Forgot your password?
typodupeerror
China Security

US Chamber of Commerce Infiltrated By Chinese Hackers 173

Posted by Unknown Lamer
from the security-through-insecurity dept.
SpzToid writes "The Wall Street Journal is now reporting that a group of hackers in China breached the computer defenses of the United States Chamber of Commerce. The intrusion was quietly shut down in May 2010, while FBI investigations continue. 'A spokesman for the Chinese Embassy in Washington, Geng Shuang, said cyberattacks are prohibited by Chinese law and China itself is a victim of attacks. ... Still, the Chamber continues to see suspicious activity, they say. A thermostat at a town house the Chamber owns on Capitol Hill at one point was communicating with an Internet address in China, they say, and, in March, a printer used by Chamber executives spontaneously started printing pages with Chinese characters.'" According the article, the group "gained access to everything stored on its systems" and may have "had access to the network for more than a year before the breach was uncovered."
This discussion has been archived. No new comments can be posted.

US Chamber of Commerce Infiltrated By Chinese Hackers

Comments Filter:
  • errr (Score:2, Funny)

    by Anonymous Coward

    a printer used by Chamber executives spontaneously started printing pages with Chinese characters.'"

    Did you try switching it off then back on again?

    • Re:errr (Score:5, Insightful)

      by Artea (2527062) on Wednesday December 21, 2011 @10:00AM (#38447676)
      Somehow I suspect these "Chinese characters" were just random ASCII characters you tend to see when a client with a corrupt printer driver tries to print. When some security official comes around asking about anything suspicious, John Executive takes to opportunity to jump up and do his part for national security!
      • Corrupt printer driver? Have you ever tried to stop a printer from printing a page?
      • My ribbon printer (Image writer 2) for my old old Apple Mac used to do that when you asked it to print draft. Never figured out why, but now you make me think of it, it seems like the right reason.

      • I used to get a lot of calls that one of our four LaserJet 4250's was "printing in Chinese" again. Most of the characters were simple ASCII squares, arrows, smiley faces, etc... not even a resemblance to Chinese but that's what people called it since it didn't use the standard English alphabet.
        • by Talderas (1212466)

          I have a printer driver that doesn't play nice with Firefox. The printer can't properly recognize the fonts used by Firefox so it prints out garbage characters. Now if I tell the printer to download the fonts rather than using embedded fonts it works just fine. Everyone would call the garbage characters Chinese.

        • I think that faux Chinese is what some people refer to as "moonspeak". Correct me if I'm wrong here.
      • Re: (Score:2, Funny)

        by Anonymous Coward

        Yeah, that part of the summary amused me. It's as if the following took place somewhere in China:

        Good work, now print out that data you've discovered.
        Yes sir... it should be on the printer now.
        There's nothing here, what printer did you send it to?
        Doh!!!!

      • Re:errr (Score:4, Funny)

        by Synerg1y (2169962) on Wednesday December 21, 2011 @12:06PM (#38449468)

        The hackers wanted to damage the US physically by using precious toner and paper as well as wearing down the printer parts.

      • Investigators are not that naive.

        • That depends on which investigators you are referring to..

          • I've worked in the field. With the basic principles of investigation, oversight, and review, it is nigh impossible for the suggested conclusion to be drawn. There are far too many checks to the system.

    • by g0bshiTe (596213)
      I'd say install the proper drivers and stop using the PostScript drivers. PS drivers tend to do that with excel spreadsheets.
    • by trum4n (982031)
      Or maybe translating the page it yielded?
    • Re: (Score:3, Funny)

      by Megane (129182)

      I remember back around '04 or so, there was a virus that wanted to spread itself via SMB shares. If it managed to contact a printer, it somehow thought it was a file share and tried to copy its code over. This would result in hundreds of pages (thank you HP for form feed support in whatever printer language this was) being printed with a few garbage characters on each page. One printer actually wore out some rollers from having to do this.

