Russian hackers attacked the U.S. financial system in mid-August, infiltrating and stealing data from JPMorgan Chase & Co. (JPM) and at least one other bank, an incident the FBI is investigating as a possible retaliation for government-sponsored sanctions, according to two people familiar with the probe.
The attack resulted in the loss of gigabytes of sensitive data, said the people, who asked not to be identified because the probe is still preliminary. Authorities are investigating whether recent infiltrations of major European banks using a similar vulnerability are also linked to the attack, one of the people said.
In one case, the hackers used a software flaw known as a zero-day vulnerability in one of the banks’ websites. They then plowed through layers of elaborate security to steal the data, a feat security experts said appeared far beyond the capability of ordinary criminal hackers. The incidents occurred at a low point in relations between Russia and the West. Russian troops continue to mass on the Ukrainian border and the West tightens sanctions aimed at crippling Russian companies, including some of the country’s most important banks. Continue reading
Tag Archives: zero day
JPMorgan, Four Other Banks Hit by Hackers: U.S. Official
Computer hackers targeted JPMorgan Chase & Co. (JPM) and at least four other banks in a coordinated attack on major financial institutions this month, according to a U.S. official.
The attack led to the theft of customer data that could be used to drain accounts, according to another person briefed by U.S. law enforcement. The two people, who asked not to be identified because the investigation is continuing, discussed the incident after Bloomberg News reported a breach on banks earlier today.
Hackers targeted customer and employee information, said a third person involved in the investigation, who was also briefed by the government. The theft involved gigabytes of data, said several people familiar with the attacks. The scale indicates a potential for significant financial fraud.
Most thefts of financial information involve retailers or personal computers of consumers. Stealing data from big banks is rare, because they have elaborate firewalls and security systems.
How Russian Hackers Stole the Nasdaq
In October 2010, a Federal Bureau of Investigation system monitoring U.S. Internet traffic picked up an alert. The signal was coming from Nasdaq (NDAQ). It looked like malware had snuck into the company’s central servers. There were indications that the intruder was not a kid somewhere, but the intelligence agency of another country. More troubling still: When the U.S. experts got a better look at the malware, they realized it was attack code, designed to cause damage.
As much as hacking has become a daily irritant, much more of it crosses watch-center monitors out of sight from the public. The Chinese, the French, the Israelis—and many less well known or understood players—all hack in one way or another. They steal missile plans, chemical formulas, power-plant pipeline schematics, and economic data. That’s espionage; attack code is a military strike. There are only a few recorded deployments, the most famous being the Stuxnet worm. Widely believed to be a joint project of the U.S. and Israel, Stuxnet temporarily disabled Iran’s uranium-processing facility at Natanz in 2010. It switched off safety mechanisms, causing the centrifuges at the heart of a refinery to spin out of control. Two years later, Iran destroyed two-thirds of Saudi Aramco’s computer network with a relatively unsophisticated but fast-spreading “wiper” virus. One veteran U.S. official says that when it came to a digital weapon planted in a critical system inside the U.S., he’s seen it only once—in Nasdaq.
The October alert prompted the involvement of the National Security Agency, and just into 2011, the NSA concluded there was a significant danger. A crisis action team convened via secure videoconference in a briefing room in an 11-story office building in the Washington suburbs. Besides a fondue restaurant and a CrossFit gym, the building is home to the National Cybersecurity and Communications Integration Center (NCCIC), whose mission is to spot and coordinate the government’s response to digital attacks on the U.S. They reviewed the FBI data and additional information from the NSA, and quickly concluded they needed to escalate. Continue reading