Recent Cyber-attacks at JPMorgan Chase, America’s largest bank, unsettled Obama’s administration. Whitehouse freaked-out especially after preliminary investigations suggested the attack originated from Russia.
White house is yet to establish the motive of the attacks or any clear connection to Putin’s’ administration. A source in the Obama administration familiar with security briefing on the JPMorgan case said nobody was able to answer Obama’s question; “Is this plain old theft, or is Putin retaliating?’ referring to the American-led sanctions on Russia.
FBI investigations shows the hackers at JPMorgan tried to infiltrates at least other 13 financial institutions. A person privy to the investigation said the FBI was yet to establish the precise number of affected companies. The possible targets included Citigroup Inc. (C),HSBC Holdings Plc (HSBA), E*Trade Financial Corp. (ETFC),Regions Financial Corp. (RF) , Automatic Data Processing Inc. (ADP) and Regions Financial .
Speculations of multiple attacks in different companies caused a buzz on Wall Street with question raised on the breadth and depth of the breach. After the JPMorgan attack, investigators circulated the IP address of the attackers to help other companies assess their systems. According to source briefed on the investigations, majority of the companies reported no evidence of attack while others are yet to comment on the matter.
Deutsche Bank and Bank of America found no evidence the attackers tried to infiltrate their systems. HSBC Holdings, ADP and Fidelity Bank have also ruled out any possible attack.
“HSBC takes its security and the security of its customers very seriously,” said Rob Sherman, a spokesman for the London-based bank. “We continue to monitor the situation closely, and are in touch with law enforcement and financial industry groups that collect and communicate cybersecurity information.”
Fidelity Bank Spokesman Adam Banker said “We have no indication that any Fidelity customer sites, accounts, information, services or systems were affected by this matter.” ADP spokesman, Jim Duffy said the payroll processing firm had not observed any issues associated with the JPMorgan attack. Regions Financials continue to monitor their systems and so far there is “no evidence of any breach.”
JPMorgan claimed none of its credit card or debit cards were stolen in the attack. Passwords and clients social security numbers were also not affected. The attackers possibly succeeded in getting, Names, Address and customers’ email. JP Morgan however reported the security of its customers on JPMorgan online, Chase Mobile, or JPMorgan Mobile was compromised.
Security experts warns that such information would provide an important starting point for cybercriminals. “It’s fresh, it’s huge, and it’s a target list of people who qualify for Chase accounts,” says Tod Beardsley, engineering manager at security firm Rapid7 “This last piece of personal data is incredibly valuable to attackers: It’s a pre-qualified hit list for potential victims with proven credit worthiness.”
Beardsley advices customers to be wary of Phishing or online scammers trying to trick them into giving sensitive information or money. You should look out or email asking for personal information. JPMorgan advises its customers not to trust any email allegedly from the bank.
“If you get a call or an e-mail claiming to be from JPMorgan Chase, the best course of action is to politely but absolutely terminate the conversation and call JPMorgan Chase back using the number printed on your card or on your card statement,” Beardsley said.
Although JPMorgan advised its customers against getting new credit or debit cards, “Any time is a good time for a password change,” according to Beardsley at Rapid7. “Unlike names, email addresses and phone numbers, passwords are easily changeable, and it’s one of the few things a regular person can do.”
The attack on JPMorgan and other financial institution raised questions on the vulnerability of US financial sector to hackers. State attorney Generals also questioned the legal obligation of financial institutions to notify their customers in case of a breach. A person briefed on the matter said state attorney generals led by Lisa Madigan of Illinois have launched investigation to determine whether JPMorgan alerted its customers on a timely manner.
According to Ms. Madigan the breach at JPMorgan which affected over two-thirds of America’s households was “the most troubling breaches ever”. Failure to notify customers on time risked the security of over 76 million households.
JPMorgan denied any delays in notifying its. “We communicated to customers repeatedly that we had been breached and hadn’t seen unusual fraud levels related to this — first in August, again in mid-September, and most recently last week,” said Patricia Wexler, a JPMorgan spokeswoman. “We were careful to get far enough along in our internal investigation to have the most complete information, and wanted to be sure we could confidently say no financial information had been compromise
Investigations into finding the real perpetrators of the JPMorgan attack are under Preet Bharara, the United States attorney in Manhattan. Thomas G. A. Brown, a former chief of the computer and intellectual property crime unit of the United States attorney’s office in Manhattan, however warns that it will be a daunting task. “It’s not the equivalent of gunshots being fired, a body on the street, and witnesses who see a person with a gun running away.” Said Brown.