Hackers attack U.S. Banks

Russian hackers attacked the U.S. financial system in mid-August, infiltrating and stealing data from JPMorgan Chase & Co. (JPM) and at least one other bank, an incident the FBI is investigating as a possible retaliation for government-sponsored sanctions, according to two people familiar with the probe.

The attack resulted in the loss of gigabytes of sensitive data, said the people, who asked not to be identified because the probe is still preliminary. Authorities are investigating whether recent infiltrations of major European banks using a similar vulnerability are also linked to the attack, one of the people said.

Related:

• Graphic: Data Breaches in the U.S.
• Russian Hackers Said to Loot Gigabytes of Big Bank Data
• Heartbleed Hack Still a Threat Six Months After Discovery

In one case, the hackers used a software flaw known as a zero-day vulnerability in one of the banks’ websites. They then plowed through layers of elaborate security to steal the data, a feat security experts said appeared far beyond the capability of ordinary criminal hackers. The incidents occurred at a low point in relations between Russia and the West. Russian troops continue to mass on the Ukrainian border and the West tightens sanctions aimed at crippling Russian companies, including some of the country’s most important banks.

Government Link

The sophistication of the attack and technical indicators extracted from the banks’ computers provide some evidence of a government link. Still, the trail is muddy enough that investigators are considering the possibility that it’s cyber criminals from Russia or elsewhere in Eastern Europe. Other federal agencies, including the National Security Agency, are now aiding the investigation, a third person familiar with the probe said.

U.S. and European sanctions have altered the way that Western banks interact with Russian entities over the past few months, triggering the ire of Russian officials. In April, JPMorgan was singled out for criticism when it blocked a payment from a Russian embassy to the affiliate of a U.S.-sanctioned bank. Russia’s foreign ministry called the move by New York-based JPMorgan “illegal and absurd.” The U.S. bank was widely criticized by Russian commentators.

ISight Partners, a Dallas-based company that provides intelligence on cyber threats to some of the largest banks, recently warned clients of the potential for retaliatory attacks in cyberspace as Western sanctions tightened.

Russia has used such attacks before. In conflicts with Estonia and Georgia, hackers crashed those countries’ communications systems and government websites.

’Reactionary Attacks’

“Russia has a policy of reactionary attacks in relation to political contexts,” said John Hultquist, an iSight expert who would not confirm direct knowledge of the attack. “When it comes to countries outside their sphere of influence, those attacks would be more surreptitious.”

Any U.S. reaction may be muted, even if the government makes a direct link from the attacks to Russia, Lewis said. The threshold for a military response is either massive economic harm or potential loss of life, he said.

When the U.S. government tied hacks on bank websites in 2012 and 2013 to Iran, the White House determined the incidents didn’t reach that level. Instead, President Barack Obama’s administration tried to shut down the attack points in Europe and elsewhere, which was a lengthy process.

“You’ll see a continued effort to strengthen the defenses of the financial sector, but there is a general reluctance to do a tit-for-tat in cyberspace,” Lewis said.