The FBI said it is trying to determine if a cyber-attack carried out early August 2014 on US bank JP Morgan, and four other financial institutions was in retaliation for sanctions imposed on Russia by Europe and the US.
Reports from Bloomberg suggest that sensitive customer data was stolen as part of the breach.
Amichai Shulman, CTO Imperva, explains why no initial financial loss indicates this attack could be politically motivated. “None of the people commenting on the incident mentioned a direct financial loss, or a direct fraudulent financial activity by the attacker. Everyone is talking about grabbing sensitive information. I find it odd that someone who was actually able to break into a bank is not using it for making immediate profit. Two possibilities here: first is that there are missing pieces in the puzzle (i.e. we are not being told everything) and second is that these were indeed politically motivated hackers.”
Addressing the link to Russia as the origin of the hack, Shulman explained that this is not out of the norm. “Everyone is trying hard to tie this with the whole political situation with Russia. However, it is well known that for a few years now, a large portion of banking attacks and financially related hacking has consistently been coming from Eastern Europe.”
Philip Lieberman, CEO Lieberman Software said that this hack shows banks only prepared for criminal activity rather than nation state attacks. “The ability to overcome the typical financial defence-in-depth strategy outlined by JPMorgan points to capabilities that go beyond criminal activity and are in the realm of nation state capabilities. JPMorgan and similar entities employ sufficient technology to protect themselves from criminals, but typically fail to invest enough in technology and process to shield themselves from nation state’s ability to access their systems at will.
“Most of the financial services sector has little to no protection from nation state attacks and is not willing to spend the money to protect themselves, nor do they have senior leadership capable of redesigning their organizations for secure operation against nation states. The USA financial sector has much better security than other areas of the world by far, but without significant rethinking and redesign, it will struggle to survive against nation states.”
The FBI said it is “working with the United States Secret Service to determine the scope of recently reported cyber attacks against several American financial institutions.”