Slashdot Mirror
JP Morgan Chase Breach: Shades of a Cyber Cold War?
TheRealHocusLocus writes: The New York Times is quoting "people briefed on the matter" who allege that the JP Morgan data thieves "are thought to be operating from Russia and appear to have at least loose connections with officials of the Russian government." The article suggests it could be retaliation for sanctions. Personally, I'm skeptical — I've seen the former Soviet Union evolve into an amazingly diverse culture that is well represented on the Internet. This culture has grown alongside our own and runs the gamut of characters: tirelessly brilliant open source software developers, lots of regular folk, and yes — even groups affiliated with organized crime syndicates. This is no surprise, and these exist in the U.S. too. Are we ready to go full-political on this computer security issue, worrying more about who did it than how to protect against it in the future? How do you Slashdotters feel about these growing "tensions," and what can we do to help bring some reason to the table?
The article also notes that the same group responsible for the breach at JP Morgan Chase was responsible for attacks on 9 other financial institutions.
...in love and war.
Politics; n. : A religion whereby man is god.
no
Just as most other organizations that have been hacked and made public, I'm sure they (JP Morgan Chase and associated entities) would love to blame this on some "advanced", "state sponsored", or other threat they claim was unrealistic to defend against. They will claim they spend a lot of time and money, and they still got hacked. In reality, they simply use the "time and money" as as plausible deniability. They are making so much money off their "customers", they could care less about security. It's all about dodging responsibility when something happens.
I think someone doesn't know the definition of "Cold war"
Given that this story is about an actual attack, that would lead me to believe this is a "hot" war.
appear to have at least loose connections with officials of the Russian government.
I thought any important criminal gang in Russia had much more than "loose connections with the gorvernment.
How long before we see corporations forming hacking groups off shore dedicated to destroying competition by breaching security and causing chaos? Causing chaos to a competitor is one way to steer profits towards a companies cash registers. Can't you see Burger King trying to wipe out McDonalds?
http://www.bloomberg.com/news/...
tl;dr: People think it'll happen at other banks anyway, plus it costs money to change banks, thus they don't care enough and stick with Chase (JP Morgan).
And, naturally, how does the stock market react to that? "The bankâ(TM)s shares climbed 2.5 percent to $60.30"
Start making people care that a company they do business with has been hacked, maybe then people will actually bother to worry about motives.
No.
From the article:
"But much remains unanswered about the intrusion, including just who the hackers are, which other financial institutions were hit and why the hackers went down a path inside JPMorganâ(TM)s computer system that contained troves of customer information, but not financial data."
They have no motive, no indication of who, or why they did what they did. I agree with posters saying that it's officials throwing out a red herring to get everyone worked up over Russia instead of poor security.
If this turns out to be provably true then an easy solution would be to boot Russia from the swift system for a few weeks. That would basically mean that no international transactions could take place large or small. Or if they wanted to make it interesting they could restrict swift transactions to minor amounts so that the very richest would be impacted while the average Russian would feel a lesser impact.
But large food importers and whatnot would be massively impacted.
But before this can be done Europe needs to find an alternative to Russian Gas. But when Europe does then they won't tolerate Russian shenanigans for 1 second.
The key is that any retaliation needs to hit those around Putin who can change their mind about his being in power. The average Russian on the street will choose Putin over the West nearly 100% of the time.
yeah, um, nope.
Try again, typical US university professor.
Spot on comment. TFA also fails to name the 10 financial firms that were allegedly attacked. The New York Times seems to be rapidly morphing into a US version of Russia Today. If there's any new cold war, it's clearly a propaganda war. And guess what? I don't give a flying fuck.
Posting to undo moderation mistake.
Secure your fucking networks or get off the internet.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Wouldn't "attacking" JP Morgan basically be doing the US a favor?
Very much like the utterly unsubstantiated claims that Russia had something to do with the shooting down of MH17. John Kerry said that there was a mountain of evidence, but so far not a single shred of evidence has been published by the US government. The Russians released a good deal of hard evidence, including radar traces and the locations of known BUK units. Basically, MH17 was shot down either by cannon fire from one or more fighters, or by a BUK SAM. The only fighters in the air that day were Ukrainian government planes, and while the rebels may have captured a BUK unit, it had no radar. However the Ukrainian military units near Donetsk had at least three BUK units, complete with radar and trained crews - one of which was in exactly the right place to have shot down MH17, given where it came down.
