Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

FBI Investigates 'Sophisticated' Cyber Attack On JP Morgan, 4 More US Banks

timothy posted about 2 months ago | from the could-have-been-motivated-by-love dept.

Security 98

Bruce66423 writes with news of an electronic attack believed to affect at least five U.S. banking institutions this month, including JP Morgan, now being investigated by the FBI. According to the Independent, The attack on JP Morgan reportedly resulted in the loss of “gigabytes of sensitive data” that could have involved customer and employee information. It is said to have been of a level of sophistication beyond ordinary criminals, leading to speculation of a state link. The FBI is thought to be investigating whether there is a connection to Russia. American-Russian relations continue to be fraught amid the crisis in Ukraine, with sanctions ramped up. Bruce66423 asks "The quality of the attack, which appears to have led to 'gigabytes' of data being lost, is raising the prospect of a state being the source. The present culprit suggested is Russia... why the assumption it's not China — just because China isn't invading the Ukraine at the moment?" News of the attack is also at the New York Times, which notes Earlier this year, iSight Partners, a security firm in Dallas that provides intelligence on online threats, warned companies that they should be prepared for cyberattacks from Russia in retaliation for Western economic sanctions. But Adam Meyers, the head of threat intelligence at CrowdStrike, a security firm that works with banks, said that it would be “premature” to suggest the attacks were motivated by sanctions.

cancel ×

98 comments

Sorry! There are no comments related to the filter you selected.

Which "other banks"? (2)

RevWaldo (1186281) | about 2 months ago | (#47773287)

No mention of them in the articles linked.

.

The Private Federal Reserve! (0)

Anonymous Coward | about 2 months ago | (#47773337)

Remember, other nations are not happy about the American banksters printing money at THEIR expense. Whom do you think pays for the 10%+ per annum inflation? And why would any American ever be upset at a stock market bubble? After all, consumer spending is down, median income is down, jobs are evaporating, and there is nowhere else to invest your money to save it from being inflated away.

Re:The Private Federal Reserve! (-1)

Anonymous Coward | about 2 months ago | (#47780771)

No one cares.. this is slashdot. Now where is my salt lick? SAAALLLTTT LLLIIICCCKKK

When they don't blame the Chinese ... (0, Insightful)

Anonymous Coward | about 2 months ago | (#47773689)

... they blame the Russians

Instead of blaming themselves of being so fucking antagonistic towards the rest of the world (see what the fuck they have done to Iraq, Libya, and now, Syria), they point their bloody fingers at others

Fucking shits who don't even deserve the O2 that they breathe

Re:When they don't blame the Chinese ... (2)

Rei (128717) | about 2 months ago | (#47773799)

Yeah, what evildoers, giving Russia a slap on the wrist for the petty offense of invading and taking over part of another country that had insolently decided to no longer be under Russia's thumb. Next up, the evil tyrants in American and Europe will send Putin a sternly worded letter! Maybe he won't even get a Christmas card from Biden this year!

See: US to sanction Russia over annexation of Virginia [wikia.com]

Re:When they don't blame the Chinese ... (1)

Anonymous Coward | about 2 months ago | (#47774665)

You mean like how the US carved Panama out of Colombia, or Kosovo out of Serbia? Or the rebelliions they supported in Lybia, Syria, and god knows where else. I'm not even including just taking over a country lock,stock and barrel, or just bombing it back to the stone age here.

I even remember the Russians warning the US 5-10 years ago that their decision to violate another countries soverignity and international law will bite them in the ass down the line. And lo-and-behold, here we are.

I don't mind that the US does all the above, big groups have violated little ones for as long as we've had tribal organisations. It is just the irks me when ones citizens are blinded by their own nationalism.

Re:When they don't blame the Chinese ... (1)

MobSwatter (2884921) | about 2 months ago | (#47777033)

Still puzzled over this supposed association of sophistication and state sponsored. I don't even remember when I last saw any government do anything that was all that smart.

Re:When they don't blame the Chinese ... (3, Insightful)

swv3752 (187722) | about 2 months ago | (#47777321)

Like the virus that attacked Iran's nuclear centrifuge?

Re:When they don't blame the Chinese ... (0)

Anonymous Coward | about 2 months ago | (#47780783)

America did NOT go into syria because of the GOP, and that allowed ISIS to expand.
America had to be FORCED into Libya. It was western Europe that pushed that.
America did NOT carve Kosovo out of Serbia. That was the local citizens that did that. Though it WAS America that stepped up and insisted that the west stop the genocide that was going on there. But we did not break them apart. All we did was stop the slaughter.

What other lies do you have that need correcting.
You know, if you really are American, we have Obamacare and you can restore your lithium. I think that you should go pay attention to your shrink and not go AMA.

Which begs the question... (0)

Anonymous Coward | about 2 months ago | (#47773295)

Why would "gigabytes of sensitive data that could have involved customer and employee information" be accessible by an internet facing server?

