Slashdot Mirror
FBI Investigates 'Sophisticated' Cyber Attack On JP Morgan, 4 More US Banks
Bruce66423 writes with news of an electronic attack believed to affect at least five U.S. banking institutions this month, including JP Morgan, now being investigated by the FBI. According to the Independent, The attack on JP Morgan reportedly resulted in the loss of “gigabytes of sensitive data” that could have involved customer and employee information. It is said to have been of a level of sophistication beyond ordinary criminals, leading to speculation of a state link. The FBI is thought to be investigating whether there is a connection to Russia. American-Russian relations continue to be fraught amid the crisis in Ukraine, with sanctions ramped up.
Bruce66423 asks "The quality of the attack, which appears to have led to 'gigabytes' of data being lost, is raising the prospect of a state being the source. The present culprit suggested is Russia... why the assumption it's not China — just because China isn't invading the Ukraine at the moment?" News of the attack is also at the New York Times, which notes Earlier this year, iSight Partners, a security firm in Dallas that provides intelligence on online threats, warned companies that they should be prepared for cyberattacks from Russia in retaliation for Western economic sanctions. But Adam Meyers, the head of threat intelligence at CrowdStrike, a security firm that works with banks, said that it would be “premature” to suggest the attacks were motivated by sanctions.
No mention of them in the articles linked.
.
Prisencolinensinainciusol. Ol Rait!
Why would "gigabytes of sensitive data that could have involved customer and employee information" be accessible by an internet facing server?
Yawn
same old...same old...
Private "cybersecurity" firm reports data breach. Lots of data transferred. Must be "state" actor APT! But who? China? Russia? Who is US government/media currently demagoguing against? Maximum fear factor achieved!
Bank of Frostbite Falls under attack on orders from Fearless Leader! Boris and Natasha must still be looking for the Mooseberry recipe.
Why does the FBI get involved? is it because the events span multiple states, or because the banks have so much clout? If this had happened to google or microsoft, for example, would the FBI get involved?
Looking for people to chat about multicopters, coding, music. skype: gtsiros
Remember, other nations are not happy about the American banksters printing money at THEIR expense. Whom do you think pays for the 10%+ per annum inflation? And why would any American ever be upset at a stock market bubble? After all, consumer spending is down, median income is down, jobs are evaporating, and there is nowhere else to invest your money to save it from being inflated away.
these morons are creating havoc in all sorts of economies around the world
Caller: "This is Jack Haackst ([CIO]). We just had a P1 escalation from [a big customer], we need to do a recovery on the database partitions for Q3 2013 right now."
IT guy: "Recovery on database partitions? Do you mean a restore from archives?"
Caller: "No, a recovery. Who's your supervisor? Put him on the phone."
IT guy: "He's on vacation right now, can I have him call..."
Caller: "Look, I've spent a career here doing this stuff. Just give me the DBA password."
I can only assume the NSA has become self-funding, and is doing so by hacking banks.
If it is russia, and they do intend to fully invade ukraine, and launch cyber-warfare attacks to disrupt commerce in Ukraine, does anyone have decent plans to 'secure' the infrastructure?
No.. no it does not.
But what else can a filthy dirty stinking Russian do?
Cyber washes over so much of the actual problem with these companies. it implies some val kilmer secret agent jack bauer bullshit that does not exist in practical terms as the situation applies to entities like Chase. Its a convenient means of misdirecting attention at best.
Lets take a step back and call this what it actually was. Chase involuntarily discharged sensitive information about employees and customers. We can name chase because its too big to fail, but four other banks were part of this incident and we cant name them because to do so would cause egregious harm to their market reputation and force them to spend a pittance on re-issuing credit/debit cards. Chase will work to scapegoat this problem ad infinitum to the nearest foreign superpower that has been demonized/sanctified by politicians for this purpose and business will continue as usual. Chase will not accept liability for its shit-tier software, security practices, or disinterest in its customers and clients because it would harm the largest bank in the world and perhaps shave a sliver of profit off this quarter.
Good people go to bed earlier.
THE Ukraine! It's Ukraine, and that's what it is. It's not a region, but a COUNTRY. I don't see anybody here writing "the France" or "the Italy"... Hypercorrectism it's still an error.
There's nothing particularly novel about these kinds of articles except for the usually baseless speculation about who was behind the system break-ins. If Slashdotters are interested in reading about data breaches then they should go over to http://www.privacyrights.org/data-breach.
I used to do some contract work with a very large 3 letter named organization well known in the data processing world (well, they used to call it data processing. Not sure what they call it now), anyway, JP Morgan was a major customer of the aforementioned 3 lettered organization. The JP Morgan account was supposedly worth over a Billion US dollars, so when JP Morgan said 'jump' the 3 lettered organization replied 'how high?'.
Every time anyone from the 3 letter named organization had to talk with anyone from JP Morgan - the JP Morgan people treated them like absolute sh*t! The JP Morgan a**holes would curse at them, call them names, etc. it was just ridiculous! But, for a Billion dollars, the people at the 3 lettered organization expected you to just suck it up!
As a result of all this....I sincerely hope that JP Morgan gets butt raped from this cyber attack!!
To whoever is responsible - "I thank you for putting it up JPM's ass!!!"......now please go away and leave my country the f*ck alone.
This is the ACTUAL summary of the article. At the very least, this is the summary that *should* be posted to the Slashdot, that translates the shit-speak the media writes into technical jargon that Slashdot readers should expect from "news for nerds".
Otherwise Slashdot is a mere shill for other crap media with their crap reporting with zero journalistic integrity. Facts be damned, protect the status quo.
