JPMorgan’s own investigators have found clues that a global network of computers available for hire by sophisticated criminals was used to reroute data stolen from the bank to a major Russian city, according to people familiar with the probe.
Like street magicians using sleight of hand, the hackers tapped computers from Latin America to Asia to send commands and obscure their identity while ferrying malicious traffic past one of the most heavily guarded networks on Wall Street.
Bank investigators working nearly around the clock have identified what they believe to be the assault’s staging ground, called a “bulletproof” hosting platform because of its resilience to other attackers and to law enforcement, according to one of the people, who requested anonymity because of the continuing investigation. The constellation of computers was used in previous hacking attacks and is now being tapped by professional cybercriminals operating out of Eastern Europe to target banks.
The bank’s investigators are only part of a larger group in the US that includes the Federal Bureau of Investigation and the National Security Agency trying to trace the origin of the computer assault. The success of the attack on JPMorgan and another this week on Home Depot and even the theft of nude photos from celebrities’ online Apple accounts highlight how hard it is to defend against increasingly sophisticated criminals.
Cybercrime operations similar to the one identified by JPMorgan investigators, notably a now-defunct one known as the Russian Business Network, have been run by powerful figures and protected by Russian authorities, said James Lewis, a senior fellow at the Center for Strategic and International Studies in Washington.
“It’s like the mafia,” Lewis said. “If this is RBN version 2.0 or even 3.0, then the US government will be very concerned because it’s been a real pest before.”
The use of a Russian-based data center is another piece of a puzzle being constructed by investigators as they chase answers to urgent questions such as the attack’s motive, the hackers’ identity, and the possibility other banks may have been attacked or probed by the same group.
Some investigators speculated the cybercriminals were hired by the Russian government in the past and may have used malware and other tactics also shared with Russian government agents.
JPMorgan was singled out in April for criticism by Russian officials when it blocked a payment from a Russian embassy to the affiliate of a U.S.-sanctioned bank. Russia’s foreign ministry called the move by JPMorgan “illegal and absurd.”
The JPMorgan attack may have been designed to send a message, said Keith Alexander, who was director of the NSA from 2005 until last March and started a cybersecurity company to sell services to US banks.
If the incursion was backed by the Russian government in retaliation for sanctions imposed by the U.S. and European Union over the crisis in Ukraine, then they just said “You’re vulnerable,” Alexander said in an interview.
Full article: JPMorgan data ‘sent to Russia’ by computers for hire (The Age)