      But yeah, your average ID-10T couldn't identify a Chinese character

    • by anonymov (1768712)

      Maybe it actually printed Quotations from Chairman Mao, or "AHAHAHA, WHITE DEVILS ARE STUPID! PWNED BY LI MING" repeatedly?

      Actually, there are a lot of anecdotes along the lines of "Found unsecured printer on the internet, told it to print War and Peace. 10 times."

  • by Anonymous Coward on Wednesday December 21, 2011 @10:03AM (#38447708)

    a printer used by Chamber executives spontaneously started printing pages with Chinese characters.

    Finally we've tracked down that bad printer driver to China.

    • by couchslug (175151)

      "Finally we've tracked down that bad printer driver to China."

      It can't be in China. The printer is an HP and their software is too bloated to fit.

    • by AmiMoJo (196126)

      It's kinda worrying when people see Chinese characters coming out of a printer and assume it is due to hacking. Maybe they have some staff who can speak Chinese, or even Japanese or Korean (because what are the chances they can tell the difference)?

      Since there is no translation given of the text printed I'm going to have to invoke the "pics or it didn't happen" defence.

  • Idiots. (Score:1, Insightful)

    by unity100 (970058)
    Well deserved. Any organization that handles sensitive data, but puts even thermostats to internet as controllable online, deserve hacking.

    Dont blame chinese. the hackers could as well be kiddies. Hell, it could as well be a random bot mistakenly and randomly gaining entry. Since the level of stupidity is as high as to put thermostats online as controllable from internet, go figure how did they treat rest of the network.
    • Re:Idiots. (Score:5, Insightful)

      by whargoul (932206) on Wednesday December 21, 2011 @10:25AM (#38447990) Homepage
      You're sound like the type that would blame the homeowner for keeping their doors unlocked instead of the intruder for going in without permission.
      • Re:Idiots. (Score:5, Insightful)

        by VortexCortex (1117377) <VortexCortexNO@S ... t-retrograde.com> on Wednesday December 21, 2011 @11:36AM (#38448998) Homepage
        As such a home owner, I would blame myself for leaving the door unlocked.
        However, I would blame the intruder for getting shot, or mauled by my two pit bull terriers.
        • Re: (Score:2, Funny)

          by Anonymous Coward

          Getting shot by your two put bull terriers?

          That sounds like the best home defense system ever.

      • by swalve (1980968)
        There is plenty of blame to go around. I would expect that a non-moron LAN admin would make sure the thermostats can't see or be seen from the exterior of the LAN.
      • by KhabaLox (1906148)

        Attractive Nuisance. [wikipedia.org]

        If you have a honeypot you know the script kiddies will want to play in, you should protect it.

        • The only relation between Attractive Nuisance and this thread is the word "Attractive". The summary is talking about something happening to your stuff because someone messed with it, "attractive nuisance" is something happening to a child because they didn't know better (nothing to do with damage to your stuff).
          • by KhabaLox (1906148)

            A good lawyer could make the connection. True, a better case could be made if the script kiddie contracted a virus while crawling around your system.

      • From my end, he sounds more like the type that would blame a homeowner that would put up a sign on his front door that says, "Door unlocked; combination to safe with valuables is ... . On vacation until ..."

      • You're sound like the type that would blame the homeowner for keeping their doors unlocked instead of the intruder for going in without permission.

        Blame? Nope. Call a retard? Abso-fucking-lutely.

        I have a good friend that lives out in the sticks, he used to brag all the time to us city folk how he left his doors unlocked routinely because it was just so much safer out there and how we were all suckers for living 'like prisoners' in the crime-infested city. Then one day he forgot to shut his garage door and half the shit in there walked away, thousands of dollars worth of tools, exercise equipment, and other crap. Boy did we have a laugh at his exp

      • It is more like blaming the houseowner for putting handles on the doors, since these faciliate entry.

      • by anonymov (1768712)

        Home owner? You mean bank owner. In both cases thief get the blame, but in the second, owner deserves his share as well.