So the Western media were flooded with "stenographic" reports and opinion echoing US government statements (almost word for word) and without any skepticism or investigative journalism. Although there has still been no evidence produced to incriminate Russia or the Ukrainian rebels, virtually all Westerners have been so heavily and repeatedly brainwashed with the certainty that Russia was responsible that they think they "know" it.
Perhaps the recently revealed large and widespread payments made by the CIA to American media (and others) in return for the printing of CIA-written propaganda helps to explain many of these odd situations. And media corporations are all the more disposed to go along with the scam because their circulations are shrinking and they laying off journalists and editors left, right and centre. It's a double win: money for nothing, and masses of copy that has been written elsewhere. The only losers are any remaining readers who are foolish enough to believe what they read in the newspapers and what they hear on radio and TV.
I am sure that there are many other solipsists out there.
Hackers movie quote "This is our world now. The world of the electron and the switch" I think at some point nearly everthing will get "hacked"... we can cry about it or we can make things less fun. Hackers movie quote "There is no right and wrong. There's only fun and boring." We need treaties to ensure those commiting crimes can be prosecuted across borders with long boring sentences. Hackers movie quote "Kid, don't threaten me. There are worse things than death, and uh, I can do all of them." For the love of god why is our ssn a national identifier and the unchangable password to our finances!
"People briefed on the matter" generally equals "deliberate leak, to move public opinion or at least test the waters."
Help save the critically endangered Blue Iguana
China is a critical trade partner, so we tolerate a certain amount of this kind of thing from them. But Russia? We're already breaking the back of their economy with sanctions. Do they really want to get into it with us electronically? While I despise what the NSA has done to Americans, I would quite enjoy seeing them systematically dismantle every bit of Russia's modern infrastructure while the Russians make every futile attempt to stop them.
The US sticks its nose where it doesn't belong mostly out of poorly considered good intentions. Russia's decided to go beat the Hell out of their smaller and weaker neighbors so they can feel better about themselves. They should really think twice about poking the US while they're doing that.
Sounds like one of many smears to come up prior to some sort of "intervention" in Russia or just the usual "he said she said" crap our (and other) government/s are famous for.
"If any question why we died, Tell them because our fathers lied."
When the leader of your country is connected to the mafia, declares himself leader and starts taking over other countries this is very much different from a country that has democratic elections and holds freedom as an ideal. I'm sure there are great people in Russia, but it is no united states.
What makes these things hard to analyze is the difference between state-sponsored and state-tolerated, a distinction lost to most journos. State-sponsored says you get a budget and tasking from a government. State-tolerated is like privateering: you're on your own, keep any profits you earn, make sure your attacks are consistent with government policy, if you come across anything the government might find interesting pass it along, and if you attack a site inside your own country the government will hunt you down and shoot you. State-tolerated attacks reap all the benefits of state-sponsored ones with none of the risks; no nasty "acts of war" or justification for kinetic response. Even if the victim tracks down the perps all the local government has to say is "oh, yeah, we were just about to raid that place," frame some dissident for the crime, and go back to business as usual. Win-win for everybody but the targets.
They don't really want security - that's just secondary to features and schedule at most companies I have worked for. Not surprising though considering how many managers were the dumbest-coder yes-men that mostly get into the positions of authority and then just expect their retardnessness is the "right-way" to do things. More software developers I talk with (than not) just do manual testing of their code and are confused by what automated unit testing even is. It's pathetic. And forget about such qualities as ACID.
"It's unnecessary". "It's not likely to really be a problem" . "It doesn't have to be perfect". "That's over-engineering". These are the kinds of excuses manager types use to justify the crappy software security/quality that is out there that I've heard.
I need to find a new line of work - like becoming a cracker.
And system administrators have to stop acting like implementing security is a bad idea, shouldn't happen, and won't work. You can argue that 'the business' always comes first no matter what. However that doesn't work if 'the business' puts security at risk. If your business is cloned by a foreign competitor your screwed, if your bank accounts drained your screwed, if you really think 'the business' always comes first your wrong. It highly depends on what the risks from being comprised are.
