China Reportedly Hacked Chamber Of Commerce

The Wall Street Journal is reporting that hackers in China broke into computers at the U.S. Chamber of Commerce, potentially accessing information about its operations and members. NPR's Tom Gjelten talks with Robert Siegel on what, if anything, the hackers could have accessed.

Copyright © 2011 NPR. For personal, noncommercial use only. See Terms of Use. For other uses, prior permission required.

LYNN NEARY, HOST:

Now, a new case of cyber espionage involving China. Today, the U.S. Chamber of Commerce acknowledged that the organization was hacked from China two years ago. The Chamber says the intrusion lasted at least six months before it was discovered and shut down. During that time, the hackers apparently had access to all the data stored on the Chamber's computer systems. Officials there say hackers targeted four employees who work on Asia-related policy.

Joining us now is NPR's Tom Gjelten. Welcome, Tom.

TOM GJELTEN, BYLINE: Hello, Lynn.

NEARY: So this certainly sounds like a serious security breach. What happened?

GJELTEN: Well, you know, a group of hackers, and apparently from China, was able to break into the Chamber's computer systems in November 2009, possibly even earlier, and stay there until May 2010 when the Chamber's cyber security people were able to shut the door. We learned of it today through a report in the Wall Street Journal and Chamber officials are now confirming that report.

One official there says the scope of the attack was limited, but the hackers had access to a lot of email during that time. Obviously, the chamber has many member companies that do business in China. They share information and, as you say, this intrusion apparently targeted four chamber officials who specialize in Asia.

NEARY: Well, any idea what they were looking for or what information they ended up getting?

GJELTEN: Well, the chamber's chief operating officer says the hackers knew who they were after. What's not so clear is what they were after. One possibility is that they were gathering personal information about these individuals so they could send out fake emails with details from these individuals that made those emails look legitimate. That's called social engineering and it's a widely used technique, especially by Chinese hackers.

NEARY: You say Chinese hackers and there's been a lot of reports about cyber espionage stemming from China. What's going on here?

GJELTEN: You know, Lynn, all the cyber security people we talked to say there's just a ton of cyber espionage coming out of China these days. Hackers are stealing technological secrets, trade secrets, computer code, design plans, you name it. The security people say it's like a vacuum cleaner approach. They just suck up everything they find.

But what's behind this is that China wants to catch up to the west. Now, they don't have the business environment to support innovation. You don't see the Chinese equivalent of companies like IBM or Google or Apple popping up there, so rather than develop their own ideas and technology, they just steal it. That's the background here. At least, that's what we hear from U.S. intelligence officials and security people.

NEARY: And the Chinese government's not acknowledging any role in this attack on the chamber of commerce?

GJELTEN: They say there's no evidence, but cyber security people who have investigated other intrusions blamed on China say it's pretty easy to tie them back there and it's hard to see how the government would not be involved in some way, given the way China works.

Chamber officials say they have no doubt that this intrusion did come from China.

NEARY: NPR's Tom Gjelten. Thanks very much, Tom.

GJELTEN: You bet.

(SOUNDBITE OF MUSIC)

ROBERT SIEGEL, HOST:

This is NPR News.

Copyright © 2011 NPR. All rights reserved. No quotes from the materials contained herein may be used in any media without attribution to NPR. This transcript is provided for personal, noncommercial use only, pursuant to our Terms of Use. Any other use requires NPR's prior permission. Visit our permissions page for further information.

NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR's programming is the audio.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.