        Your analogy would work for "$some_random_person mail account was hacked" - and you'll notice there's usually just expected schadenfreude and "I've got same combination on my luggage!" jokes, but no blame assigned to the owner in that case.

      • by couchslug (175151)

        Blaming the intruder for their choice to exploit the CHOICE of the homeowner to be vulnerable is appropriate, but the homeowner still CHOSE vulnerability.

        We live in a bad fucking world, and if you don't prepare accordingly that indicates you are stupid.

    • by plover (150551) *

      You're making a lot of assumptions here based on very thin statements above, and I wouldn't arrive at the same conclusion. The report is only that the thermostat is communicating with a Chinese address. It doesn't say the thermostat was or wasn't behind a firewall. It doesn't say the origins of the sessions with a Chinese server originated from China. It doesn't say they hacked into the thermostat from outside. It doesn't say the thermostat is even available via external access -- IP might just be the

  • by overshoot (39700) on Wednesday December 21, 2011 @10:05AM (#38447750)
    The US Chamber of Commerce is a lobbying organization -- it's not like they have Industrial Super Secrets. Besides, a high proportion of their clients are Chinese anyway and presumably have pretty good access to the organization already.
    • by FriendlyLurker (50431) on Wednesday December 21, 2011 @10:47AM (#38448282)

      The US Chamber of Commerce is a lobbying organization -- it's not like they have Industrial Super Secrets. Besides, a high proportion of their clients are Chinese anyway and presumably have pretty good access to the organization already.

      True, The Chamber Of commerce also hacks anyone [thinkprogress.org] who criticizes their illegal and immoral behaviour [nytimes.com]. HBGary Federal payback [salon.com] perhaps?

      • by jythie (914043)
        Yeah, but it is only 'hacking' when there is no profit involved... so what they did is considered 'ok'.
    • by mark_elf (2009518)

      They are a very influential lobbying organization. A lot of what they hand congressmen (in paper bags full of money) turns directly into policy and law. Intelligence on economic policy is extremely vital, so their emails and whatnot would absolutely be worth reading by the Chinese government.

      Maybe not kiddies this time.

  • by lexman098 (1983842) on Wednesday December 21, 2011 @10:12AM (#38447814)
    I'd just like to take this opportunity to point out how insidious it is to purposely label a highly partisan think tank with a name that is obviously meant to seem like a legit government agency.
    • Re: (Score:2, Informative)

      by Anonymous Coward

      I'm sorry I don't have mod points today or you would get a +1 informative from me. Most non-Americans don't know that small "detail".

    • Re: (Score:2, Funny)

      by Anonymous Coward

      "Think tank" is a bit generous, don't you think? "Bribery factory" is more like it.

    • Thank you. I was uninformed. Sadly, I'm not surprised.
    • by JWW (79176) on Wednesday December 21, 2011 @11:05AM (#38448546)

      Legit government agency?

      Most cities of any reasonable size at all have Chamber of Commerce organizations. These are always made up of groups of businesses that belong to the private Chamber organization. Sure they work with government in their municipalities, but they are private organizations.

      The name US Chamber of Commerce strikes me as being a national incarnation of the local concept. As such, I don't think its name construes that its a government group.

      • by Anonymous Coward

        The local chambers are non-profit entities whose purpose is promoting local businesses.

        The US Chamber of Commerce is not this type of organization, nor is it affiliated with them in any way, but it has been intentionally named to mislead you into thinking it is.

        • The local chambers are non-profit entities whose purpose is promoting local businesses.

          That's one purpose, and it depends on how you define "promote". They also have other purposes, such as local-level lobbying to influence zoning boards, municipal regulations, etc.

          Where I grew up, they were also active in promoting unregulated capitalism (they called it free-market, though it isn't in the economic sense of the term free-market) in the schools. It's "funny" that they (local Chambers) sponsored programmin

        • by DavidTC (10147)

          The local Chambers also have a political agenda that isn't always perfect.