I'm the CEO of a small technology company and I get that security is hard. Hell- I'm not even living up to my own high standards. However its hard to do that when *nobody* else is. Despite that I'm trying to put security first during our web site revamp (the most critical aspect of this company, if our security is hosed in a slow planned manor we'll never recover).
One good example is the 'security' systems (two factor authentication) aren't even well thought out and are done such to be 'cheap' rather than effective. This will only stop the bottom feeders temporarily. It won't stop Russian organized crime from doing live intercepts via botnets to gain access to bank accounts and once the tools are sold to typical criminals the entire system is back in the hands of the criminals. I have nothing against the criminals, and considering that I'm the *primary victim* (100% of the shares, business owner here) when fraud happens I'm in a position where I should be more pissed than anyone (and it happens too often).
But I'm not because the problem isn't the criminals. It's the lack of security and enablement by critical institutions (government and corporate). What I have a problem with is visa, master card, american express, the banks, and the government. They are not implementing the systems we actually need.
1. True security, not halfway crap 'wireless WEP/WPA/WPA2', if your bank's site gets 'hacked' and a known vulnerability w patch exists at the time, then the bank should be shut down, assets seized, etc, none of this proprietary bull shit either. All defaults should be set to off or specifically added to a white list after approval only (on the client side, things like macros, etc).
2. The systems should be built on hardware that there is source code for and audited. BIOS, firmware components, etc. Right now this doesn't even really exist unless we're talking about *a consumer router* or two. Some individual components may qualify as being pretty close to 100% free software friendly and source code available though.
3. Calling a cell phone for authentication is NOT a security measure. It's merely a nuisance for the customer (particularly when the cookies make it such you can steal them and never actually have to authenticate via phone anyway). We need something closer to secure ID /w password (on the secure ID token itself). This would prevent the ability of a middle-man (or make it much more difficult) because the identification number revealed by the token to authenticate can only be used once and you can be confident that the person involved in accessing it did authorize it. Now it won't prevent some attacks where the system is compromised, but you can thwart unauthorized wire transfers by adding a screen that shows information to a wire transfer such that the user has to approve it on the device itself. This way the attacker could not simply show the user a different set of data than the one he authorized by entering the token number during authentication.
Perhaps the recently revealed large and widespread payments made by the CIA to American media
Citation please.
A whole host of white people with slightly differing internet usage patterns constitutes "diversity." No wonder I so strongly disagree with it. I always thought it was community-destroying forced integration.
Agreed.
Don't forget, few months ago it was all the rage that the Red Chinese were going to infiltrate every system in America. Remember? Telecommunication contracts were even canceled on grounds of "national security" because the "evil Chinese" have malware baked in silicon.
Of course, that does not matter anymore. Now it's all about the Ruskies.
Proof? Motive? Who cares! Russians flexed their muscle to keep strategically important areas under Russian influence. Imagine if Canada wanted to join Russian Federation tomorrow - surely, the friendly Americans would make sure that such a thing would not have happened, no matter the cost.
It's pretty sad world politicians always seem to need some perpetual war. Soviet Union? Terrists? Libya? Iraq? Putin? There are always resources for bullshit like that, but actual positive stuff? That's boring. Who needs healthcare, science or environment. Cut that shit. Need a manufactured crises instead!
"Citation please".
That's an easy game to play, isn't it? Tell you what: first, since it was mentioned first, YOU give ME a citation for some hard evidence substantiating the claim of Russian involvement in the J.P. Morgan affair.
And if you want a citation for the CIA allegations, Google is your friend.
I am sure that there are many other solipsists out there.
So now we are in "cyber war" with Russia. A few weeks ago it was China, is China our friend now ? I need a scorecard. This "cyber war" stuff is getting too much, if you fine companies 10000 real dollars per account compromised and the company must fully disclose to the public exactly what happened, you can bet these issues it will be fixed in no time.
Although I did go to the CIA Web site and searched for "propaganda media". This is what I saw next:
Search is Temporarily Unavailable
Search is temporarily unavailable. We apologize for the inconvenience. Please try again later.
Posted: Aug 27, 2012 04:31 PM
Last Updated: Aug 27, 2012 04:31 PM
I am sure that there are many other solipsists out there.
I've seen the former Soviet Union evolve into an amazingly diverse culture that is well represented on the Internet. This culture has grown alongside our own and runs the gamut of characters: tirelessly brilliant open source software developers, lots of regular folk
But no pooftahs.
systemd is Roko's Basilisk.
