The Federal Bureau of Investigation is probing a
computer-hacking attack on J.P. Morgan Chase & Co. and as many as four
other banks, in what people familiar with the probe described as a significant
breach of corporate computer security. The timing and extent of the hacking
attacks weren't immediately clear, though cybersecurity experts began probing
the possible J.P. Morgan breach earlier this month, according to people
familiar with the investigation.
J.P. Morgan said Thursday morning it isn't seeing
"unusual fraud" and it is working closely with law enforcement to
determine the scope of the attack. The largest U.S. bank by assets added that
it is taking "additional steps" to safeguard sensitive or
confidential information and will contact relevant parties as it learns more
about who may have been impacted.
People familiar with the investigation said the evidence
gathered so far suggested hackers were able to make a significant foray into
J.P. Morgan's computer system. People with knowledge of the probe said it
appeared between two and five U.S. financial institutions may have been
affected. The names of all targeted banks couldn't be immediately determined.
J.P. Morgan and federal cyber investigators are in
discussions as they examine the apparent attack on the bank's computer system. The
attack appears to have been caused by malicious computer code, known as malware.
Thefts of U.S. corporate data have in the past often come
from hackers based in China, Russia or the former Soviet Union, though that
doesn't mean the cyberattacks involve those governments. Just as in the U.S.,
hackers in those countries can act on their own and sell stolen data to other
organizations.
The style of the attacks and the targets—large U.S.
financial institutions—have led some people briefed on the investigation to
suspect a possible Russian or Eastern European link. Russian organized crime
often targets large financial institutions. But several people with knowledge
of the investigation cautioned it is too early to tell who was behind the
attacks.
Hackers appear to have originally breached J.P. Morgan's
network via an employee's personal computer, a person close to the
investigation said. From there, the intruders were able to move further into
the bank's inner systems. Employees often use software to tap in to corporate
networks from home through what are known as virtual private networks.
Such an attack would mark the latest instance in which a
large corporate network was breached by a weak external link. When hackers
stole 40 million payment-card numbers from Target Corp. last
year, they originally infiltrated the retailer by stealing a ventilation
contractor's password. In mid-August, cybercriminals hacked in to nearly 1,000
grocery stores around the U.S.
In recent weeks, J.P. Morgan called numerous security
vendors with concerns it had a problem, people close to the investigation said.
The bank in recent months hired a number of employees with Defense Department
experience because the firm treats cybersecurity as a problem akin to military
security, people familiar with the matter said.
J.P. Morgan, along with other banks, has been vulnerable to
attacks in the past, particularly so-called distributed denial of service
threats, known as DDoS. These attacks knock websites offline by flooding them
with useless traffic.
Click
here to access the full article on The Wall Street Journal.