- CyberCrime Center
August 28, 2014
Was It for Money? Industrial Espionage? A Response to Sanctions? State-Sponsored or Plain Criminal? Is Russia Involved? Or Iran?
While a myriad of unanswered questions hang in the air, one thing is certain. Whoever did it made off with gigabytes of data including checking and savings account information at four or more banks. The attacks were coordinated and highly sophisticated.
In her nytimes.com story, Nicole Perlroth taps a number of her sources, including four people who are familiar with the investigation, to discover who might be responsible, the reason for the attacks and how the attacks were carried out. The following has been excerpted from Perlroth’s piece and edited to fit our format. You may find her full article by clicking on this link.
The FBI is involved in the investigation, and in the past few weeks a number of security firms have been brought in to conduct forensic studies of the penetrated computer networks.
[To date] JPMorgan Chase has not seen any increased fraud levels, one person familiar with the situation said.
The intrusions were first reported by Bloomberg, which indicated that they were the work of Russian hackers. But security experts and government officials said they had not yet made that conclusion.
Earlier this year…a security firm in Dallas …warned companies that they should be prepared for cyberattacks from Russia in retaliation for Western economic sanctions.
But [security expert] Adam Meyers…said that it would be “premature” to suggest the attacks were motivated by sanctions.
A bit of Russians history
Russian hackers began a month-long online assault on Estonia in 2007 that nearly crippled the Baltic nation, after Estonian government workers moved a Soviet-era war memorial from the Estonian capital.
Still, security experts say that the stealthy nature of the recent attacks suggests that their motivation was not political. The American banking sector has been a frequent target for hackers over the past few years, with the vast majority of attacks motivated by financial theft.
But not all of them. Over the past two years, banks have been targeted in a series of politically motivated attacks from Iran, in which a group of Iranian hackers flooded United States banking sites with so much online traffic — a method called a distributed denial of service, or DDoS, attack — that the websites slowed or intermittently collapsed under the load.
Hackers who took credit for those attacks said they went after the banks in retaliation for an anti-Islam video that mocked the Prophet Muhammad, and pledged to continue the attacks until the video was removed from the Internet.
American intelligence officials said the group was actually a cover for the Iranian government. Officials claimed Iran was waging the attacks in retaliation for Western economic sanctions and for a series of attacks on its own systems.
Unlike like the attacks traced to Iran, the recent hacks against the American banks were not intended to disrupt the bank’s services but appeared to be part of a financial or intelligence-gathering effort, three people briefed on the investigations said.
Stealing business intelligence?
Mr. Meyers…said hackers could have been after account information, or even intelligence about a potential merger or acquisition. Security experts said the hackers chose to pursue account information, not disruption, which is the earmark of state-sponsored attacks.
Banks are also frequent targets for intelligence agencies looking to collect information about their targets. In 2012, Russian security researchers uncovered a computer virus on 2,500 computers, many of them inside major Lebanese banks, including the Bank of Beirut, Blom Bank, Byblos Bank and Credit Libanais. The virus was specifically intended to steal customers’ login credentials to their bank accounts.
The researchers believed the computer virus was state-sponsored and said they had found evidence it had been created by the same programmers who created Flame and Stuxnet, two computer viruses that officials have said were unleashed by the United States and Israel to spy on computers inside Iran.
ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.
ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.
The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.
Posted by Dan Rampe
Tags: Account Takeover, Account Takeover Fraud, Bank Fraud, Botnets, Building Trust on the Internet, CNP fraud, Context-Based Authentication, Cookieless Device Identification, Cookies, Credit Card Fraud, Cyber attacks, Data Breach, Device Detection, Device Identification, Fraud Prevention, Hacking, Identity Spoofing, Identity theft, Malware, Malware Detection, Malware Protection, Man-in-the-Browser Detection, MitB, Mobile fraud, Online Fraud, Phishing, Phishing Detection, PII, ThreatMetrix, ThreatMetrix Cybercrime Index, ThreatMetrix Global Trust Intelligence Network, ThreatMetrix Web Fraud Map, Trust Tags, TrustDefender Cybercrime Protection Platform, Web Fraud