If the purpose of a hacker is to steal money, then going after a big bank seems somewhat obvious. According to reports in the The New York Times and Bloomberg, JPMorgan Chase was the target of attackers. Both media outlets cite unnamed sources familiar with the matter in their reports.
JPMorgan Chase did not respond to a request for comment from eWEEK by press time.
According to the reports, the Federal Bureau of Investigation (FBI) is investigating the matter and has engaged in a forensic audit to examine the potential risk and exposure from the alleged attack. The New York Times report claims that attackers “stole checking and savings account information from clients.”
A report on Bloomberg claims that “gigabytes of sensitive data” was stolen in the attack. The same report also claims that an unidentified zero-day vulnerability was the path to exploitation.
In terms of attribution, Bloomberg’s source points the finger squarely at Russia. The United States has been engaged in a diplomatic war on words with Russia and has levied economic sanctions in response to Russia’s incursions into Ukraine.
While the early attribution is being attached to Russia, some security experts think it’s too early to identify where the attack might have come from. In an email to eWEEK, Bob Stratton, general partner of cyber-security accelerator MACH37, said he thinks it will take time to forensically identify the source of the attack.
“The trickiest part of defending networks in the modern age is determining the actual rather than the apparent source of an attack,” Stratton said. “While undoubtedly frustrating to those trying to cover the story in the present moment, network attacks, like airplane crashes, can take awhile for proper investigation and attribution.”
Vinnie Liu, partner at security consultancy Bishop Fox, agreed that attribution for Internet attacks can be a hard problem. Liu noted that it wouldn’t be out of the question for hackers to use the political turmoil as a cover for part of a false flag operation.
While the attribution is not an easy question to answer, the motivation for attacking a U.S. bank is.
“Financial institutions are attacked because they’re attractive, high profile targets for political messages,” Liu said in an email to eWEEK. “They represent in many ways the economic power, financial stability, and global standing of the U.S. itself.”
Looking beyond attribution and motivation, it’s important to remember that at the core of the attack is customer information. Lucas Zaichowski, Enterprise Defense Architect at AccessData, noted that in any breach where customer information is affected, transparency and regular communications are very important for rebuilding trust.
“It’s very likely JPMorgan Chase doesn’t know the extent of the breach and many important questions can’t be answered until the forensic investigation is complete,” Zaichowski said in an email to eWEEK. “I’d encourage them to maintain a communications page with definitive updates as progress is made.”
Zaichowski adds that currently very little has been disclosed about the breach beyond the reports that have noted that gigabytes of data were stolen. He said it will be interesting to find out if anything was stolen that doesn’t require disclosure by law but that affects shareholder value.
Trust is a big issue in any data breach. Online auction site eBay revealed that its systems had been breached in May, though no actual customer financial information was lost. In July, the company attributed a decline in operating margin and overall site activity to the breach.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.