JPMorgan's Been Hacked, But Answers — And Fraud — Are Hard To Find

Hackers successfully infiltrated the computer systems of JPMorgan Chase and at least four other banks recently. The FBI is investigating what's being called a sophisticated cyberattack, but bank officials have not yet found any evidence of fraud.

Copyright © 2014 NPR. For personal, noncommercial use only. See Terms of Use. For other uses, prior permission required.

ROBERT SIEGEL, HOST:

This is ALL THINGS CONSIDERED from NPR News. I'm Robert Siegel.

MELISSA BLOCK, HOST:

And I'm Melissa Block. One of the nation's largest banks has been hacked. JPMorgan Chase is working with a federal task force to figure out who might be responsible for the cyberattack. The bank says so far, it's not seeing any increase in fraudulent activity. Several other big banks were also reportedly hit. NPR's Jim Zarroli has more.

JIM ZARROLI, BYLINE: JPMorgan says hackers try to access its computers nearly every day without success. But this time, they were able to break in. And one source said whoever was responsible was able to get deep into the company's network. Today, dozens of cybersecurity employees at the bank were trying to figure out the scope of the attack and they were assisted by a Secret Service task force that includes the FBI. Tom Pageler is chief information security officer at DocuSign and a former JPMorgan cyber- security official.

TOM PAGELER: They're going to put this through and run this down and figure out what happened. But it can take some time and, you know, this is the kind of company that does have the funds to do that. And they want to know what happened, both to protect their customers, but also to understand it and make sure it doesn't happen again.

ZARROLI: So far at least, there are more questions about the attack than answers. And speculation is rampant about how it was carried out. The hackers reportedly also tried to attack the networks of at least four other big banks. But a source that if they did, there's no evidence they gained access. And some of the country's big biggest banks said today that they haven't been hacked. The attacks appear to have come from somewhere in Eastern Europe and Bloomberg reported that the attack may have been a Russian retaliation for U.S. economic sanctions against the country. Rahul Kashyap, head of security research at Bromium Labs, says that's certainly possible.

RAHUL KASHYAP: It wouldn't be surprising if it is coming from there. Some of the Russian underground gangs have a reputation of really being sophisticated. So I wouldn't be surprised if that were true because they have built some high-quality malware in the past.

ZARROLI: But U.S. officials cautioned that it was far too soon to attribute the attack to people in Russia or anywhere else. Computer hackers can be good at covering their tracks and making it look like they're in one location, when they're really somewhere else. Kashyap said it will take a long time to get to the bottom of things.

KASHYAP: They have to dig deep. It could take weeks, sometimes even months to kind of get to the full extent of the damage.

ZARROLI: Whoever was responsible, Kashyap says, the attack is disturbing. JPMorgan Chase is known for spending a lot of money on computer security and its defenses against hackers are said to be the gold standard in the industry. So the fact that JPMorgan's network can be penetrated says something about just how vulnerable other big institutions are. Jim Zarroli, NPR News, New York.

Copyright © 2014 NPR. All rights reserved. No quotes from the materials contained herein may be used in any media without attribution to NPR. This transcript is provided for personal, noncommercial use only, pursuant to our Terms of Use. Any other use requires NPR's prior permission. Visit our permissions page for further information.

NPR transcripts are created on a rush deadline by a contractor for NPR, and accuracy and availability may vary. This text may not be in its final form and may be updated or revised in the future. Please be aware that the authoritative record of NPR's programming is the audio.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.