Lots of people who follow cybersecurity news know that hackers stole data on 83 million customers at JP Morgan in 2014. But in a development that does not happen enough, now the hackers have been caught.
Lots of criminal hackers operate from places like Russian and Romanian where they are pretty much beyond the reach of American and Western European law enforcement. But the two hackers who were arrested in the JP Morgan heist are from Israel, a close ally of the USA and other Western nations.
Now the hackers find themselves before a judge in New York City. A US citizen who worked who worked with them is still at large say some press reports. Yet the Wall Street Journal said he was arrested in Russia. He should hope that Russia does not extradite him to the USA as he and his co-conspirators could face up to 20 years in prison.
Criminals should be careful of traveling to the USA where the police are effective, have international and signals intelligence resources, and are not possible to bribe.
The two Israelis were arrested in New York where they were arrested for operating a bitcoin site Coin.mx, a site used to collect ransomware ransons.
How JP Morgan was Robbed
John Pierpont Morgan was one of America’s earliest financial titans. The bank he founded in 1857 still survives 159 years later. Now it is merged with Chase bank, a bank that had to be bailed out in the US Great Recession of 2008. Morgan was smarter than the other banks as it had much less toxic mortgage backed bonds on its books, which is what caused Lehman Brothers and other giant American banks to fail and Wells Fargo to take over Wachovia.
One presumes that a bank would have as sophisticated cybersecurity defenses as the military or government. That they were hacked shows that hackers can penetrate pretty much any system.
What made the attack so bad is that data stolen included customer emails. So hackers could make up phishing mails that looked like official JP Morgan emails and trick many customers into giving away passwords. That is what the Israelis did.
The hack was uncovered by a system audit, which shows it is a good idea to do that. There the bank found malware that was transmitting out gigabytes of data.
Bloomberg reported that the hackers exploited several zero day defects. Given what we have seen from other hackers it is possible that the hackers bought those attacks from other hackers or just attacked unpatched systems. The New York Time suggests that unpatched servers could have been a conduit, calling some of those “neglected” despite the bank spending $250 million per year on cybersecurity.
Bloomberg also says the data was transmitted to Russia. They do not mention Israel. Of course the Israelis could operate in Russia easier than Israel.
Wired reports that the hackers user brute force attacks, phishing to steal credentials, and the HeartBleed bug, which lets a hacker gain access to a server via a programming error in certain versions of OpenSSL, which is what web sites use for SSL encryption.
Brute force would work by using dictionary mining techniques and then going after Linux systems that do not connect to an enterprise user store like LDAP or use ssh with RSA certificates and keys. Having a server open to the internet without either of those is a bad idea. Linux systems configured like that do not lock accounts after a certain number of failed attempts to log in.
So there are lots of lessons to be learned from what happened at JP Morgan that can be applied to your business.