A notorious breach that compromised gigabytes of data at JPMorgan Chase & Co. (NYSE:JPM) in August could have been backed by a rival nation's government and should serve as a warning to other U.S. financial institutions, according to the former director of the National Security Agency, or NSA.
Keith Alexander, who served as NSA director from 2005 until March this year, denied having any direct knowledge of the online security breach, but he did not rule out the possibility that Russia might have backed the cyber attack in retaliation for sanctions imposed by the U.S. over the crisis in eastern Ukraine, Bloomberg reported. The FBI is also investigating whether the Russian government was behind the attack.
“How would you shake the United States back? Attack a bank in cyberspace,” Alexander told Bloomberg, in an interview. “If it was them, they just sent a real message: ‘You’re vulnerable.’”
Alexander, who is a retired U.S. Army general, has started his own company to provide cybersecurity services to American companies. During his tenure as NSA chief and head of the U.S. Cyber Command, Alexander reportedly tracked many international hackers and gained knowledge of their tactics. And, the hackers that targeted JPMorgan, the biggest bank in the U.S., were “a nation-state backed group,” who had “exceptional skills,” he said.
Many online security experts too have said that the hack was not likely to have been performed by ordinary criminals as the level of sophistication seen in the breach appeared to be beyond their capability, Bloomberg reported.
“If you can steal the data -- if you can reach in that far and steal it -- you can do anything else you want,” Alexander told Bloomberg. “You collapse one bank and our financial structure collapses.”
Meanwhile, the FBI reportedly has not found any evidence to suggest that the hackers who broke through the computer system at JPMorgan also gained access to other big U.S. banks, the Wall Street Journal reported Tuesday, citing four people familiar with the investigation.
While a Russian connection with the hack is yet to be established, iSight Partners, a Dallas-based cybersecurity firm that works with U.S. law enforcement agencies, reportedly said that there is not enough evidence yet to claim that it was an effort backed by Russia.
“There is currently insufficient information to validate that this group of banks are part of a single campaign,” iSight analysts wrote in a note, obtained by the Journal. “It's more likely that this is a highly targeted criminal or espionage campaign targeting information such as large databases or trade secrets.”