Slashdot Mirror
FBI Investigates 'Sophisticated' Cyber Attack On JP Morgan, 4 More US Banks
Bruce66423 writes with news of an electronic attack believed to affect at least five U.S. banking institutions this month, including JP Morgan, now being investigated by the FBI. According to the Independent, The attack on JP Morgan reportedly resulted in the loss of “gigabytes of sensitive data” that could have involved customer and employee information. It is said to have been of a level of sophistication beyond ordinary criminals, leading to speculation of a state link. The FBI is thought to be investigating whether there is a connection to Russia. American-Russian relations continue to be fraught amid the crisis in Ukraine, with sanctions ramped up.
Bruce66423 asks "The quality of the attack, which appears to have led to 'gigabytes' of data being lost, is raising the prospect of a state being the source. The present culprit suggested is Russia... why the assumption it's not China — just because China isn't invading the Ukraine at the moment?" News of the attack is also at the New York Times, which notes Earlier this year, iSight Partners, a security firm in Dallas that provides intelligence on online threats, warned companies that they should be prepared for cyberattacks from Russia in retaliation for Western economic sanctions. But Adam Meyers, the head of threat intelligence at CrowdStrike, a security firm that works with banks, said that it would be “premature” to suggest the attacks were motivated by sanctions.
No mention of them in the articles linked.
.
Prisencolinensinainciusol. Ol Rait!
Yawn
same old...same old...
Private "cybersecurity" firm reports data breach. Lots of data transferred. Must be "state" actor APT! But who? China? Russia? Who is US government/media currently demagoguing against? Maximum fear factor achieved!
Why does the FBI get involved? is it because the events span multiple states, or because the banks have so much clout? If this had happened to google or microsoft, for example, would the FBI get involved?
Looking for people to chat about multicopters, coding, music. skype: gtsiros
I can only assume the NSA has become self-funding, and is doing so by hacking banks.
Cyber washes over so much of the actual problem with these companies. it implies some val kilmer secret agent jack bauer bullshit that does not exist in practical terms as the situation applies to entities like Chase. Its a convenient means of misdirecting attention at best.
Lets take a step back and call this what it actually was. Chase involuntarily discharged sensitive information about employees and customers. We can name chase because its too big to fail, but four other banks were part of this incident and we cant name them because to do so would cause egregious harm to their market reputation and force them to spend a pittance on re-issuing credit/debit cards. Chase will work to scapegoat this problem ad infinitum to the nearest foreign superpower that has been demonized/sanctified by politicians for this purpose and business will continue as usual. Chase will not accept liability for its shit-tier software, security practices, or disinterest in its customers and clients because it would harm the largest bank in the world and perhaps shave a sliver of profit off this quarter.
Good people go to bed earlier.
THE Ukraine! It's Ukraine, and that's what it is. It's not a region, but a COUNTRY. I don't see anybody here writing "the France" or "the Italy"... Hypercorrectism it's still an error.
It raises the question. Stop it.
For fucks sake it doesn't do that, either. That's not the question. There is no suggestion that the attackers simply lumbered across the data by going to http://www.chase.com./ They probably (based on the patterns of most recent attacks) used spear phishing across a huge section of the employee population, then individually targeted each mark that fell into the trap for maximum leverage on gaining external access.
You mean like my bank account statement, balance, my sign in, you know, things almost every American today access everyday from their banks? I don't know about you, but, I access those things (data) via the internet facing servers provided for me by my bank.
I'll bet all my credit balance that they probably learned to use a malware generator right to just PDFed the clicktomaniac back-office, and that even if the paydata was air-gapped they're leaking USB drives all over the place.
A firewall which is more than just an occasional inconvenience has to stop any data which it can't compare to its list of secrets which may not be leaked. - That is at least what one of the firewall's tasks used to be, but none which did this were sold, apparently because they were just too secure and therefore too inconvenient.
If you're in the security business and didn't know firewalls used to do this, I'd love to know.
All rites reversed 2010
Yeah, what evildoers, giving Russia a slap on the wrist for the petty offense of invading and taking over part of another country that had insolently decided to no longer be under Russia's thumb. Next up, the evil tyrants in American and Europe will send Putin a sternly worded letter! Maybe he won't even get a Christmas card from Biden this year!
See: US to sanction Russia over annexation of Virginia
Could chocolate let me finish?
I heard the NSA is capable of such mischief. Just sayin'.
Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
Sorry I couldn't hear you over the aftershocks of Mt. Gox's collapse.