Which begs the question... (0)

Anonymous Coward | about 2 months ago | (#47773427)

No.. no it does not.

Re:Which begs the question... (0)

Anonymous Coward | about 2 months ago | (#47773483)

It raises the question. Stop it.

Re:Which begs the question... (1)

Anonymous Coward | about 2 months ago | (#47773511)

It raises the question. Stop it.

For fucks sake it doesn't do that, either. That's not the question. There is no suggestion that the attackers simply lumbered across the data by going to http://www.chase.com./ [www.chase.com] They probably (based on the patterns of most recent attacks) used spear phishing across a huge section of the employee population, then individually targeted each mark that fell into the trap for maximum leverage on gaining external access.

Re:Which begs the question... (0)

Anonymous Coward | about 2 months ago | (#47780807)

For this many cracks in a short time, it absolutely was not phishing.
All of these companies have 2 things in Common. All are running Windows and all have outsourced major portions of the work to nations where the lowest bidder is paying their workers less than $10,000 / year.
And they count on idiots like you to ignore the facts.

Re:Which begs the question... (0)

Anonymous Coward | about 2 months ago | (#47773761)

Many English speakers use "begs the question" to mean "raises the question", "evades the question", or even "ignores the question", and follow that phrase with the question, for example: "I am 120kg and have severely clogged arteries, which begs the question: why have I not started exercising?"

http://en.wikipedia.org/wiki/Begging_the_question#Modern_usage

Re:Which begs the question... (0)

Anonymous Coward | about 2 months ago | (#47773899)

That's because many English speakers expect that they can put together words that mean what the English dictionary defines them to mean, and get a phrase that means what those words should mean when they're put together, instead of being whined at by incorrect pedants for "misusing" their favorite mistranslation of petitio principii (perhaps properly translated as "seeking the principle", which when you look those words up in the English dictionary gets you definitions that best match the circular reasoning logical fallacy thus described).

Re:Which begs the question... (0)

Anonymous Coward | about 2 months ago | (#47774397)

In the US it should read: "I am 280kg and have severely clogged arteries, which begs the question: why have I not bought a mobility scooter ?"

Re:Which begs the question... (1)

dcollins117 (1267462) | about 2 months ago | (#47779505)

In the US it should read: "I am 280kg and have severely clogged arteries, which begs the question: why have I not bought a mobility scooter ?"

We haven't quite caught up with the rest of the world and switched to metric units. So instead of 280kg, it's 617 lbs.</pedant>

Re: Which begs the question... (0)

Anonymous Coward | about 2 months ago | (#47787813)

Hey, I'm from the US too. What the hell is a kg?

Re:Which begs the question... (1)

frnic (98517) | about 2 months ago | (#47773527)

You mean like my bank account statement, balance, my sign in, you know, things almost every American today access everyday from their banks? I don't know about you, but, I access those things (data) via the internet facing servers provided for me by my bank.

Fear mongering fearfully old (3, Insightful)

Anonymous Coward | about 2 months ago | (#47773297)

Yawn

same old...same old...

Private "cybersecurity" firm reports data breach. Lots of data transferred. Must be "state" actor APT! But who? China? Russia? Who is US government/media currently demagoguing against? Maximum fear factor achieved!

Re:Fear mongering fearfully old (2)

bill_mcgonigle (4333) | about 2 months ago | (#47773343)

Must be "state" actor APT! But who? China? Russia? Who is US government/media currently demagoguing against? Maximum fear factor achieved!

They forgot North Korea this time - must be an off-cycle.

You didn't need to go AC on this - we're all thinking the same thing. Are they just getting so much worse at the propaganda or are we finally wisening up?

Re:Fear mongering fearfully old (0)

Anonymous Coward | about 2 months ago | (#47773399)

I'm AC because I'm too lazy to login.

Re: Fear mongering fearfully old (0)

Anonymous Coward | about 2 months ago | (#47773825)

Ditto!

Re:Fear mongering fearfully old (2, Interesting)

slimshady76 (3752059) | about 2 months ago | (#47773495)

They forgot the NSA too... Who would benefit the most from the sensitive data stolen? Even more, who would benefit the most from the fear campaign?

Re:Fear mongering fearfully old (0)

Anonymous Coward | about 2 months ago | (#47773625)

They forgot the NSA too... Who would benefit the most from the sensitive data stolen?

No need, the NSA already has the data through "legal" means.

That said, it'd be advantageous for NSA's budget if it appeared to be from China or Russia. And the evidence from the past year has clearly shown that the NSA controls enough routers in those countries (and around the world) that they could staging a very convincing false flag attack.

Re:Fear mongering fearfully old (0)

Anonymous Coward | about 2 months ago | (#47773671)

They forgot the NSA too... Who would benefit the most from the sensitive data stolen? Even more, who would benefit the most from the fear campaign?

