The hackers had access to everything in Chamber computers, including, potentially, the entire U.S. trade policy playbook.
“The Chinese have attacked every major U.S. company, every government agency, and NGO’s. Their attacking the Chamber of Commerce is part of a pattern of their attacking everything in the US. If you’re working on U.S.-China relations with an NGO, government agency, you can be sure the Chinese are reading your emails and on your computer,” Richard Clarke, former White House counter-terrorism adviser, told ABC News.
At one point, the penetration into the Chamber of Commerce was so complete that a Chamber thermostat was communicating with a computer in China. Another time, chamber employees were surprised to see one of their printers printing in Chinese.
“I don’t think the Chamber of Commerce has anything worth stealing, but it’s part of a pattern of the Chinese stealing of everything they can, and that’s worrying,” Clarke said.
The hacking was carried out through “spear phishing,” in which victims are targeted with customized messages designed to look like they are from known contacts or relevant to specific topics. The Washington Post explains:
Scott Greaux, product manager for PhishMe, said scammers can now send messages that “look like something you expected to receive.” These messages will often include correct references asking you to take an action such as visiting a site that will attempt to install malicious software or downloading an attachment.
Technology designed to detect these kinds of attacks can go only so far, Belani said.
The hacking was first reported by the Wall Street Journal. The Wall Street Journal also reports that the attack has prompted some members of Congress to call for legislation boosting cyber security.