It isn’t easy being a big bank.
You may think it’s all lax regulation, fed subsidies, and beneficial policies, but just like celebrities and professional athletes, it isn’t easy being one of the chosen few.
Just ask Gwyneth Paltrow, who complained that it was harder for her to be away from her kids when she was filming a movie then it was for a “regular” working moms. Or Kobe Bryant and Lebron James constantly whining about seemingly everything, despite earning a collective $50 million a year between the two of them.
Then there’s JP Morgan. They’ve been sued, subpoenaed, fined over $2billion, ordered to tighten their security systems and now they have been hacked. Even worse, by vindictive Russians.
But it wasn’t just JP Morgan that the Russian hackers hit, but other banks. With sophisticated tools, the intruders reached deep into the bank’s infrastructure, silently siphoning off gigabytes of information, including customer-account data.
At least one of the banks has linked the breach to Russian state-sponsored hackers, said one of the people. The FBI is investigating whether the attack could have been in retaliation for U.S.-imposed sanctions on Russia, said the second person, who also asked not to be identified, citing the continuing investigation.
The incidents occurred at a low point in relations between the U.S. and Russia. Russian troops continue to mass on the Ukrainian border even after U.S. and European nations have hurt the Russian economy with sanctions. Russia has a history of using criminals and other proxies to hit back at adversaries in cyberspace.
“The way the Russians do it, to the extent we can see into the process, is they encourage certain targets,” said James Lewis, director of the Strategic Technologies Program at the Center for Strategic and International Studies in Washington. “The Russians typically keep open the options to do something more, and the question now is what would trigger that and what would our response be.”
Investigators have determined that the attacks were routed through computers in Latin America and other regions via servers used by Russian hackers, according to people familiar with the probe.
The hackers took advantage of a type of software flaw known as a zero-day in at least one of the bank’s websites, according to one of the people familiar with the investigation. They then plowed through layers of elaborate security to steal the data, which security specialists said appeared far beyond the capability of ordinary criminal hackers. Companies don’t know their systems have zero-day vulnerabilities, which hackers use to take remote command of a computer.
The sophistication of the attack and technical indicators extracted from the banks’ computers provide some evidence of a government link. Still, the trail is murky enough that cyber criminals from Russia or elsewhere in Eastern Europe could be behind the assaults. Other federal agencies, including the National Security Agency, are aiding the investigation, said another person familiar with the probe.
Attacks on the U.S. financial sector from Russia and Eastern Europe have jumped over the last several months, according to several cybersecurity experts. Companies and U.S. officials are examining the possibility that the uptick is related to the conflict over Russia’s behavior in Ukraine.
Authorities are looking for signs that the data stolen in the latest attack has been used to move money from accounts. No such activity had been spotted as of yesterday afternoon. The absence of fraud would lend support to the theory that the hack had a political motive, the government official said.
We haven’t heard the end of this story. More to follow.