14 DAY TRIAL // There has been speculation about the Russian government directing the cyber-attack against JPMorgan Chase this summer, but the FBI denied any indication that the country was involved in the incident, although the possibility has not been ruled out completely.
Initially, officials in the investigation told reporters that the suspected reason of the attack was retaliation from the Eastern European country as a result of the sanctions it faced from the Western government because of the conflict in Ukraine.
FBI has a different theory, does not confirm government involvement
There was no proof at that moment, nor is it now, to support this kind of allegations. However, clues have been found, pointing that the attackers are of Russian origin and have at least some vague connections to government officials.
At an event hosted on Monday by the Financial Services Roundtable (FSR), FBI Cyber Division Assistant Director Joseph M. Demarest told Washington Post that the intruders may do some work for the Government, but they also carry out criminal activities on their own.
“They may be working as criminals by evening or dark of night and then during the day they’re working on behalf of some government,” he told the Washington Post.
This would explain the complexity of the intrusion, which exploited a zero-day vulnerability and has been found to have lasted for two months before being detected, making it appear a state-sponsored job.
The FBI Assistant Director said that it was still early to determine without any doubt who was behind the attack, and that discovering this information takes time, international partners being engaged in the investigative efforts, too.
Details of the breach are astounding
In late August, news about JPMorgan Chase’s network being hacked made the rounds on the Internet, more details being revealed as the investigation progressed.
In a Securities and Exchange Commission (SEC) regulatory filing, the financial institution disclosed that the amount of affected customers was 83 million, most of them (76 million) being households.
Investigation details leaked to the press inform that the cybercriminals managed to access data on more than 90 servers, in some cases, information about the type of customer account (business or mortgage) being exposed.
Furthermore, it appears that customer personal information like names, addresses, phone numbers, and email addresses was exfiltrated, along with a list of applications and programs installed on standard JPMorgan computers. However, the databases containing financial information remained untouched, according to the company.
This is particularly important to note because the digital assets need to be replaced, an operation that takes both time and effort; but it needs to be done before the cybercriminals find vulnerabilities and leverage them to gain access to the systems.