Spearphishers Compromise U.S Chamber of Commerce

The Wall Street Journal is reporting that Chinese hackers accessed data of the U.S. Chamber from November of 2009 until May of 2010. Using a network of over 300 IP addresses, the hackers gained access to everything stored on its systems, including information about its three million members and lobbying efforts of the Chamber. The attack probably started with a spearphishing email.

The Wall Street Journal summarized the data breach in a graphic:

Chamber of Commerce Hack

You can view the original graphic by clicking here.

What can be done to defend the enterprise against spearphishing?  The enterprise can adopt a tool that identifies trusted email so that the target of the spearphishing attack can distinguish real email from fake email.  That tool is SP Guard from Iconix.

SP Guard Inbox

SP Guard provides the recipient with three confirmations that a message is real:

  1. List View. There is an integrity indicator in the list view of the email client.
  2. Message. The open message has a further indicator of authenticity.
  3. Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.

SP Guard now offers a fraud filtering enhancement.  This additional protection is becoming increasingly important given the latest generation of highly targeted spear-phishing emails which are so well crafted that users cannot tell real from fake.

SP Guard is available now from Iconix. For further information, contact us at  408-727-6342, ext 3 or use our online form.


One Response to Spearphishers Compromise U.S Chamber of Commerce

  1. […] the malware that is installed evades detection by security software.  We saw this in the recent compromise of the U.S. Chamber of Commerce, in which the FBI,  and not internal security measures, alerted the Chamber to the problem.  The […]