The hackers operated far above the level typical for independent cyber criminals. Hackers used a never before seen malware to exploit a flaw in Chase’s software system, called zero-day vulnerability. Once in, they dug through layers of elaborate security to pilfer information. The hackers were able to delete and manipulate bank records, downloading sensitive information from the files of bank employees, executives, and it’s speculated, customers as well.
According to Wall Street Journal findings, “Sophistication of the attack and technical indicators extracted from the banks’ computers provide some evidence of a government link.” That link leads right to Russia, and several law enforcement and security agencies foreign and domestic are investigating whether recent cyber attacks on European financial situations also were part of the coordinated attack.
The FBI is looking into whether this was Russia’s way of retaliating for recent sanctions imposed by the US government and its allies. JPMorgan Chase was particularly criticized by Moscow for blocking a payment form a Russian embassy to the affiliate of a U.S.-sanctioned bank. That stoked the fires of Russian animosity and led that country’s foreign ministry to call JPMorgan, “illegal and absurd.” U.S. Sanctions came as part of the world’s response when Russian troops amassed at the Ukrainian border, signaling an invasion.
How far might the data breaches spread? It’s reported that the same cyber attacks that hoodwinked JPMorgan Chase also tried to infiltrate other financial institutions, though the extent is not clear and no smoking gun has been found. U.S. Federal officials reportedly inquired among several other banks and financial institutions to check if they’d seen similar cyber attacks. An “undisclosed number” of institutions responded that they had seen traffic from computer addresses tied to the breach. In addition to the Feds, the FBI and National Security Agency are involved in the investigation.
Cyber attacks on private banking institutions are not unprecedented – in 2012 and again in 2013, the U.S. government identified Iran as the perpetrator of bank website hacks. Even the Russians have done this before, when they utilized hackers to crash Estonia and Georgia’s communications systems and government websites during a conflict.
It’s advised that you be wary of anyone contacting you pretending to be you’re a bank, whether it’s by phone or email. Usually, they’ll fish for more information like social security numbers, passwords, etc. by asking you to verify your account for security purposes. Hackers even connect with you via social media like Facebook or LinkedIn to try and get your personal data. It’s advised you don’t change your password or login information now because activity may be monitored. But you should check your bank records on a regular basis. Cyber thieves usually start with a few very small transactions of only a few pennies as they avoid bigger charges to evade detections. If you have a personal bank account with Chase, you’re insured against loss if a cyber attack or hacker does infiltrate your bank account. However, business accounts are NOT insured or protected, so if you are a small business owner or do corporate banking with Chase, go into a branch to clarify your position immediately.
Thinking about changing banks to ensure your safety? There’s bad news and worse news on that front. It seems that all big banks and financial institutions are the target of frequent cyber attacks. According to JPMorgan spokesperson Patricia Wexler, “Companies of our size unfortunately experience cyber attacks nearly every day. We have multiple, layers of defense to counteract any threats and constantly monitor fraud levels.” And if you’re thinking of switching to a smaller bank or credit union, they may not be subject to as many cyber attacks but they also don’t have the sophisticated defenses in place to protect their customers.
“You’re exposed everywhere anyway,” says Kate Carruthers, an IT specialist for more than a decade with major Australian, New Zealand and U.S. banks. “If people knew how these systems are handled and how clunky they are, they wouldn’t use banks,” she said. “But the reality is, they have to. They don’t have a choice.”