Business

JPMorgan, four unnamed US banks hit in hack attack

By
Social Links for Kevin Dugan
Published Aug. 28, 2014, 12:15 a.m. ET

The FBI is investigating a significant computer hack attack on JPMorgan Chase and four other US banks, according to reports.

While the extent and the timing of the attack isn’t precisely known, the evidence gathered by federal agents so far indicates the hackers were able to make a significant foray into JP Morgan’s computer system, people familiar with the investigation told the Wall Street Journal.

A separate report, from Bloomberg News, based on interviews with two people close to the probe, said the FBI was looking into the possibility that the hackers were based in Russia.

It was not known if the hack was done on the part on individuals or was state-sponsored.

Some investigators believe the sophistication of the attack and technical indicators retrieved from the probe point to some government link, Bloomberg reported.

The attacks, which are being probed by the FBI and the National Security Agency, according to some reports, are seen as retaliation against US sanctions, first imposed in March, on Russian imports.

Those US sanctions came in response to Russia’s invasion of Ukraine and the annexation of part of its former client state.

The breach affects gigabytes worth of data, including data on executives, according to Bloomberg News, which first reported the hack.

The precise focus of the attack or what was lost could not immediately be learned.

JPMorgan isn’t acknowledging the attack, and a spokesman for the FBI didn’t return a message seeking comment.

“Companies of our size unfortunately experience cyber attacks nearly every day,” said Trish Wexler, a JPMorgan spokeswoman. “We have multiple layers of defense to counteract any threats and constantly monitor fraud levels.”

Hackers reportedly found a previously undisclosed weakness in JPMorgan’s security code, a so-called zero-day vulnerability, and were able to access multiple parts of the bank’s systems.

“The authorities here believe that Russia is a hotbed [of hacking] and they trace back some very sophisticated attacks to Russia,” said Roy Hadley Jr., a partner and cybersecurity expert at the law firm Thompson Hine.

Hadley added that financial institutions don’t often announce cyber attacks, although they are sometimes discussed among data-security professionals. “In general, it’s more common than people think or know about.”

The names of the other banks hit in the hack attack could not be learned.