JPMorgan’s Hacked Data Sent To Russia

JP Morgan's own investigators have found clues that a global network of computers available for hire by sophisticated criminals was used to reroute data stolen from the bank to a major Russian city, according to people familiar with the probe, reports Bloomberg.  

Bloomberg has uncovered several facts.

"The hackers tapped computers from Latin America to Asia to send commands and obscure their identity while ferrying malicious traffic past one of the most heavily guarded networks on Wall Street."

"The constellation of computers was used in previous hacking attacks and is now being tapped by professional cybercriminals operating out of Eastern Europe to target banks."

"Bank investigators working nearly around the clock have identified what they believe to be the assault's staging ground, called a "bulletproof" hosting platform because of its resilience to other attackers and to law enforcement," according to one of the people who requested anonymity because of the continuing investigation.

The bank's investigators are only part of a larger group in the U.S., that includes the Federal Bureau of Investigation and the National Security Agency, trying to trace the origin of the computer assault.

Cybercrime operations similar to the one identified by JPMorgan investigators, notably a now-defunct one known as the Russian Business Network, have been run by powerful figures and protected by Russian authorities, said James Lewis, a senior fellow at the Center for Strategic and International Studies in Washington.

JPMorgan's security team continues to investigate the possibility that the hackers may have been aided or at least condoned by the Russian government, possibly as retaliation for U.S.-imposed sanctions, said a second person involved in the probe, reports Bloomberg.

"The working theory is that there's a relationship with this organized-crime group linked to other state-sponsored targeted attacks, possibly including Russia," said Darien Kindlund, director of threat research for FireEye, which is aiding in the investigation. "We aren't ruling out the possibility that there may be tools or infrastructure tying these attacks to other state-sponsored activity."

"The task is complicated because the attack was tailored to take advantage of weaknesses in JPMorgan's network that only the criminals had identified," according to those familiar with the investigation. "The entry point was a vulnerable Web application and a Linux server behind it, according to the second person familiar with the probe."

"It's just impossible for something this big and prolonged to occur without the Russian government knowing," Lewis said. "Did the Russian government know this was going on? Yes. Did they direct it? We don't know."