Have Russians Hackers Hit U.S. Banks?

JP Morgan Chase Building

Photo courtesy of Fair Housing Florida

Have Russian Hackers Hit U.S. Banks?
| published August 28, 2014 |

By Thursday Review staff


Heavy sanctions against Russia have put the squeeze on the Russian economy, but as the events of the last few days have shown, those measures have had little impact on Russian President Vladimir Putin’s impulse to use military force to push back against recent Ukrainian Army gains in eastern Ukraine.

Those sanctions have been steadily intensifying, and many of the harshest measures have been reserved for Putin’s closest political allies—a cadre of billionaires with major interests in oil and gas, publishing and media, and banking and finance. Moscow has retaliated with its own sanctions, including bans on U.S. and European products, and freezes of the assets of companies based in countries supporting economic moves against Russia. The war of sanctions and counter-sanctions continues to escalate, and there is a fear that an-all-out Russian embargo of oil and gas could trigger serious market disruptions this winter, when many EU nations see their reserves run out.

But what measures does the Kremlin have that will truly hit the United States in retaliation?

For one, Russia has the world’s most active hacker community, and its cyber-criminals have a long track record of success when it comes to the theft of financial data and cash.

The FBI is now investigating what it believes may be the biggest banking security breach in recent years—an attack by cyber-criminals on at least seven major U.S. banks and financial institutions, including the venerable JP Morgan Chase, one of the largest banks in the world. Besides the FBI probe—and a similar probe by the U.S. Secret Service, which is just getting starting—JP Morgan has also launched its own internal investigation into the breach. Major media outlets and news agencies are reporting that sources inside the agencies investigating the incident say that at least six other banks may have been hit by the same type of attack, and CNN has reported the number of banks affected could be as high as 12.

The investigation within JP Morgan began after its own tech people found malicious software embedded in its network of servers and computer workstations. Though not confirmed by JP Morgan or the FBI, the cyber-attacks do not appear to be related to other recent forms of attack, such as the Heartbleed vulnerability or the recent retail bug, BackOff. The attacks, several sources say, appear to have been custom crafted by Russian hackers—or hackers using Russian-style codes. The cyber-attacks also appear to have been developed and executed very recently, indicating that authorship of the breach may very well have happened after initial sanctions were imposed against Russia for its meddling in the Ukraine.

This worries management at some U.S. financial institutions and some within the U.S. cyber-security community: Russian hackers, often extremely effective at their trade, may have been covertly recruited by Moscow or by Putin allies to disrupt the U.S. banking system and shift troves of American cash east into bank accounts in Russia.

Officially, neither the FBI nor the Secret Service were commenting on the attack, though sources within both agencies confirmed that they were looking into the allegations and would have more to report on the subject later this week or over the weekend. The FBI would only go as far to confirm that it was investigating “recently reported cyberattacks against several American financial institutions.”

Some security analysts have suggested a link between the latest U.S. cyber-attacks and similar breaches of European banks in July. Sources who spoke to Bloomberg have said that there may be a link to the recent EU attacks, and the New York Times has reported that several private security firms had been hired by banks to investigate the complete nature of the attacks.

Reportedly the data stolen included account names, account numbers, and the balances of checking and savings accounts. Though JP Morgan has neither confirmed nor denied that money may have been stolen, some security experts suggest that gaining access to quick cash is an obvious motivation. But the recent attacks may have also been politically motivated, and analysts say that they will not be surprised if we learn at some later point that Moscow gave tacit or backdoor approval for the hackers to engage in bank disruption, if for no other reason than to affect retribution against the United States for its encouragement of sanctions against Russia for its actions in the Ukraine.

Related Thursday Review articles:

China’s Heartbleed Hospital Hack; Thursday Review staff; Thursday Review; August 21, 2014.

New Retail Cyber-Threat: Back-Off; Thursday Review staff; Thursday Review; August 2, 2014.