HPPR hosts & contributors
Thu August 28, 2014
JPMorgan's Been Hacked, But Answers — And Fraud — Are Hard To Find
Originally published on Thu August 28, 2014 2:28 pm
ROBERT SIEGEL, HOST:
This is ALL THINGS CONSIDERED from NPR News. I'm Robert Siegel.
MELISSA BLOCK, HOST:
And I'm Melissa Block. One of the nation's largest banks has been hacked. JPMorgan Chase is working with a federal task force to figure out who might be responsible for the cyber-attack. The bank says so far, it's not seeing any increase in fraudulent activity. Several other big banks were also reportedly hit. NPR's Jim Zarroli has more.
JIM ZARROLI, BYLINE: JPMorgan says hackers try to access its computers nearly every day without success. But this time, they were able to break in. And one source said whoever was responsible was able to get deep into the company's network. Today, dozens of cyber-security employees at the bank were trying to figure out the scope of the attack and they were assisted by a Secret Service task force that includes the FBI. Tom Pageler is chief information security officer at DocuSign and a former JPMorgan cyber- security official.
TOM PAGELER: They're going to put this through and run this down and figure out what happened. But it can take some time and, you know, this is the kind of company that does have the funds to do that. And they want to know what happened, both to protect their customers, but also to understand it and make sure it doesn't happen again.
ZARROLI: So far at least, there are more questions about the attack than answers. And speculation is rampant about how it was carried out. The hackers reportedly also tried to attack the networks of at least four other big banks. But a source that if they did, there's no evidence they gained access. And some of the country's big biggest banks said today that they haven't been hacked. The attacks appear to have come from somewhere in Eastern Europe and Bloomberg reported that the attack may have been a Russian retaliation for U.S. economic sanctions against the country. Rahul Kashyap, head of security research at Bromium Labs, says that's certainly possible.
RAHUL KASHYAP: It wouldn't be surprising if it is coming from there. Some of the Russian underground gangs have a reputation of really being sophisticated. So I wouldn't be surprised if that were true because they have built some high-quality malware in the past.
ZARROLI: But U.S. officials cautioned that it was far too soon to attribute the attack to people in Russia or anywhere else. Computer hackers can be good at covering their tracks and making it look like they're in one location, when they're really somewhere else. Kashyap said it will take a long time to get to the bottom of things.
KASHYAP: They have to dig deep. It could take weeks, sometimes even months to kind of get to the full extent of the damage.
ZARROLI: Whoever was responsible, Kashyap says, the attack is disturbing. JPMorgan Chase is known for spending a lot of money on computer security and its defenses against hackers are said to be the gold standard in the industry. So the fact that JPMorgan's network can be penetrated says something about just how vulnerable other big institutions are. Jim Zarroli, NPR News, New York. Transcript provided by NPR, Copyright NPR.