Private security companies seeking lucrative contracts with those banks to secure their systems, that's who. Frankly, I think a lot of breaches are part of protection rackets (That's a nice network you got there. Be a shame if someone were to break into it and copy all your data) instigated by the same security companies and use the bogeymen of Russia, China, Iran, etc. as fall guys for the break-ins.

old but somewhat effective (1)

s.petry (762400) | about 2 months ago | (#47774021)

The fear and war mongering is coming from all fronts currently. For a decade it was mostly middle east. Now they are ratcheting up the propaganda against Russia. Partially due to people realizing that the US is training and arming the "terrorists" in the middle east causing many of the problems, and partially due to needing a bigger threat. So yes, people are getting wise to the games. John Kerry and his constant screaming for a white cat has become blatantly obvious.

Until recently China and Japanese skirmishes over islands would occasionally pop up as a "big threat", but it was nothing that could be sustained as war propaganda. Russia on the other hand, what an easy target. Far enough away and little enough interaction that most people are ignorant, and was a technological threat for long enough for people to believe a bit more of the rhetoric.

I also believe the media controllers are getting worse at propaganda, but blame this on desperation because more people are wise to the propaganda. How many times will we hear a claim of "Russia invaded the Ukraine" and have that proven false before people ignore it completely? I'm pretty sure we are capped out at the limit.

Lets not forget the obvious alternative motive for this particular propaganda. It takes the blame off these large banks that continue to violate the law and/or not correct major security problems. Execs make more cash because they don't have to spend money correcting problems, and all the blame goes to "those guys". Convenient for both sides.

Re:old but somewhat effective (1)

Anonymous Coward | about 2 months ago | (#47774917)

Sorry, but I have to call you out on that last. I work for a third party that holds much data for Chase. They aren't slacking on security. They audit and poke us all the time, to make sure stuff like this is encrypted at rest. My first thought is an inside job, before all the conspiracy theories. That's the easiest way in. Just bribe some sysadmin, or find one to blackmail.

Re:old but somewhat effective (1)

ScentCone (795499) | about 2 months ago | (#47775373)

How many times will we hear a claim of "Russia invaded the Ukraine" and have that proven false before people ignore it completely?

So, just out of curiosity, what do you get out of spinning your particular flavor of nonsense? Who benefits from you trying to convince people that - despite what they can see with their own eyes - Russia didn't just annex Crimea? That columns of Russian armor with their insignia painted over didn't just roll across the border into southeast Ukraine? Your contention has to be that those events didn't actually happen, despite untold thousands of witnesses pointing out the exact opposite. So, what's your point? What you're saying is so blatantly false and disingenuous on the face of it that - unless you are actually delusional - even you have to know it, even as you type it. So I'm genuinely curious. Are you getting paid to push propaganda, even as you say that propaganda is bad? Or are you just basically a low-grade troll that assumes his audience is utterly uninformed?

Re:old but somewhat effective (1)

s.petry (762400) | about 2 months ago | (#47775837)

Russia didn't just annex Crimea?

Crimea voted with a 90% margin to annex from Ukraine, this was not "Russia" doing anything. This vote happened after a bloody and violent coup in Ukraine. The voting process has not been demonstrated to be incorrect by anyone, the fact that they annexed at all is what is questioned.

If you want to play the game and cry foul, you need make sure you account for US involvement in Libya, Egypt, and every other country where we have cried foul after a vote goes against US interests. This is not something recent, it goes all the way back to at least the 1950s. I'd be willing to bet I have more knowledge on world history than you, so play smart.

That columns of Russian armor with their insignia painted over didn't just roll across the border into southeast Ukraine?

I know, I know.. the white cat worked before so it should work again. We have no US military intelligence backing the claim that Russia invaded the Ukraine. If you want to talk about border runners I think that's possible, but then why don't we start war rhetoric against Pakistan that harbors all kinds of terrorists crossing their border to fight and hide, and has harbored them since at least the first gulf war?

If you want to bang the drum for war, do it fairly. If you don't then you are not working for altruistic goals, you are maneuvering. The US has been caught, since again at least the 1950s repeatedly doing the latter, while claiming the former. No matter what you say, facts state that Saddam did not have WMDs, North Vietnam never fired on US ships, and the US installed Governments in numerous countries has failed and backfired over time.

What you're saying is so blatantly false and disingenuous on the face of it that - unless you are actually delusional -

Really, I'm delusional because I demand facts over a claim from sources that have willfully provided false information on numerous occasions? You should really find a good mirror and take a long look before making such accusations. Make sure you actually read the definition of delusion before tossing it out as an ad hominem as well. Not only am I more knowledgeable on history than you, but I am better trained in rhetoric.

I'm happy to debate political science with you, but make it a real debate instead of baseless accusations and fabrications. If I really wanted the latter I would listen to Fox or CNN.