If telephones are outlawed, then only outlaws will have telephones.
Keep your financial information safe from hackers.
A letter from my credit union
"Dear Member,
We have been made aware that the security of your _ _ _ _ check card may have been compromised outside of _ _ _ _ Federal.
Enclosed is a new _ _ _ _ check card to replace your old card..."
The letter then digresses from this information provided, citing no unusual activity, ensure your not inconvenienced etc.
... they blame the Russians
Instead of blaming themselves of being so fucking antagonistic towards the rest of the world (see what the fuck they have done to Iraq, Libya, and now, Syria), they point their bloody fingers at others
Fucking shits who don't even deserve the O2 that they breathe
I'll bet all my credit balance that they probably learned to use a malware generator right to just PDFed the clicktomaniac back-office, and that even if the paydata was air-gapped they're leaking USB drives all over the place.
A firewall which is more than just an occasional inconvenience has to stop any data which it can't compare to its list of secrets which may not be leaked. - That is at least what one of the firewall's tasks used to be, but none which did this were sold, apparently because they were just too secure and therefore too inconvenient.
If you're in the security business and didn't know firewalls used to do this, I'd love to know.
All rites reversed 2010
I heard the NSA is capable of such mischief. Just sayin'.
Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
I bet the NSA is just looking to make up for lost funding.
See http://www.merriam-webster.com/dictionary/ukraine
There are also The Gambia, The Dominican Republic, The Netherlands, The Seychelles, The United Arab Emirates, and yes, The United States :)
Others listed here: http://everything2.com/title/Countries+that+start+with+the+word+%2522the%2522
The fear and war mongering is coming from all fronts currently. For a decade it was mostly middle east. Now they are ratcheting up the propaganda against Russia. Partially due to people realizing that the US is training and arming the "terrorists" in the middle east causing many of the problems, and partially due to needing a bigger threat. So yes, people are getting wise to the games. John Kerry and his constant screaming for a white cat has become blatantly obvious.
Until recently China and Japanese skirmishes over islands would occasionally pop up as a "big threat", but it was nothing that could be sustained as war propaganda. Russia on the other hand, what an easy target. Far enough away and little enough interaction that most people are ignorant, and was a technological threat for long enough for people to believe a bit more of the rhetoric.
I also believe the media controllers are getting worse at propaganda, but blame this on desperation because more people are wise to the propaganda. How many times will we hear a claim of "Russia invaded the Ukraine" and have that proven false before people ignore it completely? I'm pretty sure we are capped out at the limit.
Lets not forget the obvious alternative motive for this particular propaganda. It takes the blame off these large banks that continue to violate the law and/or not correct major security problems. Execs make more cash because they don't have to spend money correcting problems, and all the blame goes to "those guys". Convenient for both sides.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
crime syndicates are just as resourceful, if not more so, than state actors. To assume that it is a state actor because you did not think of the attack vector first is pretty dumb. in fact, trying to assert any attribution to cybercrime/intelligence is dumb.
As far as I'm concerned, why just JP? If the bad guys have balls, how about Wells Fargo? Better yet, if the bad guys are not just closet girly girls; Why not go after the data base that holds the home loans of the U.S. and all of its backups. Yep, I smell fish, 3 days in the sun.
I didn't see any evidence of Russia being involved, other than gross speculation. Meanwhile, the NYT article states the researchers believe the malware was produced by the same people who made Stuxnet and Flame. That points to the US and Israel, not Russia.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Do you mean someone opened a ms Word document from an email attachment in ms Outlook under Microsoft Windows ?
What if such cyber attacks are a form of misdirection or rather click-bait? Here's the scenario: launch a cyber attack on a bank but you're really not interested in any data you might get or rather the attack makes the target think that you're after data. The target then tells its customers to change their passwords. It's only then that the attacker gets what their after i.e. account holders' NEW passwords.
and we are back to blaming the Russians instead of the Chinese for unsubstantiated allegation that our own government may (most definitely are doing ) also?
At least that's the impression I get by reading the news. I can't remember the last time I heard an attack described as "simple" or "straightforward." It's never "the hackers just tried a bunch of words until one of them worked," or "turns out that if you type '); then a computer will often happily do whatever you tell it," or "if you give it a very long list of letters, sometimes the computer will start doing whatever you tell it." No, it's "the hackers used a sophisticated technique to plow through layers of security."
Although I'll grant you, that 'sophisticated' bit does sound a lot better. Maybe I should sprinkle that word around my resume.
https://www.eff.org/https-everywhere
When speaking about the very banks that helped cause the global financial meltdown of 2008, I seriously doubt any attack could ever pose a larger threat than the insider threat that runs Too Big To Fail.
We work with JPMorgan. We host hundreds of terabytes of sensitive data for them.
They take information security more seriously than any other organization that we work with, and we work with a number of Fortune 50 corporations, tech companies, and the United States government.
If they are getting hacked, it is not due to a lack of effort or competence on the part of their risk management and security teams. All of the common complaints that get voiced here about companies not taking security seriously, about companies not spending money on security, about PHBs not getting security, are not applicable to JPMorgan. Those people get it. I do not say that lightly. There are plenty of equally large financial institutions and organizations with similar amounts of resources who do not spend even a quarter of the effort on securing their data that JPMorgan does.
As a client, they are a serious pain the ass to work with. But at the end of the day, their security controls and risk management processes are heavily weighted towards security at all costs, ease of use / access be damned.
I'm sure it was American blackhats who are sick of JP's century of financial enslavement. Go Blackhats.