Weeks after JPMorgan Chase & Co. (NYSE:JPM) discovered a major data breach in its systems, investigators have found clues that show the hackers used a global network of computers available for hire to reroute the stolen data from the bank to a large Russian city.
Using a computer network staging ground, called a “bulletproof” hosting stage platform, because of its fortress-like security to keep out law enforcement agencies and other cybercriminals, the hackers took over computer systems around the world, from South America to Asia, sending commands and hiding their identity to break into one of the most heavily guarded financial networks on Wall Street, the Bloomberg report said.
Professional cybercriminals operating out of Eastern Europe, with the help of a group of computers used in previous attacks, are now targeting banks, the report said, adding the FBI and the National Security Agency, or NSA, are among those trying to investigate the origin of the attack on JPMorgan. However, a bank spokeswoman reportedly said that fraud levels at the bank had not been elevated.
James Lewis, at the Center for Strategic and International Studies in Washington, told Bloomberg that similar operations have been carried out by the now defunct-Russian Business Network, or RBN, which is said to be run by powerful individuals who are reportedly protected by Russian authorities.
“It’s like the mafia,” Lewis reportedly said. “If this is RBN version 2.0 or even 3.0, then the U.S. government will be very concerned because it’s been a real pest before.”
However, not all of the investigators hired by the bank to investigate the fraud are fully convinced Russia could be behind the attack.
Darien Kindlund, at FireEye, one of the organizations assisting the investigation, reportedly said: “The working theory is that there’s a relationship with this organized-crime group linked to other state-sponsored targeted attacks, possibly including Russia.”
“We aren’t ruling out the possibility that there may be tools or infrastructure tying these attacks to other state-sponsored activity.”
Despite the bank discovering the attack weeks ago, investigators are still unsure if the hackers have been removed from the bank's network and are trying to understand what information was stolen, if any, a process that could take weeks or months, the report said.
In April, Russian officials reportedly singled out JPMorgan for criticism after the bank had blocked a payment from the Russian embassy in Kazakhstan to insurance agency Sogaz "under the pretext of anti-Russian sanctions imposed by the United States," and called JPMorgan’s move “unacceptable, illegal and absurd."
Keith Alexander, former head of the NSA from 2005 to March 2014 and owner of a cybersecurity firm, said that the JPMorgan attack may have been carried out to send a message.
Russian President Vladimir Putin’s spokesman Dmitry Peskov dismissed the claim that Russia had a hand in the attacks as "nonsense," Bloomberg reported.
Despite investigators finding clues to the attack in Russia, it has been speculated this too could be a ruse to mask the hackers’ true identity. And, according to Lewis, Russia monitors its Internet even more than China.
“All the Internet traffic in the country flows through FSB servers,” he said, referring to Russia’s Federal Security Service, the country's primary internal security agency.
“It’s just impossible for something this big and prolonged to occur without the Russian government knowing,” he said. “Did the Russian government know this was going on? Yes. Did they direct it? We don’t know.”