Re:old but somewhat effective (1)

dkman (863999) | about 2 months ago | (#47776609)

Every time I see one of these things I want to go look up the quote from 1984 where is says something along the lines of "we were always at war with Eurasia or Oceana". Over the years it has really become ridiculous. Even in the 80's when we sort of had peace we were fear mongering about Russia. Over the past 15 years we've been at war in Afghanistan and Iraq. We're not currently in Iraq, but just getting into that should have been foreseen as a bad idea. I don't think any country has had luck in a two front war.

Re:Fear mongering fearfully old (1)

oodaloop (1229816) | about 2 months ago | (#47773541)

Are you really so naive to think this isn't going on?

Re:Fear mongering fearfully old (0)

Anonymous Coward | about 2 months ago | (#47773945)

Are you really so naive to think this isn't going on?

Are you really so naive to think that this is not just a common occurrence, but an average underpaid IT goon with loose morals couldn't possibly pull it off?

Might as well make a news story every time someone shoplifts and have the tagline 'Is Russia trying to undermine our economy?'

Hokie Smokes!!! (0)

Anonymous Coward | about 2 months ago | (#47773305)

Bank of Frostbite Falls under attack on orders from Fearless Leader! Boris and Natasha must still be looking for the Mooseberry recipe.

Re:Hokie Smokes!!! (0)

Anonymous Coward | about 2 months ago | (#47774115)

Bank of Frostbite Falls under attack on orders from Fearless Leader! Boris and Natasha must still be looking for the Mooseberry recipe.

ROFLMAO Bravo for the Rocky and Bullwinkle cartoon reference. Childhood memories.

Honest question from a non-USian (1)

gTsiros (205624) | about 2 months ago | (#47773317)

Why does the FBI get involved? is it because the events span multiple states, or because the banks have so much clout? If this had happened to google or microsoft, for example, would the FBI get involved?

Re:Honest question from a non-USian (0)

disposable60 (735022) | about 2 months ago | (#47773353)

The FBI is an agency of the Department of Treasury. This sort of thing is (supposed to be) their main job.

Re:Honest question from a non-USian (1)

oodaloop (1229816) | about 2 months ago | (#47773371)

The FBI is a bureau (it's in their name), not an agency. And they're in the Dept of Justice, not Treasury.

Re:Honest question from a non-USian (1)

disposable60 (735022) | about 2 months ago | (#47774555)

Then why aren't the Secret Service all up in this?
Slackers.

Re:Honest question from a non-USian (1)

jratcliffe (208809) | about 2 months ago | (#47773375)

You're thinking of the Secret Service.

Re:Honest question from a non-USian (1)

Smerta (1855348) | about 2 months ago | (#47773489)

The FBI is under the Department of Justice, not Treasury.

Re:Honest question from a non-USian (3, Informative)

jratcliffe (208809) | about 2 months ago | (#47773387)

If it crosses state lines, and/or international borders, then the FBI gets involved. Also, if the crime is highly technical, and requires specific expertise, the FBI often gets involved as well (since the police dept in city/state X might not have the same level of capability).

Re:Honest question from a non-USian (1)

Agripa (139780) | about 2 months ago | (#47797577)

The FBI also uses the excuse that the crime *might* have crossed a state line or border. I expect at some time in the future they will add, "The crime may have affected interstate commerce or involved items or materials that may have crossed a state line."

Re:Honest question from a non-USian (3, Interesting)

bill_mcgonigle (4333) | about 2 months ago | (#47773403)

Why does the FBI get involved? is it because the events span multiple states, or because the banks have so much clout? If this had happened to google or microsoft, for example, would the FBI get involved?

The FBI will exercise its power whenever it can, but almost always only if oligarchs are involved. Sure, they can't avoid the bad PR of ignoring a kidnapping, but if Grandma's money gets stolen because her paypal account is hacked, then don't expect her to get any help - only the institutions that are politically connected yet could afford their own investigation get that kind of help (while Grandma is essentially helpless). They'll excuse it by saying "oh, we can only help if the dollar amount exceeds $X because we have limited resources" but what that really means is they only help rich enough people, who (shocker) also tend to be the ones capable of making campaign donations. The help is means-tested, but not in the way one might expect.

In various roles I've heard from local chiefs of police who are trying to help out various citizens, just because there is no other option for them. It's not uniform at all, but investigating online crimes is not what those guys have training for.

If somebody here has had FBI help for small-dollar crimes where that was their only option, then I'd love to hear counterexamples.

Re: Honest question from a non-USian (2)

IMightB (533307) | about 2 months ago | (#47773793)

That's right the police are too busy training for paramilitarized riot control and shooting unarmed poor people to care about online stuff.

Re:Honest question from a non-USian (1)

ScentCone (795499) | about 2 months ago | (#47775401)

but if Grandma's money gets stolen because her paypal account is hacked, then don't expect her to get any help

But if Grandma has her checking or retirement account with Morgan/Chase, she's being helped right now, by the agency you say won't help her.

