Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

Who Hacked JPMorgan Chase; 4 Other Banks — and Why?

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

Was It for Money? Industrial Espionage? A Response to Sanctions? State-Sponsored or Plain Criminal? Is Russia Involved? Or Iran?

While a myriad of unanswered questions hang in the air, one thing is certain. Whoever did it made off with gigabytes of data including checking and savings account information at four or more banks. The attacks were coordinated and highly sophisticated.

In her story, Nicole Perlroth taps a number of her sources, including four people who are familiar with the investigation, to discover who might be responsible, the reason for the attacks and how the attacks were carried out. The following has been excerpted from Perlroth’s piece and edited to fit our format. You may find her full article by clicking on this link.

The FBI is involved in the investigation, and in the past few weeks a number of security firms have been brought in to conduct forensic studies of the penetrated computer networks.

[To date] JPMorgan Chase has not seen any increased fraud levels, one person familiar with the situation said.

The Russians?

The intrusions were first reported by Bloomberg, which indicated that they were the work of Russian hackers. But security experts and government officials said they had not yet made that conclusion.

Earlier this year…a security firm in Dallas …warned companies that they should be prepared for cyberattacks from Russia in retaliation for Western economic sanctions.

But [security expert] Adam Meyers…said that it would be “premature” to suggest the attacks were motivated by sanctions.

A bit of Russians history

Russian hackers began a month-long online assault on Estonia in 2007 that nearly crippled the Baltic nation, after Estonian government workers moved a Soviet-era war memorial from the Estonian capital.


Still, security experts say that the stealthy nature of the recent attacks suggests that their motivation was not political. The American banking sector has been a frequent target for hackers over the past few years, with the vast majority of attacks motivated by financial theft.


But not all of them. Over the past two years, banks have been targeted in a series of politically motivated attacks from Iran, in which a group of Iranian hackers flooded United States banking sites with so much online traffic — a method called a distributed denial of service, or DDoS, attack — that the websites slowed or intermittently collapsed under the load.

Hackers who took credit for those attacks said they went after the banks in retaliation for an anti-Islam video that mocked the Prophet Muhammad, and pledged to continue the attacks until the video was removed from the Internet.

American intelligence officials said the group was actually a cover for the Iranian government. Officials claimed Iran was waging the attacks in retaliation for Western economic sanctions and for a series of attacks on its own systems.

Unlike like the attacks traced to Iran, the recent hacks against the American banks were not intended to disrupt the bank’s services but appeared to be part of a financial or intelligence-gathering effort, three people briefed on the investigations said.

Stealing business intelligence?

Mr. Meyers…said hackers could have been after account information, or even intelligence about a potential merger or acquisition. Security experts said the hackers chose to pursue account information, not disruption, which is the earmark of state-sponsored attacks.

State sponsored?

Banks are also frequent targets for intelligence agencies looking to collect information about their targets. In 2012, Russian security researchers uncovered a computer virus on 2,500 computers, many of them inside major Lebanese banks, including the Bank of Beirut, Blom Bank, Byblos Bank and Credit Libanais. The virus was specifically intended to steal customers’ login credentials to their bank accounts.

The researchers believed the computer virus was state-sponsored and said they had found evidence it had been created by the same programmers who created Flame and Stuxnet, two computer viruses that officials have said were unleashed by the United States and Israel to spy on computers inside Iran.

By ThreatMetrix Posted