The attack, which stole copies of gigabytes of banking and checking account details, hit JPMorgan Chase & Co. “and at least one other bank,” Bloomberg reported Wednesday (July 27). Bloomberg and other news services said that investigators are exploring whether the attack came from Russian cyberthieves, possibly—at least in part—as retaliation for Russian sanctions that have been hitting Russian banks. (The New York Times also reported that Chase was a victim, but said that other attacked included “at least four other” banks.)
As a practical matter, even if the attack is eventually established to have been launched by Russian cyberthieves, it’s just as likely that “sanction retaliation” is being used as an excuse to steal lucrative bank data. Put another way, once these thieves figured out a way to access that data, they would have likely attacked whether or not sanctions had been imposed.
The Wall Street Journal reported that “the timing and extent of the hacking attacks weren’t immediately clear, though cybersecurity experts began probing the possible J.P. Morgan breach earlier this month.”
Details about how the attackers penetrated the extensive security that Chase deploys have been few. “In at least one of the attacks, the hackers grabbed sensitive data from the files of bank employees, including executives, according to a fourth person briefed on the probe. In one case, the hackers used a software flaw known as a zero-day vulnerability in one of the banks’ websites,” the Bloomberg report said. “They then plowed through layers of elaborate security to steal the data, a feat security experts said appeared far beyond the capability of ordinary criminal” cyberthieves.
The Wall Street Journal also reported that the cyberthieves appeared to have entered the network by riding atop an employee’s virtual private network (VPN) connection, typically used to gain network access while employees are at home or traveling. The attackers “appear to have originally breached J.P. Morgan’s network via an employee’s personal computer,” a person close to the investigation said. “From there, the intruders were able to move further into the bank’s inner systems.”
JPMorgan reacted casually to the report, telling The Times that such attacks are commonplace for them. “Companies of our size unfortunately experience cyberattacks nearly every day,” Patricia Wexler, a JPMorgan spokeswoman, is quoted as saying in The Times. “We have multiple layers of defense to counteract any threats and constantly monitor fraud levels.”