Re:Honest question from a non-USian (1)

dkman (863999) | about 2 months ago | (#47776829)

Yea pretty much this.
The FBI gets involved because they have more clout overseas to get the perpetrator arrested. The organization hacked by itself doesn't have much. And the FBI has more potential access to NSA data to find the perp in the first place. The FBI regularly gets involved in wire fraud and bank related cases that cross borders. They have a cyber investigation division for this sort of thing.

Like Bill said though, grandma's $20,000 life savings whisked off to Nigeria isn't likely to raise their eyebrows however.

Re:Honest question from a non-USian (1)

h4ck7h3p14n37 (926070) | about 2 months ago | (#47777847)

Back in the mid-90's, when I just getting started, the web development company I was working for in Chicago got hacked via some remote exploit in IRIX. It was a small business with only six people, but the local FBI branch did send an agent over to collect information when we notified them of the breach.

Re:Honest question from a non-USian (1)

strikethree (811449) | about 2 months ago | (#47781861)

If somebody here has had FBI help for small-dollar crimes where that was their only option, then I'd love to hear counterexamples.

Quite a few years ago, I found out that the FBI will not move if the dollar value is below $5,000. I am sure that point has gone up, not down.

Re:Honest question from a non-USian (2)

jeffmeden (135043) | about 2 months ago | (#47773533)

Why does the FBI get involved? is it because the events span multiple states, or because the banks have so much clout? If this had happened to google or microsoft, for example, would the FBI get involved?

Simply put, the FBI is the investigator of last resort. Local law enforcement (even in large cities like NYC where JPMC is based) are woefully ill-equipped to investigate this sort of thing.

Re:Honest question from a non-USian (1)

Anonymous Coward | about 2 months ago | (#47774683)

There is no group of people on the planet known as USians. Please stop using this term.

Re:Honest question from a non-USian (0)

Anonymous Coward | about 2 months ago | (#47775079)

Are you saying you prefer "USA-ians"? That just doesn't roll off one's tongue.

Re:Honest question from a non-USian (0)

Anonymous Coward | about 2 months ago | (#47776229)

I guess they could be like Filipinos and be called USA-os.

Re:Honest question from a non-USian (0)

Anonymous Coward | about 2 months ago | (#47776017)

Because the FBI is the organization that specializes in this kind of thing, and this being a relatively low incidence crime, most local police departments won't know how to handle it or dedicate the resources to it.

Legally, I believe its jurisdiction is through the FDIC, the Federal Depositor's Insurance Corporation, which makes any theft against a bank an issue where the Federal gov't is a party.

i applaud this (0)

Anonymous Coward | about 2 months ago | (#47773373)

these morons are creating havoc in all sorts of economies around the world

Details of the sophisticated attack (0)

Anonymous Coward | about 2 months ago | (#47773389)

Caller: "This is Jack Haackst ([CIO]). We just had a P1 escalation from [a big customer], we need to do a recovery on the database partitions for Q3 2013 right now."

IT guy: "Recovery on database partitions? Do you mean a restore from archives?"

Caller: "No, a recovery. Who's your supervisor? Put him on the phone."

IT guy: "He's on vacation right now, can I have him call..."

Caller: "Look, I've spent a career here doing this stuff. Just give me the DBA password."

At this point... (1)

DoofusOfDeath (636671) | about 2 months ago | (#47773391)

I can only assume the NSA has become self-funding, and is doing so by hacking banks.

Re:At this point... (0)

Anonymous Coward | about 2 months ago | (#47773595)

Moreover, given the NSA's enormous capabilities, we'll soon be hearing about how the NSA tracked the whole thing, how they isolated the perpetrators, even though they'd hidden their identity through various "hops" around the world and how the NSA has helped the banks involved by given them some security advice, whilst helping out the FBI to close the case. Or maybe we won't, because the NSA are busy doing things that benefit no one except themselves.

Re:At this point... (1)

Muad'Dave (255648) | about 2 months ago | (#47783373)

Nah, that's NCIS's job. Abby and Probie McGee will handle it!

So, the first test of the Cyber-warfare system? (0)

Anonymous Coward | about 2 months ago | (#47773419)

If it is russia, and they do intend to fully invade ukraine, and launch cyber-warfare attacks to disrupt commerce in Ukraine, does anyone have decent plans to 'secure' the infrastructure?

OOooo THOSE DIRTY STINKING FILTHY RUSSIANS! (0)

Anonymous Coward | about 2 months ago | (#47773435)

But what else can a filthy dirty stinking Russian do?

im growing to hate the word cyber. (5, Insightful)

nimbius (983462) | about 2 months ago | (#47773469)

Cyber washes over so much of the actual problem with these companies. it implies some val kilmer secret agent jack bauer bullshit that does not exist in practical terms as the situation applies to entities like Chase. Its a convenient means of misdirecting attention at best.
Lets take a step back and call this what it actually was. Chase involuntarily discharged sensitive information about employees and customers. We can name chase because its too big to fail, but four other banks were part of this incident and we cant name them because to do so would cause egregious harm to their market reputation and force them to spend a pittance on re-issuing credit/debit cards. Chase will work to scapegoat this problem ad infinitum to the nearest foreign superpower that has been demonized/sanctified by politicians for this purpose and business will continue as usual. Chase will not accept liability for its shit-tier software, security practices, or disinterest in its customers and clients because it would harm the largest bank in the world and perhaps shave a sliver of profit off this quarter.

