Skip to content
Business
Link copied to clipboard

Russian hackers hit five banks, sources say

Russian hackers attacked JPMorgan Chase & Co. and at least four other banks this month in a coordinated assault that resulted in the loss of gigabytes of customer data, according to two people familiar with the investigation.

Russian hackers attacked JPMorgan Chase & Co. and at least four other banks this month in a coordinated assault that resulted in the loss of gigabytes of customer data, according to two people familiar with the investigation.

At least one bank has linked the breach to Russian state-sponsored hackers, according to one of the people. The FBI is investigating whether the attack could have been in retaliation for U.S.-imposed sanctions on Russia, said the second person, who asked not to be identified, citing the continuing probe.

The cyberattack led to theft of account information that could be used to drain accounts, according to a U.S. official and another person briefed by law enforcement, who said the victims may have included European banks. Hackers also took sensitive information from employee computers.

Most thefts of financial data involve retailers or the personal computers of consumers. Stealing data from big banks is rare because they have elaborate security systems.

JPMorgan, the biggest U.S. bank, said Thursday it took additional steps to safeguard sensitive and confidential information. The company will contact any customers who might have been affected, though it hasn't seen unusual levels of fraud, Patricia Wexler, a spokeswoman for JPMorgan, said in an e-mail.

The incidents occurred at a low point in relations between the United States and Russia. Russian troops are massing on the Ukrainian border even after U.S. and European nations have hurt the Russian economy with sanctions.

Russia has a history of using criminals and other proxies to hit back at adversaries in cyberspace.

"The way the Russians do it, to the extent we can see into the process, is they encourage certain targets," said James Lewis, director of the Strategic Technologies Program at the Center for Strategic and International Studies in Washington. "The Russians typically keep open the options to do something more, and the question now is what would trigger that and what would our response be."

Investigators have determined that the attacks were routed through computers in Latin America and other regions through servers used by Russian hackers, according to people familiar with the probe.

The hackers took advantage of a type of software flaw known as a "zero-day attack" in at least one of the bank's websites, according to one of the people familiar with the investigation. They then plowed through layers of elaborate security to steal the data, which security specialists said appeared far beyond the capability of ordinary criminal hackers.