"When information is power, privacy is freedom" - Jah-Wren Ryel
The fear and war mongering is coming from all fronts currently. For a decade it was mostly middle east. Now they are ratcheting up the propaganda against Russia. Partially due to people realizing that the US is training and arming the "terrorists" in the middle east causing many of the problems, and partially due to needing a bigger threat. So yes, people are getting wise to the games. John Kerry and his constant screaming for a white cat has become blatantly obvious.
Until recently China and Japanese skirmishes over islands would occasionally pop up as a "big threat", but it was nothing that could be sustained as war propaganda. Russia on the other hand, what an easy target. Far enough away and little enough interaction that most people are ignorant, and was a technological threat for long enough for people to believe a bit more of the rhetoric.
I also believe the media controllers are getting worse at propaganda, but blame this on desperation because more people are wise to the propaganda. How many times will we hear a claim of "Russia invaded the Ukraine" and have that proven false before people ignore it completely? I'm pretty sure we are capped out at the limit.
Lets not forget the obvious alternative motive for this particular propaganda. It takes the blame off these large banks that continue to violate the law and/or not correct major security problems. Execs make more cash because they don't have to spend money correcting problems, and all the blame goes to "those guys". Convenient for both sides.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
crime syndicates are just as resourceful, if not more so, than state actors. To assume that it is a state actor because you did not think of the attack vector first is pretty dumb. in fact, trying to assert any attribution to cybercrime/intelligence is dumb.
As far as I'm concerned, why just JP? If the bad guys have balls, how about Wells Fargo? Better yet, if the bad guys are not just closet girly girls; Why not go after the data base that holds the home loans of the U.S. and all of its backups. Yep, I smell fish, 3 days in the sun.
I didn't see any evidence of Russia being involved, other than gross speculation. Meanwhile, the NYT article states the researchers believe the malware was produced by the same people who made Stuxnet and Flame. That points to the US and Israel, not Russia.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Do you mean someone opened a ms Word document from an email attachment in ms Outlook under Microsoft Windows ?
What if such cyber attacks are a form of misdirection or rather click-bait? Here's the scenario: launch a cyber attack on a bank but you're really not interested in any data you might get or rather the attack makes the target think that you're after data. The target then tells its customers to change their passwords. It's only then that the attacker gets what their after i.e. account holders' NEW passwords.
At least that's the impression I get by reading the news. I can't remember the last time I heard an attack described as "simple" or "straightforward." It's never "the hackers just tried a bunch of words until one of them worked," or "turns out that if you type '); then a computer will often happily do whatever you tell it," or "if you give it a very long list of letters, sometimes the computer will start doing whatever you tell it." No, it's "the hackers used a sophisticated technique to plow through layers of security."
Although I'll grant you, that 'sophisticated' bit does sound a lot better. Maybe I should sprinkle that word around my resume.
https://www.eff.org/https-everywhere
You mean like how the US carved Panama out of Colombia, or Kosovo out of Serbia? Or the rebelliions they supported in Lybia, Syria, and god knows where else. I'm not even including just taking over a country lock,stock and barrel, or just bombing it back to the stone age here.
I even remember the Russians warning the US 5-10 years ago that their decision to violate another countries soverignity and international law will bite them in the ass down the line. And lo-and-behold, here we are.
I don't mind that the US does all the above, big groups have violated little ones for as long as we've had tribal organisations. It is just the irks me when ones citizens are blinded by their own nationalism.
When speaking about the very banks that helped cause the global financial meltdown of 2008, I seriously doubt any attack could ever pose a larger threat than the insider threat that runs Too Big To Fail.
We work with JPMorgan. We host hundreds of terabytes of sensitive data for them.
They take information security more seriously than any other organization that we work with, and we work with a number of Fortune 50 corporations, tech companies, and the United States government.
If they are getting hacked, it is not due to a lack of effort or competence on the part of their risk management and security teams. All of the common complaints that get voiced here about companies not taking security seriously, about companies not spending money on security, about PHBs not getting security, are not applicable to JPMorgan. Those people get it. I do not say that lightly. There are plenty of equally large financial institutions and organizations with similar amounts of resources who do not spend even a quarter of the effort on securing their data that JPMorgan does.
As a client, they are a serious pain the ass to work with. But at the end of the day, their security controls and risk management processes are heavily weighted towards security at all costs, ease of use / access be damned.
Still puzzled over this supposed association of sophistication and state sponsored. I don't even remember when I last saw any government do anything that was all that smart.
Like the virus that attacked Iran's nuclear centrifuge?
Just a Tuna in the Sea of Life
In the US it should read: "I am 280kg and have severely clogged arteries, which begs the question: why have I not bought a mobility scooter ?"
We haven't quite caught up with the rest of the world and switched to metric units. So instead of 280kg, it's 617 lbs.</pedant>