MOD THIS UP (0)

tekrat (242117) | about 2 months ago | (#47773611)

This is the ACTUAL summary of the article. At the very least, this is the summary that *should* be posted to the Slashdot, that translates the shit-speak the media writes into technical jargon that Slashdot readers should expect from "news for nerds".

Otherwise Slashdot is a mere shill for other crap media with their crap reporting with zero journalistic integrity. Facts be damned, protect the status quo.

Re:im growing to hate the word cyber. (0)

Anonymous Coward | about 2 months ago | (#47773635)

Don't like the term Cyber-attack? Ok, why don't we go back to calling it all "hacking"

Re:im growing to hate the word cyber. (1)

StikyPad (445176) | about 2 months ago | (#47773883)

Welcome to the late 90s.

Re:im growing to hate the word cyber. (2)

Rich0 (548339) | about 2 months ago | (#47774049)

There is actually a deeper issue than corporate security competence.

Imagine that a bunch of soldiers stormed the front door to their datacenter with APCs, tanks, and artillery support. They then removed hard drives and proceeded across the border to some other country. Would you consider this a bank security problem?

Banks don't have this problem because the government provides physical security against these kinds of threats. Sure, the bank is expected to lock the doors and have some guards, but they aren't expected to stop an attack of arbitrary determination.

With the internet we benefit from the free exchange of data across national borders. However, at the same time this means that computer security can be subjected to attacks of arbitrary sophistication, and national governments have generally not intervened.

Now, I'm sure more could be done to secure the average corporate network, the reality is that state actors are free to develop more and more sophisticated attacks free of interference. If I wanted to hack into some foreign bank I probably would have the FBI kicking down my doors before I got too far with it. The same is not true of an NSA agent doing the same thing.

I think the only real solution to this sort of problem involves border control. Establish agreements with nations to cooperate on prosecuting computer crime, and heavily firewall communications or block them entirely at the borders. Parties to the agreement would agree to not accept traffic from countries that aren't parties to the agreement. The downside to such a policy is obvious - far less freedom of communication, and that will probably support dictatorships and such abroad since we'll effectively be providing the firewalls for them.

Either that, or we just accept that data stored on networked computers is going to be insecure. There is no reason to think that security is a game where the defenders can ever win - that certainly hasn't been our experience in physical security.

Please stop calling it... (1)

slimshady76 (3752059) | about 2 months ago | (#47773505)

THE Ukraine! It's Ukraine, and that's what it is. It's not a region, but a COUNTRY. I don't see anybody here writing "the France" or "the Italy"... Hypercorrectism it's still an error.

You're just hyper-modern (0)

Anonymous Coward | about 2 months ago | (#47773937)

See http://www.merriam-webster.com/dictionary/ukraine

There are also The Gambia, The Dominican Republic, The Netherlands, The Seychelles, The United Arab Emirates, and yes, The United States :)

Others listed here: http://everything2.com/title/Countries+that+start+with+the+word+%2522the%2522

Re:Please stop calling it... (1)

mrchaotica (681592) | about 2 months ago | (#47773959)

"The Netherlands" is a country and it's correct to include the "The" (when naming it in English, at least).

Re:Please stop calling it... (1)

drinkypoo (153816) | about 2 months ago | (#47774355)

"The Netherlands" is a country and it's correct to include the "The" (when naming it in English, at least).

Irrelevant, because we are not talking about The Netherlands [wikipedia.org]

.

Re:Please stop calling it... (1)

mrchaotica (681592) | about 2 months ago | (#47776815)

slimshady76 thought it was relevant to compare to Italy or France; I was merely refuting his argument. Complain about it to him.

Data breach articles (0)

Anonymous Coward | about 2 months ago | (#47773563)

There's nothing particularly novel about these kinds of articles except for the usually baseless speculation about who was behind the system break-ins. If Slashdotters are interested in reading about data breaches then they should go over to http://www.privacyrights.org/data-breach.

Serves the bastards right!!! (0)

Anonymous Coward | about 2 months ago | (#47773605)

I used to do some contract work with a very large 3 letter named organization well known in the data processing world (well, they used to call it data processing. Not sure what they call it now), anyway, JP Morgan was a major customer of the aforementioned 3 lettered organization. The JP Morgan account was supposedly worth over a Billion US dollars, so when JP Morgan said 'jump' the 3 lettered organization replied 'how high?'.

