Update: JPMorgan, other banks hacked, and FBI looks to Russia for culprits
The FBI is reportedly investigating whether a sophisticated attack on JPMorgan Chase and at least four other banks was the work of state-sponsored hackers from Russia. The attacks, which were detected earlier this month, netted gigabytes of checking and savings account data, according to a report by The New York Times.
Update: According to one source Ars contacted who claims to be familiar with the investigation at JPMorgan Chase, the attack on the bank stemmed from malware that infected an employee’s desktop computer. It was not clear whether the malware was delivered by a web attack or by an email “phishing” attack.
In a statement sent to Ars, John Prisco, CEO of the security firm Triumfant said, “The nature of the JPMorgan breach was a persistent threat with a backdoor that enabled the attacker to enter whenever they wanted.” He expressed surprise that the breach went undetected for so long, claiming that it was “fairly easy breach to detect.”
Russian hackers were initially blamed for attacks on Estonia and Georgia in 2007 and 2008, but their link to the Russian government was tenuous at best. Those attacks were largely denial-of-service attacks aimed at bringing down government, media, and financial institution websites. In April of 2007, Estonia was attacked after a controversy over the relocation of a Soviet war memorial and war graves in Tallinn—but after accusations of Russian involvement, it turned out that the attack was launched by an Estonian student. And while some security analysts pointed to Russian government coordination of the Russian Business Network in attacks on Georgian government websites during the 2008 military conflict between Russia and Georgia over South Ossetia, others found no evidence to point to state sponsorship of what was largely a botnet-based attack.
This month’s attacks on US banks were much more sophisticated and aimed to steal data rather than disrupt the operation of the sites. It’s not clear whether the motive was to use the account data for financial fraud, to collect intelligence, or merely to punish the banks for enforcing sanctions against Russian customers. A JPMorgan Chase official told the Times that there had been no detected increase in fraud recently.
According to a report by Bloomberg, the attacks hit banks in mid-August, and officials suspect that they were tied to a series of recent attacks against European banks—at least one of which leveraged a “zero-day” flaw in a bank’s Web server software to gain access to its network. Because of the sophistication of the attack, FBI officials suspect that there was some government involvement in the attacks. And JPMorgan Chase had been previously singled out for criticism by the Russian government for “illegal and absurd” actions—blocking a payment from a Russian embassy account to another bank.
We will update this story as more information becomes available.