Hurr durr, someone hacked us and exposed our incompetence. Let's blame Russia so the masses don't take it out on us.
Fail, fail and more fail. The press, three letter agencies and especially the congress critters love to a) inflate the threat and b) give attribution when none is possible. This book is extensively researched and has footnotes out the ying-yang. Bottom line is attribution at a level where one can say "these guys did it" is rare and even saying "probably did it" is difficult. And beware that many of the players involved have multiple objectives and even relationships with each other (when convenient).
. . . after all, JPMorgan Chase (Chase) is the largest criminal organization in America today, and together with Goldman Sachs, they effectively run and control the US Department of the Treasury, while existing as the major forces of the Federal Reserve Bank. If the Russian mob was attacking the American mob, it is really about the mobs, now isn't it?
The war mongering Randolph Hearst of the new century, and the old one.
“He’s not deformed, he’s just drunk!”
Hi,
Gee weren't the Russians our best buddies during the recent Olympics?
Why don't we secure our networks from the people who will exploit them (who will always exist), and work on understanding between people rather than trying to "retaliate" against countries? What exactly are we retaliating against anyway?
War (cold, hot or political) is stupid.
that is s the nsa job and only against none merkins. Any one else committing such acts of war will be declared an act of war equivalent to using a wmd.. Or as Americans are so brave a tube of tooth paste.
I hate banks. So should you.
They also had a big smear campaign running against Huawei. Now we know it was their own fucking with Cisco devices and their owmn bad conscience leading to that smear campagin.
All we know is that both NSA and GCHQ are hacking into systems worldwide.
while the rebels may have captured a BUK unit, it had no radar.
Unless of course, the system actually had a radar contrary to your assertion. For example, they could have gotten a radar from their buddies in Russia and maybe a few trainers too. It's worth noting here that there weren't problems with airliners getting shot down by BUK SAMs until the rebels got a hold of one. Maybe they got framed, but maybe a poorly trained SAM crew killed 298 innocent people.
Then there's the interference with the crash site by the rebel side. You'd think they'd be more forthcoming, if they hadn't destroyed the plane.
Linus doesn't like black and white people.
Nonsense. If you are going to make hyperbolic and barely relevant comments about Ukraine in an article about J. P. Morgan, it is _your_ obligation to provide some evidence.
Never listen to JP Morgan Chase
In the past it was only third world countries that got savaged in the proxy wars between super powers, now it has become virtual and the web is increasingly the battle ground. The difference now is that we all become the refugees as our digital spaces are compromised and our consumer products exploited to allow the actors to attack each other indirectly. Meanwhile companies are not held accountable for how weak the security in their systems and products are, nor are we able to cover the damage as virtual goods are hard to insure.
which "rebel side"? you mean the fascist western backed coup d'état that overthrew a legitimate elected government and threw the country into civil war?
and you guys still speak of "cold" wars? lol.
just some reporter going on and on and on , heck i could change it and its space aliens that did ti...for all you know i did it using russian proxies
of course i didnt and watch th ensa edit this part out so im screenshooting it
cause your us govt is full a fucking assholes
Ok... if any of you guys didn't happened to notice... Russia is being blamed for everything computer related... and also remember how a few years ago it was always china... this stuff is so easy to see through it's pitiful... pay attention people
Russia has started the cold war all over again. Maybe Putin thinks they have a better chance this time. Western countries simply need to be willing to destroy the Russian economy with sanctions and to do so immediately. Putin thinks they are too weak to do this and it looks like he is right.
Russia shot down a civilian airliner (or Russian backed terrorists which were still probably serving Russian military...) and got away with it. If the world stands by as Russia murders their people, why would they are on a bit of hacking?
Going after criminals (in foreign countries) requires the cooperation of that government. Russian government (like the U.S.) is corrupt enough to impede any legitimate investigations. Especially when government officials are benefitting from the criminal activities. In the case of Russia, there is little incentive for Putin to cooperate.
"Those who can make you believe absurdities can make you commit atrocities." - Voltaire
I find it an odd chain of logic, that because the Russian netizens are a diverse bunch, then it excludes that
a crime syndicate with ties to persons in the Russian government are involved in some specific incident of hacking.
Both can easily be true at once.