Attorneys for the Chamber were caught negotiating for a contract to launch a cyber campaign using practically identical methods to those attributed to the Chinese, which reportedly could be used to cripple vital infrastructure and plunder trade secrets from Fortune 100 companies. The Chamber was seeking to undermine its political opposition, including the Service Employee International Union (SEIU) and MoveOn.org, but apparently had to scotch the plan after it was revealed by Anonymous.
At the RSA Conference in San Francisco, the "nation's largest gathering of cyber security professionals," The Nation spoke to a number of experts who said the same invasive strategies employed by the Chinese military could be easily used in political campaigns and other political contexts by anyone willing to take the risk.
The story of both the Mandiant report and the American lobbyist hacking conspiracy begins in February of 2011, when the hacktivist group Anonymous stole some 70,000 e-mails from a Bethesda, Maryland-based firm called HBGary Federal and dumped them onto the Internet. HBGary Federal was an affiliate of HBGary, a firm that maintained a database and discussion forum of hacking software called Rootkit.com, which served as a "malware repository where researchers stud[ied] hacking techniques from all over the world." It appears the Chinese hackers, known as the "Comment Crew," had participated to gain the types of software used to compromise computers owned by dozens of American interests.
The Mandiant report details how the disclosure of Rootkit.com's user database from Anonymous not only revealed the e-mail account associated with UglyGorilla, or Jack Wang, and SuperHard_M, or Mei Qiang, two of the alleged Chinese hackers, but the IP address that helped confirm the Shanghai Pudong location of the Chinese military office building, from which it launched attacks on US-based targets. As Nate Anderson of Ars Technica reported, the theft of HBGary Federal's data offered the Mandiant researchers a "treasure trove of information."
Rootkits, a term used to describe software that can gain access to computer systems without detection, can often be used for malicious purposes. Asked why he thought the Chinese military would participate in an American site like Rootkit.com, Richard Bejtlich, Mandiant's Chief Security Officer, told The Nation that at least initially, "If you wanted to get up to speed on that technology, that's where you went."
Mandiant compared the information from the Rootkit.com user database with data from other cyber security breaches attributed to Chinese hacking attempts to come to the conclusions in their report.
According to The New York Times and Mandiant, the Shanghai-based Unit 61398 of the People's Liberation Army employing the "Comment Crew" hackers relied largely upon spear-phishing (often an e-mail to trick the recipient into opening a document or attachment containing a malicious piece of software, like a rootkit) to gain access to firms like Coca-Cola, the National Electrical Manufacturers Association, EMC, and Telvent, a company that produces programs for remote access for oil and gas pipelines.
As policymakers and major American companies continue to react to the news about the Chinese hacking, similar threats could play a role in labor organizing and political campaigns.
The disclosure of HBGary Federal's e-mails revealed one of the most brazen political espionage efforts in recent memory, which underscores this threat.
In October of 2010, HBGary Federal was solicited by Matthew Steckman of the firm Palantir on behalf of attorneys representing the US Chamber of Commerce "about offering a complete intelligence solution" and "social media exploitation." The Chamber had dealt with critical news about an IRS complaint alleging that the insurance giant AIG had illegally laundered millions of dollars to the Chamber in September. Also around that time, I wrote a separate story for ThinkProgress revealing fundraising documents that showed the Chamber had solicited foreign corporate money for the same 501(c)(6) legal entity the Chamber used to run campaign commercials during the midterm elections. The leaked HBGary Federal e-mails show the Chamber was interested in responding aggressively to this pressure.
By November of that year, Palantir, HBGary Federal and another firm, Berico, had discussed the effort to push back against the Chamber's critics several times with a number of the Chamber's attorneys at the law/lobbying firm Hunton and Williams, and had prepared a series of presentations detailing their proposal to the Chamber. One of the attorneys involved in the discussions, Hunton and William's Richard Wyatt, had already been retained by the Chamber to sue the Yes Men, a comedic advocacy group, for impersonating the Chamber at a prank press conference.
The presentations, which were also leaked by Anonymous, contained ethically questionable tactics, like creating a "false document, perhaps highlighting periodical financial information," to give to a progressive group opposing the Chamber, and then subsequently exposing the document as a fake to undermine the credibility of the Chamber's opponents. In addition, the group proposed creating a "fake insider persona" to "generate communications" with Change to Win, a federation of labor unions that sponsored the watchdog site, US Chamber Watch.