FBI probes Russian government links to JPMorgan cyber attacks

State-sponsored response to political situation being 'investigated' by FBI

As the war of words intensifies between the US and Russia, it has now become apparent that the FBI is trying to prove that state-sponsored attacks, rather than just private Russian hacking groups acting alone, may have been behind the mid-August hack on banking giant JPMorgan & Chase.

News of the inquiry comes via "two people familiar with the probe", according to the Bloomberg newswire.

These same people have also reported that the FBI won't stop at linking the Russian government with just the JP Morgan attack, and will be seeking to investigate whether cyber attacks on several major European banks can also be pinned on the same groups, under the apparent direction of the Russian government.

The commonly-held belief seems to be that state-sponsored attacks could have come in direct response to US government sanctions against Russia over Ukraine.

According to Bloomberg, the "sophistication of the attack and technical indicators" already provide "evidence of a government link". Techniques used included zero-day vulnerability exploits and the hackers burrowing through several layers of other "elaborate" security.

"Everyone is trying hard to tie this with the whole political situation with Russia," said Amichai Shulman, chief technology officer of US-based data centre security solutions firm Imperva.

"However, it is well known that for a few years now, a large portion of banking attacks and financially related hacking has consistently been coming from Eastern Europe."

In the FBI's defence, however, Shulman agrees that the distinct lack of news of financial loss from these attacks is unusual. "None of the people commenting on the incident mentioned a direct financial loss, or a direct fraudulent financial activity by the attacker," he said.

"Everyone is talking about grabbing sensitive information. I find it odd that someone who was actually able to break into a bank is not using it for making immediate profit.

"There are two possibilities here: first is that there are missing pieces in the puzzle - i.e. we are not being told everything - and second is that these were indeed politically motivated hackers," said Shulman.

Philip Lieberman, CEO of Lieberman Software, a US-based privileged identity management firm, is convinced state sponsorship was involved.

"The ability to overcome the typical financial defence-in-depth strategy outlined by JPMorgan points to capabilities that go beyond criminal activity and are in the realm of nation state capabilities," he said.

He continued: "The lesson to be learned is that the financial services sector needs to up its cyber security game to move up from commercial security to military level security.

"Most banks are focused on obtaining passing grades from internal and government cyber security auditors, but fail to place enough emphasis on the real and constant threats from the outside."