JPMorgan and Other Banks Struck by Cyberattack

[Jake <jake () riskbasedsecurity com>]

http://www.nytimes.com/2014/08/28/technology/hackers-target-banks-including-jpmorgan.html

A number of United States banks, including JPMorgan Chase and at least
four others, were struck by hackers in a series of coordinated attacks
this month, according to four people briefed on a continuing
investigation into the crimes.

The hackers infiltrated the networks of the banks, siphoning off
gigabytes of data, including checking and savings account information,
in what security experts described as a sophisticated cyberattack.

The motivation and origin of the attacks are not yet clear, according
to investigators. The F.B.I. is involved in the investigation, and in
the past few weeks a number of security firms have been brought in to
conduct forensic studies of the penetrated computer networks.

According to two other people briefed on the matter, hackers
infiltrated the computer networks of some banks and stole checking and
savings account information from clients. It was not clear whether the
attacks were financially motivated, or if they were collecting
intelligence as part of an espionage effort.

JPMorgan has not seen any increased fraud levels, one person familiar
with the situation said.

“Companies of our size unfortunately experience cyberattacks nearly
every day,” said Patricia Wexler, a JPMorgan spokeswoman. “We have
multiple layers of defense to counteract any threats and constantly
monitor fraud levels.” Joshua Campbell, an F.B.I. spokesman, said the
agency was working with the Secret Service to assess the full scope of
attacks. “Combating cyberthreats and criminals remains a top priority
for the United States government,” he said.

The intrusions were first reported by Bloomberg, which indicated that
they were the work of Russian hackers. But security experts and
government officials said they had not yet made that conclusion.

Earlier this year, iSight Partners, a security firm in Dallas that
provides intelligence on online threats, warned companies that they
should be prepared for cyberattacks from Russia in retaliation for
Western economic sanctions.

But Adam Meyers, the head of threat intelligence at CrowdStrike, a
security firm that works with banks, said that it would be “premature”
to suggest the attacks were motivated by sanctions.

Russian hackers began a monthlong online assault on Estonia in 2007
that nearly crippled the Baltic nation, after Estonian government
workers moved a Soviet-era war memorial from the Estonian capital.

Still, security experts say that the stealthy nature of the recent
attacks suggests that their motivation was not political.

The American banking sector has been a frequent target for hackers in
recent years, with the vast majority of attacks motivated by financial
theft.

But not all of them. Over the past two years, banks have been targeted
in a series of politically motivated attacks from Iran, in which a
group of Iranian hackers flooded United States banking sites with so
much online traffic — a method called a distributed denial of service,
or DDoS, attack — that the websites slowed or intermittently
collapsed.

Hackers who took credit for those attacks said they went after the
banks in retaliation for an anti-Islam video that mocked the Prophet
Muhammad, and pledged to continue the attacks until the video was
removed from the Internet.

American intelligence officials said the group was actually a cover
for the Iranian government. Officials claimed Iran was waging the
attacks in retaliation for Western economic sanctions and for attacks
on its own systems.

Unlike the attacks traced to Iran, the recent hacks against the
American banks were not intended to disrupt the bank’s services but
appeared to be part of a financial or intelligence-gathering effort,
three people briefed on the investigations said.

Mr. Meyers, of CrowdStrike, said hackers could have been after account
information, or even intelligence about a potential merger or
acquisition. Security experts said the hackers chose to pursue account
information, not disruption, which is the earmark of state-sponsored
attacks.

Because JPMorgan had not seen any unusual incidences of fraud,
however, it was too early to conclude that the attacks were solely
financially motivated.

So why were the banks targeted? Security experts said they could not
yet determine whether the attacks over the past few weeks were the
work of Russians, or whether they were politically motivated. Indeed,
Mr. Meyers said, any such conclusions at this point would be the
result of what he said was an effort by security firms to be the first
to present conclusive evidence.

Banks are also frequent targets for intelligence agencies looking to
collect information about their targets. In 2012, Russian security
researchers uncovered a computer virus on 2,500 computers, many of
them inside major Lebanese banks, including the Bank of Beirut and
Blom Bank. The virus was specifically intended to steal customers’
login credentials to their bank accounts.

The researchers believed the computer virus was state-sponsored and
said they had found evidence it had been created by the same
programmers who created Flame and Stuxnet, two computer viruses that
officials have said were unleashed by the United States and Israel to
spy on computers inside Iran.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!