The Washington Post

China hack of Chamber of Commerce highlights ‘spear-phishing’ dangers

Hackers from China have reportedly been able to break into the systems at the U.S. Chamber of Commerce, stealing an unspecified amount of data and possibly gaining undetected access to the network for over a year. The Wall Street Journal reported that the hackers used “spear-phishing” — highly personalized e-mails that entice users to click on a link or open a file — to gain access to the Chamber of Commerce’s network.

More advanced spear-phishing attacks have been on the rise in the past year, in part because it’s so much easier for hackers to customize enticing messages based on data pulled from social networks.

Rohyt Belani, chief executive and co-founder of the spam education company PhishMe, said hackers used to focus their messages on high-level managers and officials with more network privileges. As spear-phishing has become more sophisticated, however, hackers have been able to convince more people to grant them access to the network by clicking a link or opening an attachment.

“When we talk to folks today, we want to say, ‘Don’t just focus awareness efforts on high-level targets; it has to be a wider net.’ ”

Scott Greaux, product manager for PhishMe, said scammers can now send messages that “look like something you expected to receive.” These messages will often include correct references asking you to take an action such as visiting a site that will attempt to install malicious software or downloading an attachment.

Technology designed to detect these kinds of attacks can go only so far, Belani said.

“The focus in the security industry has typically been ‘What shiny box can I throw this in?’ ” he said. “It’s great if you can catch this advanced malware but better if we can reduce the probability of it getting through. If you can get your human sensors activated, you can thwart this kind of thing.”

Attacks such as this don’t have to come from particularly skilled or advanced hackers, Greaux said, because the attacks aren’t necessarily exploiting a technology problem.

“It doesn’t have to be sophisticated anymore. Social media . . . makes for a rich starting point,” he said. “They can make it very personal to me as an end-user. . . . Organizations should talk about this more openly and start a more candid conversation.”

Related stories:

China hackers hit U.S. Chamber of Commerce

Holidays call for extra security vigilance

China-based hacking offers evidence of global cyberwar

Show Comments
Washington Post Subscriptions

Get 2 months of digital access to The Washington Post for just 99¢.

A limited time offer for Apple Pay users.

Buy with
Cancel anytime

$9.99/month after the two month trial period. Sales tax may apply.
By subscribing you agree to our Terms of Service, Digital Products Terms of Sale & Privacy Policy.

Get 2 months of digital access to The Washington Post for just 99¢.

Most Read
DJIA -0.03%
NASDAQ 0.48%
Last Update: 01/16/2017(DJIA&NASDAQ)



Success! Check your inbox for details.

See all newsletters

Close video player
Now Playing
Read content from allstate
Content from Allstate This content is paid for by an advertiser and published by WP BrandStudio. The Washington Post newsroom was not involved in the creation of this content. Learn more about WP BrandStudio.
We went to the source. Here’s what matters to millennials.
A state-by-state look at where Generation Y stands on the big issues.