          But local Chambers of Commerce don't run around bribing politicians and working together to make sure that it's perfectly acceptable to send millions of jobs overseas and that they're allowed to sell whatever shitty lead-painted stuff China produces and that no regulation of any sort should exist, ever.

          Business in local Chambers of Commerce can't run around trying to set Federal or even State regulation of stuff, or screw around wit

    • Where did you grow up, such that you're utterly unaware of local Chambers of Commerce that are clearly non-governmental?

      Seriously, they're in every town around here, and they're always running some booth at a fair or some charity event.

      It's been well known to me, for years, that the local chamber of commerce is comprised of local business owners. I'm honestly not sure how anyone could be confused about the non-governmental status of any level of CoC.

      • by bill_mcgonigle (4333) * on Wednesday December 21, 2011 @12:59PM (#38450130) Homepage Journal

        It's been well known to me, for years, that the local chamber of commerce is comprised of local business owners. I'm honestly not sure how anyone could be confused about the non-governmental status of any level of CoC.

        Right - I think the more insidious aspect of the name "US Chamber of Commerce" is that it implies for many a parent organization to the local chambers of commerce.

        Which isn't true - they're a nasty lobbying organization that happened to pick a name that borders on fraudulent misappropriation of mark. The local chambers have had to pend the past 5 years or so telling their communities, "no, that's not us."

        • by DavidTC (10147)

          The problem is, there's no 'mark' per se. Chambers of Commerce are not any sort of collective. They're just completely-seperate NPOs started by local business owners. In fact, nothing stops people from starting a competing one to existing CoCs. (Although they're kind of pointless if many businesses do not join.)

          There are a few national networks that let CoCs stay in touch (In addition to the direct connections they usually develop to nearby ones.), and the 'US Chamber of Commerce' does indeed operate as on

  • Thank you China (Score:4, Insightful)

    by Anonymous Coward on Wednesday December 21, 2011 @10:12AM (#38447820)

    Do you think China will be willing to shut down the rest of our lobbies for us too? Then we maybe able to accomplish something in government.

  • Don't be confused (Score:5, Insightful)

    by minderaser (28934) <{ed.llehseerf} {ta} {resarednim}> on Wednesday December 21, 2011 @10:13AM (#38447842)

    The US Chamber of Commerce is a LOBBYING organization (y'know, some of the folks behind SOPA and other crap) and is NOT the US Department of Commerce, the cabinet department that (supposedly) promotes economic growth.

    I'm having trouble feeling bad or worried about this.

    • ....I would declare the Chinese to be American heroes, should they wish to blow up the US Chamber of Commerce. Also, any and all Fox, CNN and NPR stations.
  • by germansausage (682057) on Wednesday December 21, 2011 @10:14AM (#38447846)
    "A thermostat at a town house the Chamber owns on Capitol Hill at one point was communicating with an Internet address in China".

    Hey Larry, does it seem a little warm in here today?

    Yeah, it is kinda warm.

    Oh my God! We've been hacked by the Chinese!!!
    • by alphred (1920232)
      It was trying to phone home for additional instructions. Don't they all do that?
    • by Anonymous Coward

      You do realize they could attack the thermostat in the White House and get Obama to catch pneumonia?

    • Online home thermostat like have little security any ways or some one just left it on the default password. Hell maybe even they have a open wifi with no password or have it on WEP that is very easy to hack.

    • Pretty sure that was what General Curtis Goatheart told his wife when he determined their eggs were really an alien attack.
      But that is beside the point.
      What are the chances that all of those made in China net enabled thermostats have a default password and a default 'phone home' to a Chinese address?
      Sure a default non routable address would be appropriate but that too is another issue for several manufacturers.

    • by AmiMoJo (196126)

      The first thing I'd do if I wanted to have some lulz playing with their thermostat is find a proxy in China.

