Is JP Morgan Crying Cyberwolf about Russia? Or Is Mike Rogers?

There was a weird spate of reporting on the cyberthreat to banks last week. Normally, security firms (and occasionally really good tech journalists) report under their own name on such attacks — after all, they have businesses to run! But not the story — first reported by Bloomberg Wednesday evening – that Russia had attacked JP Morgan. At first, these reports appeared to be coming from FBI — given that the FBI investigation served as the lede of the story.

Russian hackers attacked the U.S. financial system in mid-August, infiltrating and stealing data from JPMorgan Chase & Co. (JPM) and at least one other bank, an incident the FBI is investigating as a possible retaliation for government-sponsored sanctions, according to two people familiar with the probe.

The attack resulted in the loss of gigabytes of sensitive data, said the people, who asked not to be identified because the probe is still preliminary.

But over the course of the story — and two more sources introduced with no description beyond that they had been briefed on the probe — the FBI officially gave no comment.

The sophistication of the attack and technical indicators extracted from the banks’ computers provide some evidence of a government link. Still, the trail is muddy enough that investigators are considering the possibility that it’s cyber criminals from Russia or elsewhere in Eastern Europe. Other federal agencies, including the National Security Agency, are now aiding the investigation, a third person familiar with the probe said.

[snip]

J. Peter Donald, an FBI spokesman in New York, declined to comment.

[snip]

In at least one of the attacks, the hackers grabbed sensitive data from the files of bank employees, including executives, according to a fourth person briefed on the probe, who, like the other individuals with knowledge of the matter, declined to divulge the name of victims other than JPMorgan. Some data related to customers may also have been accessed, the person said.

The NYT’s version of the story, published later on Wednesday, also cited a bunch of people described only as “briefed on the continuing investigation.”

A number of United States banks, including JPMorgan Chase and at least four others, were struck by hackers in a series of coordinated attacks this month, according to four people briefed on a continuing investigation into the crimes.

The hackers infiltrated the networks of the banks, siphoning off gigabytes of data, including checking and savings account information, in what security experts described as a sophisticated cyberattack.

The motivation and origin of the attacks are not yet clear, according to investigators. The F.B.I. is involved in the investigation, and in the past few weeks a number of security firms have been brought in to conduct forensic studies of the penetrated computer networks.

[snip]

According to two other people briefed on the matter, hackers infiltrated the computer networks of some banks and stole checking and savings account information from clients.

The NYT was able to get the FBI (as well as JP Morgan) on the record.

“Companies of our size unfortunately experience cyberattacks nearly every day,” said Patricia Wexler, a JPMorgan spokeswoman. “We have multiple layers of defense to counteract any threats and constantly monitor fraud levels.” Joshua Campbell, an F.B.I. spokesman, said the agency was working with the Secret Service to assess the full scope of attacks. “Combating cyberthreats and criminals remains a top priority for the United States government,” he said.

This article (published midday on Thursday) — which casts doubt on the seriousness of the attack — seems to suggest that JPMC leaked to the press, not the FBI.

“There are no credible threats posed to the financial services sector at this time,” [Financial Services Information Sharing and Analysis Center] said in an email to its members.

[snip]

JPMorgan had said early on Thursday that it was working with U.S. law enforcement authorities to investigate a possible cyber attack.

The bank provided little information about the suspected attack, declining to say whether it believed hackers had stolen any data or who might be responsible.

“Companies of our size unfortunately experience cyber attacks nearly every day. We have multiple layers of defense to counteract any threats and constantly monitor fraud levels,” it said in a statement.

The FBI had said late on Wednesday that it was looking into media reports on a spate of attacks on U.S. banks, raising concerns that the sector was under siege by sophisticated hackers.

Yet several cyber security experts said that they believe those concerns are overblown.

“Banks are getting attacked every single day. These comments from FS-ISAC and its members indicate that this is not a major new offensive,” said Dave Kennedy, chief executive officer of TrustedSEC LLC, whose clients include several large U.S. banks.

See this Time piece for more reasons why this is probably not the Russian hack it has been pitched as. And the WaPo — in their Wednesday report relying on “officials” — also cast doubt on the claimed motive for the attack, if it is Russia.

But even after the Reuters report casting doubt on the claims about the hack, Bloomberg continued its reporting — this time suggesting the attack began in June and ended several weeks ago, when previous report said it had started (and this time focusing on JP Morgan alone).

Hackers burrowed into the databanks of JPMorgan Chase & Co. and deftly dodged one of the world’s largest arrays of sophisticated detection systems for months.

The attack, an outline of which was provided by two people familiar with the firm’s investigation, started in June at the digital equivalent of JPMorgan’s front door, exploiting an overlooked flaw in one of the bank’s websites. From there, it quickly developed into any security team’s worst nightmare.