Every time anyone from the 3 letter named organization had to talk with anyone from JP Morgan - the JP Morgan people treated them like absolute sh*t! The JP Morgan a**holes would curse at them, call them names, etc. it was just ridiculous! But, for a Billion dollars, the people at the 3 lettered organization expected you to just suck it up!

As a result of all this....I sincerely hope that JP Morgan gets butt raped from this cyber attack!!

To whoever is responsible - "I thank you for putting it up JPM's ass!!!"......now please go away and leave my country the f*ck alone.

Re:Serves the bastards right!!! (0)

Anonymous Coward | about 2 months ago | (#47774497)

Looking back I now recall they were "Morgan Stanley" - the hellspawn of JPM......same folks really.....hey, it was a long time ago!

Bitcoin Users Not Affected (0)

Anonymous Coward | about 2 months ago | (#47773645)

Keep your financial information safe from hackers.

Re:Bitcoin Users Not Affected (1)

GameboyRMH (1153867) | about 2 months ago | (#47774007)

Sorry I couldn't hear you over the aftershocks of Mt. Gox's collapse.

Explains the unexpected new check card in the mail (0)

Anonymous Coward | about 2 months ago | (#47773655)

A letter from my credit union

"Dear Member,

We have been made aware that the security of your _ _ _ _ check card may have been compromised outside of _ _ _ _ Federal.

Enclosed is a new _ _ _ _ check card to replace your old card..."

The letter then digresses from this information provided, citing no unusual activity, ensure your not inconvenienced etc.

Sophisticated my ass (1)

Ceriel Nosforit (682174) | about 2 months ago | (#47773779)

I'll bet all my credit balance that they probably learned to use a malware generator right to just PDFed the clicktomaniac back-office, and that even if the paydata was air-gapped they're leaking USB drives all over the place.

A firewall which is more than just an occasional inconvenience has to stop any data which it can't compare to its list of secrets which may not be leaked. - That is at least what one of the firewall's tasks used to be, but none which did this were sold, apparently because they were just too secure and therefore too inconvenient.

If you're in the security business and didn't know firewalls used to do this, I'd love to know.

Re:Sophisticated my ass (0)

Anonymous Coward | about 2 months ago | (#47774107)

A firewall which is more than just an occasional inconvenience has to stop any data which it can't compare to its list of secrets which may not be leaked.

Any such firewall is useless and should be replaced with an airgap. How can you prove a negative, and what is data that the firewall "can't compare" to its list of secrets? Blocking SSL/TLS or known (and recognizable) encryption isn't enough. A firewall doesn't know and can't know that "0644879127962296" isn't a caesar cipher of someone's credit card number, so you have to block that too. What use is any connectivity at all? Unplug the machine from the network, period.

none which did this were sold

There was a consumer grade Mac firewall application called Netbarrier many years ago that would do the compare-to-secrets part. You could input your SSN, CC numbers, mistress's name, or whatever and any transmission containing one of those strings would be blocked. But for it to block any data that it "can't compare to its list of secrets" would mean it blocks every single packet.

Re:Sophisticated my ass (1)

Ceriel Nosforit (682174) | about 2 months ago | (#47776263)

Weird assumption that you could ditch the air gap, AC... This firewall is for the data that must inevitably bridge the gap. You only allow a few protocols through it and you know how those protocols behave. The list of secrets isn't one of eternal taboos, but one which is used to keep track of when to allow through what. - It's not like the grand gate FW at your network perimeter.

To get data through it you should need to know what the FW expects to see. Assuming an attacker somehow gets arbitrary execution on the dry net they either need a truly sophisticated way of disguising the data or a willing insider. You raise the bar, which is all you can ever do.

Sophisticated attack? (1)

MagickalMyst (1003128) | about 2 months ago | (#47773815)

I heard the NSA is capable of such mischief. Just sayin'.

Re:Sophisticated attack? (0)

Anonymous Coward | about 2 months ago | (#47773877)

Yes, it's capable, but when you've got all the telecommunications networks tapped, you don't really need to break into a system to get the data. It's problem it sifting and storing the data.

Re:Sophisticated attack? (0)

Anonymous Coward | about 2 months ago | (#47775141)

Anytime I hear the term 'sophisticated attack' I substitute it in my head with 'dumb luck'. Works like a charm and most of the time, it is more accurate than the original article contents.

Heartbleed colatteral damage (0)

Anonymous Coward | about 2 months ago | (#47773933)

I bet the NSA is just looking to make up for lost funding.

Why State? (1)

Lawrence_Bird (67278) | about 2 months ago | (#47774031)

crime syndicates are just as resourceful, if not more so, than state actors. To assume that it is a state actor because you did not think of the attack vector first is pretty dumb. in fact, trying to assert any attribution to cybercrime/intelligence is dumb.