      Presumably the first thing any serious government sponsored Chinese hacker would do is find an overseas proxy to work from. If this stuff even happened it was probably just script kiddies or people searching for accessible control pages on Google. Seriously, if you type in the title of any common CCTV control software's web interface you will find thousands of unprotected cameras to watch and even con

  • by tekrat (242117) on Wednesday December 21, 2011 @10:16AM (#38447878) Homepage Journal

    It's a lobbying group for businesses. Therefore, the Chinese can hack away all they want with my blessing. No harm done.

    In fact, considering the harm brought onto US citizens by the Chamber of Commerce, the more damage done to them by the Chinese, the better it is for American citizens.

  • Tripe (Score:3, Interesting)

    by qualityassurancedept (2469696) on Wednesday December 21, 2011 @10:18AM (#38447910) Journal
    This story is ridiculous. It's not like the US Chamber of commerce does anything meaningful at all other than lobby for no taxes. Anyway, does anyone doubt that the NSA and CIA also hack into foreign servers and desktops to steal corporate data? I am sure that back when the Russians were developing MiG fighters the US "hacked" into their computers and stole all the blueprints or if they didn't, they would... and Boeing was/is the beneficiary of that. So honestly gimme a break. Why wouldn't the chinese develop their ability to attack american tech infrastructure? Since the US and China is probably going to go to war over Taiwan within 50 years, and the US will be attacking from the sea with Drones while a million chinese try to literally row their way over from the mainland, I think their best strategy is to learn to disable the American computer systems somehow.
    • Hacking into the Chamber of Commerce would let you know which government officials had shown themselves open to graft and bribery to sell out their constituents.

      This is useful information for a foreign power to have.

      Why hack the government, when you can hack the ones who really control the government?

    • by HungWeiLo (250320)

      At least 5%-10% of Taiwanese now live and work in China. With close economic ties like this, your US/China war scenario is pretty darn near impossible.

      They're not anything even remotely close to North and South Korea.

  • The Obvious (Score:5, Insightful)

    by TheSpoom (715771) <slashdot.uberm00@net> on Wednesday December 21, 2011 @10:21AM (#38447942) Homepage Journal

    A thermostat at a town house the Chamber owns on Capitol Hill at one point was communicating with an Internet address in China

    What the fuck is a thermostat doing being accessible from the internet?

    • by g0bshiTe (596213)
      That's not the point, the point is that they can now use it's webcam to snap compromising photos of them.
    • Also, to be fair, anything given a public IP address will be communicating with an Internet address in China before long.

    • by tomhath (637240)
      Once their servers were compromised it's hard to tell what all was communicating with China, probably every device on the LAN (since the thermostat and printers were almost certainly made in China to begin with). Chinese probably went through a proxy too, sounds like it took a while to sort out what all was happening.
    • A thermostat at a town house the Chamber owns on Capitol Hill at one point was communicating with an Internet address in China

      What the fuck is a thermostat doing being accessible from the internet?

      I know. Don't they secure these things using NAT?

  • Seems to me it's more likely to be various Chinese teenage hackers.

    The professionals are smart enough to realize that IP addresses from China are readily noticed.

    • I'm sure they've heard of proxies. That is how one gets around the Great Firewall, after all. I'm not sure they really care to keep their tracks covered. When you air videos of yourself doing a denial-of-service attack, using publicly available tools, on state TV OpSec is probably not your highest priority.

      Their highest priority seems to be annoying influential people, who will then complain to the media. The media being technical doofuses breathlessly report that the Chinese Military owned Important Americ

    • The professionals are smart enough to realize that IP addresses from China are readily noticed.

      ...and just as readily written off as "dirty Chinese hackers!" instead of being investigated.

    • by P-niiice (1703362)
      I doubt the certainty of that. Anyone smart enough to hack a thermostat is smart enough to use proxies before doing so.
  • by Anonymous Meoward (665631) on Wednesday December 21, 2011 @10:29AM (#38448034)

    To The Hackers This May Concern:

    On behalf of all American citizens who understand the poisonous effects of lobbying on American democracy and society, I would like to thank you for your hard work. The US Chamber of Commerce is not a government agency, but may as well be so for all intents and purposes. It lobbies our elected officials to adopt policies that favor only big business, with the misguided belief that only laissez-faire capitalism will improve the American way of life. Nothing is further from the truth.

