JPMorgan hackers altered, deleted bank records, says report

smash-grab-08212014-1.png
smash-grab-08212014-1.png

Screenshot from security blog Proofpoint showing a recent phishing attack aimed at getting access to JPMorgan Chase. It's not clear whether this phishing attack is related to the current breach. Proofpoint

The scope of yesterday's computer attack against JPMorgan Chase and at least one other bank appears to be much larger than initially reported.

In addition to possibly affecting seven financial organizations, instead of two as originally reported, some bank records at JPMorgan were altered and possibly deleted, reported CNN, citing unnamed sources. The source of the attacks is not yet known.

Getting access to bank records is uncommon but not unheard for hackers, who often change computer logs to cover their tracks but can't always get to more sensitive data, said RedSeal cybersecurity expert Robert Capps.

"Being able to change bank records is an interesting, but not novel, approach to unlawful enrichment," he said. "There have been reports of embezzlement and outright theft by malicious insiders, since computerized banking records have been in existence."

This case, however, involved outsiders who targeted specific employees at JPMorgan Chase to gain access to their computers and the bank databases. The Federal Bureau of Investigation and the Secret Service, which are investigating the breach, have not said whether customer bank records or identity details were compromised.

Related stories

Adam Kujawa, head of Malware Intelligence at Malwarebytes Labs, said that it wasn't likely that this kind of attack came from your "average cybercriminal."

"If hackers are capable of accomplishing this, it means they have spent a significant amount of time studying the [bank's] records system before attempting any kind of serious manipulation," he said. "It's not impossible, however, if they were able to modify records using high-level credentials and do it in a way that was undetected."

The scope of the damage has not been made public yet, and likely will take time to determine. Banks use redundancy systems and backups to ensure that data that's altered for any reason can be restored.

FBI spokesman Joshua Campbell wouldn't confirm whether bank records had been accessed or altered, saying that the FBI and Secret Service are attempting "to determine the scope" of attacks against "several American financial institutions."

"Combating cyberthreats and criminals remains a top priority for the United States Government, and we are constantly working with American companies to fight cyber attacks," he said in a prepared statement.

JPMorgan did not respond to a request for comment on the possibility that the hackers altered or deleted bank records. Yesterday, JPMorgan spokeswoman Trish Wexler told CNET, "We have multiple layers of defense to counteract any threats and constantly monitor fraud levels."

"We are dealing with adversaries who are not only highly sophisticated in their attacks and intelligence gathering but also highly resourced," said Kujawa. "I don't think we will see a lot of this kind of attack but to know that it is possible means we still have a ways to go on how we secure our important information."

At this point, the best advice is to be extremely wary about clicking on any kind of link from an email, especially to your financial institution. It's also worthwhile keeping tabs on your monthly statements, and report any unusual activity to the bank.