U.S. law enforcement and corporate security experts are investigating a cyberattack earlier this month on JPMorgan Chase & Co. (NYSE:JPM) on the assumption it originated in Russia. Unlike the usual identity theft motive, though, this hack has been reported as a Kremlin-sponsored retaliation for the bank’s interference in a Russian financial transfer earlier this year.
A who’s who of U.S. agencies, including the FBI, National Security Agency and Secret Service, have become involved since the probe launched earlier this month in what anonymous sources told Bloomberg News resulted in the theft of a gigabyte of “sensitive data from the files of bank employees, including executives.” The unnamed sources said federal investigators opened the investigation suspecting JPMorgan was specifically targeted for infiltration as “possible retaliation for [U.S.] government-sponsored sanctions” against Russia.
The Russian military first began the annexation of Ukraine’s Crimean Peninsula in late February, and in March the U.S. responded with a round of sanctions designed to prevent prominent Russian leaders from traveling to the U.S., Canada and European Union. American officials also threatened to increase the severity of the penalties if Russian aggression didn’t subside. The U.S. eventually launched two more rounds of sanctions.
JPMorgan Chase, meanwhile, fresh off years of bad publicity, during which it was fined nearly $30 billion in penalties and settlements, blocked a payment from the Russian embassy in Astana, Kazakhatan, to the Sogaz Insurance Group. Sogaz is partly owned by OAO Bank Rossiya, a St. Petersburg-based institution operated by Russian President Vladimir Putin’s associates.
The attempted transaction was for less than $5,000, Bloomberg reported at the time, but it came after President Obama announced in March that Rossiya was included as part of the sanctions on Russian officials.
“Any hostile actions against the Russian diplomatic mission are not only a grossest violation of international law, but are also fraught with countermeasures that unavoidably will affect activities of the embassy and consulates of the U.S. in Russia,” said Russian Foreign Ministry spokesman Alexander Lukashevich, adding that JP Morgan’s decision was “absolutely unacceptable, illegal and absurd.”
Sources cautioned the Wall Street Journal that it’s still too early to tell who is behind the attack, although they admitted that Russian and Eastern European hackers have increased their attacks on Wall Street and other sources of prized financial data in recent years. Russian hackers have been erroneously blamed for a slew of distributed-denial-of-service attacks in recent years, including instances where hackers from Georgia and Estonia ultimately were deemed responsible. No cases of identity theft have been made public in the wake of this attack, a point that has led experts to say retaliation for the sanctions could be a motive.
“None of the people commenting on the incident mentioned a direct financial loss, or a direct fraudulent financial activity by the attacker,” Amichai Shulman, chief technical officer of Imperva security, told International Business Times. “Everyone is talking about grabbing sensitive information. I find it odd that someone who was actually able to break into a bank is not using it for making immediate profit.”
Earlier this year JPMorgan chairman and CEO Jamie Dimon wrote in his annual message to shareholders that the bank was planning to dedicate $250 million annually to cybersecurity, an initiative that includes having 1,000 employees focused on cybersecurity by the end of 2014.
“Cyberattacks are growing every day in strength and velocity across the globe,” he wrote, as quoted by the Wall Street Journal. “It is going to be a continual and likely never-ending battle to stay ahead of it -- and, unfortunately, not every battle will be won.”
News of the cyberattack on the big bank coincides with yet another effort by pro-Kremlin hackers to subvert Western computers. A shadowy group of criminals published a letter this week indicating they’re trying to mine everyday users’ personal data by installing malicious software hidden in spam messages that falsely claim to attack Western governments. The curious logic means that the hackers in question are attempting to attack people who actually sympathize with their cause.
“We, a group of hackers from the Russian Federation, are worried about the unreasonable sanctions that western states imposed against our country,” the group wrote in a declaration highlighted by BitDefender security researchers. “We have coded our answer and below you will find the link to our program. Run the application on your computer, and it will secretly attack the government agencies of the states that have adopted those sanctions.”