    In short, you're doing us a favor.

    If it's not too much to ask, could you please submit your findings to Wikileaks, or just post them on a publicly accessible blog? I think more of my countrymen should know about the inner workings of this nefarious herd of swine, and their attempts to sell naked greed as enlightened self-interest.

    May we also interest you in targeting other groups, such as "The Club for Growth", "Americans for Prosperity", and "Crossroads GPS"? I'm sure you'd find them just as interesting.

    Thanks again,
    - Meoward

  • IHMO, any government/sensitive systems should be completely isolated from the internet. It surprises me that much of the US infrastructure is connected to the internet. Why does the US CoC need internet controlled thermostats? That just opens up vulnerabilities. On another note, why was the thermostat communicating with China? If these attacks were as professional as claimed and went undetected for a year, then you would suspect the "professional" hackers would use a proxy or some sort of onion routing. An
    • by tverbeek (457094)

      Other than the fact that they own assorted members of Congress, the US Chamber of Commerce is not part of the US government, any more than the USA Network or the US Tennis Association is.

  • Simply because the IP traces back to China is not necessarily a "Chinese sanctioned" hack. It could very well be a Chinese server has been compromised from somewhere else in the world.

    Should the Chinese government be looking to hack for secrets, I doubt they would choose the Chamber of Commerce for their target, much less leave the tracks leading right back home to them.

    FUD is FUD.
  • Does anyone actually care?
  • The printer thing sounds like a standard malfunctioning printer driver -> any decent IT person has run into this problem before. Printer spits out pages and pages of gibberish, and it's a sign that the printer driver needs to be reconfigured. Probably trying to print using a PostScript driver instead of a PCL driver, or something to that effect.

    And this is from 2010. Slow news day? Or someone desperately trying to play up the "h@x0r$" card, to drum up a little money for a solution in need of a problem?

    La

  • Good Hackers?

    Considering that the USCOC is a Conservative/Republican cesspool of manipulation, I sincerely hope that the hackers are simply stockpiling information to use AGAINST these asshats.

    I eagerly await the Wikileaks release of information gleaned from these "investigations", but I would accept a more public, strategic release of information that torpedoes any chances of Conservatives/Republicans gaining further benefit from the USCOC.

  • Since it was, and still continues to be, the US Chamber of Commerce, together with McKinsey and the Peterson Institute, which fraudulently claims that for every one American job offshored, two jobs magically appear to take their place (by that criminal logic, America should have recorded at the very least 37 million new jobs created over the past 10 years, instead of that many lost to offshoring and offshore job creation by American-based multinationals and corporations); evidently similar to those Keebler
  • by WindBourne (631190) on Wednesday December 21, 2011 @05:05PM (#38453070) Journal
    The US Chamber is the one that pushed tax cuts for outsourcing as well as allowing illegals to be here. Even now, it is the Chamber that pushes its members to buy 49% or less of a factory (i.e. no control) of a Chinese owned factory and then move as many operations to China.

    The chamber being cracked by China , is a lot like breaking into your own home.
    • by jafac (1449)

      The sordid history of the seditious acts of the US Chamber of Commerce date well back to the Nixon Administration's appointment of former chair Lewis Powell to the Supreme Court. He wrote a now-infamous memo, (at the time, secret) to other business leaders, in reaction to Ralph Nader's efforts with Consumers Union, about the horrible threat posed to the American Way of Life, by a politically empowered Middle Class. In this memo, he outlined a strategy, including de-funding the political opposition (basica

      • good points. Hence the reason why I am working on something in denver. Do you still have my email? If so, can you flip me one. I will show you.

Man is the best computer we can put aboard a spacecraft ... and the only one that can be mass produced with unskilled labor. -- Wernher von Braun

Working...