9 October 2014

Let’s start with good news. In JPMorgan’s FORM 8-K report from 2 October 2014 we could read that it could have been a lot worse:

Only ‘User contact information – name, address, phone number and email address – and internal JPMorgan Chase information relating to such users have been compromised.’

And ‘… there is no evidence that account information for such affected customers – account numbers, passwords, user IDs, dates of birth or Social Security numbers – was compromised during this attack.’

But what really confuses me is the statement ‘As of such date, the firm continues not to have seen any unusual customer fraud related to this incident.’

How can they be sure that it has stopped?

The big question in the JP Morgan case remains unanswered: How could it happen?

Currently neither the bank nor the FBI had given an official report about the details of the cyber-attack. But reading between the lines can help to gain a rough picture of what probably had happened. I really like developing new conspiracy theories ;-).

On 2 October 2014, Jessica Silver-Greenberg, Matthew Goldstein and Nicole Perlroth reported in The New York Times:   “Hackers drilled deep into the bank’s vast computer systems, reaching more than 90 servers, the people with knowledge of the investigation said. … By the time the bank’s security team discovered the breach in late July, hackers had already obtained the highest level of administrative privilege to dozens of the bank’s computer servers, according to the people with knowledge of the investigation. It is still unclear how hackers managed to gain such deep access.”

CNET report ‘JPMorgan hackers altered, deleted bank records, says report’ from 28 August 2014 brings some light in the dark: “This case, however, involved outsiders who targeted specific employees at JPMorgan Chase to gain access to their computers and the bank databases.”

This sounds to me a lot like a successful phishing attack. Incredible!

In his post ‘JPMorgan breach heightens data security doubts‘, Alex Veiga, AP Business Writer, reports on 3 October 2014: “In response to the data breach, the company has disabled compromised accounts and reset passwords of all its technology employees, Wexler said.”

Why should a company reset the passwords of all its technology employees? This makes only sense if they suspect that the passwords were compromised.

The phishing attack theory becomes much more credible!

But the most exciting statement could be read in the CNET report: ‘If hackers are capable of accomplishing this, it means they have spent a significant amount of time studying the [bank’s] records system before attempting any kind of serious manipulation,” he said. “It’s not impossible, however, if they were able to modify records using high-level credentials and do it in a way that was undetected.”‘

How can they be sure that it has stopped?