The hackers unleashed malicious programs that had been designed to penetrate the corporate network of JPMorgan — the largest U.S. bank, which had vowed two months before the attack began to spend a quarter-billion dollars a year on cybersecurity. With sophisticated tools, the intruders reached deep into the bank’s infrastructure, silently siphoning off gigabytes of information, including customer-account data, until mid-August.

[snip]

Evidence of advanced planning and the access to elaborate resources, as well as information provided by the FBI, led some members of the bank’s security team to tell outside consultants that they believed the hackers had been aided by the hidden hand of the Russian government, possibly as retribution for U.S.- imposed sanctions.

Bloomberg also made clear that Mike Rogers served as a source of some kind.

The Federal Bureau of Investigation and other agencies are working on the JPMorgan probe, and House Intelligence Committee Chairman Michael Rogers has been briefed on the bank attacks.

It was all very convenient, blaming Russia (even though investigators hadn’t confirmed that’s where the attack originated) for scary financial threats.

And then, after several days of all this, Bloomberg published this story, citing the gigabytes of data allegedly taken from JP Morgan, warning that we’re all going to have to bail out Jamie Dimon again.

A worst-case event that destroyed records, drained accounts and froze networks could hurt the economy on the scale of the terrorist attacks of Sept. 11, 2001. The government response, though, might be more akin to that following the 2008 credit meltdown, when the Federal Reserve invoked “unusual and exigent circumstances” to lend billions of dollars.

The government might have little choice but to step in after an attack large enough to threaten the financial system. Federal deposit insurance would apply only if a bank failed, not if hackers drained accounts. The banks would have to tap their reserves and then their private insurance, which wouldn’t be enough to cover all claims from a catastrophic event, DeMarco and other industry officials said.

[snip]

Discussions about the government’s role in cleaning up after a catastrophic cyber assault have centered on the Terrorism Risk Insurance Act, or TRIA.

[snip]

The insurance law, enacted after the 2001 attacks, authorizes the government to provide financial support for insurance companies in the wake of terrorism. It is up for renewal this year. Under TRIA, insurers cover a fixed amount of losses from terrorist attacks with the government backstopping additional costs up to $100 billion. The law gives the Treasury secretary broad latitude to invoke the backstop.

In private meetings, Treasury officials have told insurance industry lobbyists that the department would treat cyber-terror like a physical attack under TRIA, said the people involved with the talks, who spoke on condition of anonymity because the discussions were private.

There has been a whole lot of fearmongering over this attack, which insiders doubt happened as billed and/or as attributed to Russia.

But if something like it does happen — gigabytes! — you can be sure Jamie Dimon will stiff us with the bill.

Tweet about this on Twitter0Share on Reddit0Share on Facebook0Google+3Email to someone

11 Responses to Is JP Morgan Crying Cyberwolf about Russia? Or Is Mike Rogers?

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
Emptywheel Twitterverse
emptywheel @charlie_savage Point being that 302s have a well-documented history of being ... incomplete. @joshgerstein @Krhawkins5
8mreplyretweetfavorite
JimWhiteGNV It's been Halloween every day for four years with Scottdemort as governor of Florida. http://t.co/WsNNtsDkuv
9mreplyretweetfavorite
emptywheel @charlie_savage & frankly, CIA claiming FBI records inaccurate might make me sympathetic to CIA. @joshgerstein @Krhawkins5
10mreplyretweetfavorite
emptywheel @charlie_savage I only half joke, bc I could imagine getting 302s that contradicted cables that SSCI has. @joshgerstein @Krhawkins5
11mreplyretweetfavorite
emptywheel @charlie_savage You know of FBI that tapes intevws for 302s? Cause THAT FBI, that would amount to oral history @joshgerstein @Krhawkins5
12mreplyretweetfavorite
JimWhiteGNV Adam Weinstein: Stop saying Crist and Scott are both awful: Scott wins that contest by a mile http://t.co/9nDLtNFxxH
12mreplyretweetfavorite
emptywheel @ddayen Postal colleges?
13mreplyretweetfavorite
emptywheel Don't know why @charlie_savage has to be such a snoop, demanding to know what FBI found in Durham "investigations." http://t.co/8PALZa5cwh
16mreplyretweetfavorite
emptywheel @nickmanes1 East Michigan beer hater.
31mreplyretweetfavorite
emptywheel @nickmanes1 How did you let WSJ cover a MI beer story before you had? Getting slow in your old age.
33mreplyretweetfavorite
JimWhiteGNV Landrieu finally says something true, gets attacked by Repubs. http://t.co/cCvYyTwqx6
33mreplyretweetfavorite
JimWhiteGNV Civil Liberties Groups Tell Court that Government Should Not Be Allowed to Wipe Out Lawsuit on Vague Claims Secrecy https://t.co/LMKrmQzVzg
38mreplyretweetfavorite
August 2014
S M T W T F S
« Jul   Sep »
 12
3456789
10111213141516
17181920212223
24252627282930
31