Russia? Really? China or France Maybe? (1)

LifesABeach (234436) | about 2 months ago | (#47774045)

As far as I'm concerned, why just JP? If the bad guys have balls, how about Wells Fargo? Better yet, if the bad guys are not just closet girly girls; Why not go after the data base that holds the home loans of the U.S. and all of its backups. Yep, I smell fish, 3 days in the sun.

Russia = bogeyman (1)

jbmartin6 (1232050) | about 2 months ago | (#47774065)

I didn't see any evidence of Russia being involved, other than gross speculation. Meanwhile, the NYT article states the researchers believe the malware was produced by the same people who made Stuxnet and Flame. That points to the US and Israel, not Russia.

'Sophisticated' Cyber Attack On JP Morgan? (1)

lippydude (3635849) | about 2 months ago | (#47774273)

Do you mean someone opened a ms Word document from an email attachment in ms Outlook under Microsoft Windows ?

Re:'Sophisticated' Cyber Attack On JP Morgan? (0)

Anonymous Coward | about 2 months ago | (#47778905)

m'Word!

A practical question (1)

RogueWarrior65 (678876) | about 2 months ago | (#47774277)

What if such cyber attacks are a form of misdirection or rather click-bait? Here's the scenario: launch a cyber attack on a bank but you're really not interested in any data you might get or rather the attack makes the target think that you're after data. The target then tells its customers to change their passwords. It's only then that the attacker gets what their after i.e. account holders' NEW passwords.

oh has the wind changed again (0)

Anonymous Coward | about 2 months ago | (#47774287)

and we are back to blaming the Russians instead of the Chinese for unsubstantiated allegation that our own government may (most definitely are doing ) also?

Nearly all hacks are "sophisticated." (1)

StikyPad (445176) | about 2 months ago | (#47774493)

At least that's the impression I get by reading the news. I can't remember the last time I heard an attack described as "simple" or "straightforward." It's never "the hackers just tried a bunch of words until one of them worked," or "turns out that if you type '); then a computer will often happily do whatever you tell it," or "if you give it a very long list of letters, sometimes the computer will start doing whatever you tell it." No, it's "the hackers used a sophisticated technique to plow through layers of security."

Although I'll grant you, that 'sophisticated' bit does sound a lot better. Maybe I should sprinkle that word around my resume.

Insider Threat will not be eclipsed. (1)

geekmux (1040042) | about 2 months ago | (#47775689)

When speaking about the very banks that helped cause the global financial meltdown of 2008, I seriously doubt any attack could ever pose a larger threat than the insider threat that runs Too Big To Fail.

Inside Perspective (1, Informative)

Anonymous Coward | about 2 months ago | (#47776099)

We work with JPMorgan. We host hundreds of terabytes of sensitive data for them.

They take information security more seriously than any other organization that we work with, and we work with a number of Fortune 50 corporations, tech companies, and the United States government.

If they are getting hacked, it is not due to a lack of effort or competence on the part of their risk management and security teams. All of the common complaints that get voiced here about companies not taking security seriously, about companies not spending money on security, about PHBs not getting security, are not applicable to JPMorgan. Those people get it. I do not say that lightly. There are plenty of equally large financial institutions and organizations with similar amounts of resources who do not spend even a quarter of the effort on securing their data that JPMorgan does.

As a client, they are a serious pain the ass to work with. But at the end of the day, their security controls and risk management processes are heavily weighted towards security at all costs, ease of use / access be damned.

Re:Inside Perspective (1)

Anonymous Coward | about 2 months ago | (#47777995)

We work with JPMorgan. We host hundreds of terabytes of sensitive data for them.

They take information security more seriously than any other organization that we work with, and we work with a number of Fortune 50 corporations, tech companies, and the United States government.

If they are getting hacked, it is not due to a lack of effort or competence on the part of their risk management and security teams. All of the common complaints that get voiced here about companies not taking security seriously, about companies not spending money on security, about PHBs not getting security, are not applicable to JPMorgan. Those people get it. I do not say that lightly. There are plenty of equally large financial institutions and organizations with similar amounts of resources who do not spend even a quarter of the effort on securing their data that JPMorgan does.

As a client, they are a serious pain the ass to work with. But at the end of the day, their security controls and risk management processes are heavily weighted towards security at all costs, ease of use / access be damned.

I have a similar relationship with JPMC. However, just because they force their vendors to eat the dog food doesn't mean that they are as well...

Re:Inside Perspective (0)

Anonymous Coward | about 2 months ago | (#47781499)

Bullshit.
I have worked with them as well. They are a joke when it comes to security.
They have outsourced a great deal of work to Indian, and oddly, to China (I have NO IDEA what that is about).
Their systems are all windows based, even their front-end. Those idiots think that by IDing as a non-windows that it will secure them. What a fucking joke.
They are being cracked because they are idiots.

Actually (0)

Anonymous Coward | about 2 months ago | (#47777979)

I'm sure it was American blackhats who are sick of JP's century of financial enslavement. Go Blackhats.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?