back to article JPMorgan CYBER-HEIST: 9 US financial firms snared by 'Russian hackers', says report

Russian hackers with "loose connections" to Vladimir Putin's government were reportedly behind the massive JPMorgan cyber-heist understood to have hit 83 million households and businesses in the US. According to the New York Times, nine other Stateside financial institutions were also targeted by wrongdoers involved in the …

  1. silent_count

    Well now we know

    IT security is *not* what JPM spent their bailout money on.

    It's perverse that the yanks have RICO laws to get rid of corrupt organisations but their policy regarding incompetent ones seems to be to throw money at them.

    1. Gert Leboski

      Re: Well now we know

      Who is to say that it's not corruption dressed up as incompetence?

    2. Anonymous Coward
      Anonymous Coward

      Re: Well now we know

      Don't JPM run nearly everything on Linux? Presumably one of the recent holes was exploited.

      OSS security by public code review has taken a real credibility battering this year.

  2. Anonymous Coward
    Anonymous Coward

    Why the concern about the list of apps?

    So what? If you own the machine you can't do your own inventory? And JPM "replacing" all the apps? Yeah right, LibreOffice coming real soon now.

    1. Anonymous Coward
      Anonymous Coward

      Re: Why the concern about the list of apps?

      Why the concern around the list of apps? If you know JPM is running apache a.b.c but the current version is a.b.z then you can try known exploits against that version. If you know their desktops are running Windows ME with Office 97 then you can try emailing exploit codes that take advantage of those versions. If you know their standard database server is Lotus Notes then you can add those exploits to the payload you're emailing them.

      Getting a list of apps may extend beyond the one single machine you've been able to own.

  3. Anonymous Coward
    Anonymous Coward

    On my firewalls (homes and colo's) I don't allow Russian IP address blocks and if I run across any suspicious behavior, that IP is blocked as well. Given that I don't plan on going to Russia, no need to allow those IP's access.

    1. Anonymous Coward
      Anonymous Coward

      The hackers know this and so use machines based in the US (how cheap is a VPS? Or, heck, a few thousand pre-0wned desktops) or other countries to do the attack from. They use stealth techniques to make it harder for IDS systems to detect them (it gets lost in normal internet noise from the gazillion bots on the net; just look at any machine with open port 22 and the thousands of login attemps; look at any webserver and the number of bots hitting them). It's easy to protect home machines; not so easy for a megacorp or megabank. At least not without stopping customers from doing business with them! (I'm sure there are JPM customers in Russia, either permanently or just on holiday).

    2. Anonymous Coward
      Anonymous Coward

      "I don't allow Russian IP address blocks"

      I'm sure that Russian hackers are quite capable of using exploited Linux boxes from elsewhere to attack you if they are blocked from Russia...your approach provides no real additional security.

      "Given that I don't plan on going to Russia, no need to allow those IP's access."

      What on earth has if you go to Russia or not got to do with it?

    3. ecofeco Silver badge

      One word: proxies.

    4. Trygve Henriksen

      Did you also remember to block all known VPN services (Including iPredator), every bl**dy block owned by ComCast, China, Ukraine... ?

    5. Version 1.0 Silver badge

      LOL - good luck with that, it should get you about 15 milliseconds of protection.

  4. Anonymous Coward
    Anonymous Coward

    Apparently JPMorgan spends over $200mm a year on cyber security ( http://www.reuters.com/article/2014/04/09/us-jpmorganchase-dimon-idUSBREA3822W20140409 ). However it has over 255k employees ( wikipedia ). No matter how much you spend, with that number of people someone somewhere is going to do something stupid and allow attackers in. Whether it's misconfigured firewalls, staff infected with zero-day malware, developers leaving passwords in plain text, default passwords... someone somewhere will make a mistake. Conclusion: people are a problem.

    It looks like "names","address","phone number","email address" is the limit of the personal data leak. ( http://investor.shareholder.com/jpmorganchase/secfiling.cfm?filingID=1193125-14-362173&CIK=19617 ). That's bad (especially the email address) but fortunately no account numbers or SSNs or similar.

  5. Vociferous

    Well, Putin's hackers gotta do _something_

    ...now that they're no longer needed to hack and DDOS Ukrainian infrastructure.

    1. Anonymous Coward
      Anonymous Coward

      Re: Well, Putin's hackers gotta do _something_

      Maybe this should be Cameron's next "back to work" campaign; hack foreign nations for fun and profit.

    2. Mark 85 Silver badge

      Re: Well, Putin's hackers gotta do _something_

      Maybe they're the ones who DDOS'd El Reg... just for kicks and grins probably.

  6. i like crisps
    Trollface

    just think....

    ....about all the Levi's, Atari VCS2600 games consoles and Dire Straits albums they'll be able to buy with that lot!

  7. Mitoo Bobsworth

    Proof?

    The Russian -

    "reportedly"

    "believed to be"

    "it's been speculated"

    "It's been claimed"

    Any actual, substantial evidence beyond finger-pointing & political innuendo?

    1. Sanctimonious Prick
      Black Helicopters

      Re: Proof?

      Absolutely agree 100% - exactly what I was thinking, though I was laughing, and I always laugh when the origin is "speculated" as being Russian, Chinese, or whatever nation the US is having trouble with at the time.

      It always reminds me of the Iraq with weapons of mass destruction debacle. All bullshit.

      "I know you can see what I'm doing with my right hand, keep looking at it." :D

    2. ecofeco Silver badge

      Re: Proof?

      Agree as well. It could have been anything but with all the unsubstantiated accusations, it's sounds more like they are covering up some serious incompetence.

  8. ecofeco Silver badge

    9 Big Money insitutions you say?

    Couldn't have happened to a nicer, more deserving bunch.

  9. Version 1.0 Silver badge

    Time for a re-think?

    The fact is, the current IT structure is ridiculously easy to hack and virtually impossible to defend.Most security comes down to making it look good when the auditors come around and keeping open access for the bosses so that they are are not inconvenienced. Big data inevitably leads to small holes everywhere.

    Snowden has shown us how easily government agencies can walk in through the back door of almost any system but for some reason large corporate entities seem to think that they are not going to be targeted.

    1. Tom 13

      Re: Time for a re-think?

      At the banks? Hell yes.

      First thing they need to do is tear out all the internet connections and replace them with modems. We didn't have these kinds of data breaches when everybody was using modems.

  10. WalterAlter
    Boffin

    Target Acquisition

    Well, at least someone knows how to target the brain of the beast. Hey Occupy, you put the pip in the notch and overlay both upon the monster's 3rd eye. There's the big boy...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022