group that perpetrated the attack has ties to the Chinese government.

The article notes that the hackers likely infiltrated the network after a very highly specialized phising attack (likely spear-phising).  The article quoted the Chamber's Chief Operating Officer David Chavern as saying "What was unusual about it was that this was clearly somebody very sophisticated, who knew exactly who we are and who targeted specific people and used sophisticated tools to try to gather intelligence."

These phising e-mails were so highly tailored that they referenced schedules, trip reports, meeting notes, and the names of people within companies.  I remember that the Chinese attacks on Google also relied on spear-phising.  Again, the weakest link the in the cybersecurity chain is humans.  

Oh, and it get's worse.  The article mentions that the Chinese hacked a thermostat at a Chamber townhouse in DC and used it to communicate with the internet.  Moreover, the Chinese hacked a printer used by Chamber executives, and made it start "printing pages with Chinese characters."  Are they just screwing with us now? 

The source article can be found here.

***

I'm sorry if I get a bit snarky, but the extent of Chinese cyber-espionage is getting absolutely ridiculous.  I can't help but laugh every time there is a new cyberattack and the Chinese embassy is asked for comment.  Every time, the Chinese come back with the same pattern response: "China itself is a victim of cyberattacks, hacking shouldn't be politicized."  I've seen that phrase 20 or 30 times in the short span I have written for this blog.  I really had to laugh when the Chinese embassy, in response to the hacking of the Chamber, said the US "lacks proof and evidence and is irresponsible."  No, we have both proof and evidence.  And there is a certain delicious irony to the perpetrator of one of the greatest intellectual property heists in modern history calling anyone irresponsible. 

I'm getting too worked up, I'm gonna get off my soapbox and go get some eggnog. 

***

Again, we're really looking to make this blog more of a collobrative effort.  So, has your printer started printing paper that reads "China Rules!", or has your thermostat been recently hacked? Tweet to @cyberlawblog