JP Morgan Hackers Plead Guilty

Lots of people who follow cybersecurity news know that hackers stole data on 83 million customers at JP Morgan in 2014. But in a development that does not happen enough, now the hackers have been caught.

Lots of criminal hackers operate from places like Russian and Romanian where they are pretty much beyond the reach of American and Western European law enforcement. But the two hackers who were arrested in the JP Morgan heist are from Israel, a close ally of the USA and other Western nations.

Now the hackers find themselves before a judge in New York City. A US citizen who worked who worked with them is still at large say some press reports. Yet the Wall Street Journal said he was arrested in Russia. He should hope that Russia does not extradite him to the USA as he and his co-conspirators could face up to 20 years in prison.

Criminals should be careful of traveling to the USA where the police are effective, have international and signals intelligence resources, and are not possible to bribe.

The two Israelis were arrested in New York where they were arrested for operating a bitcoin site Coin.mx, a site used to collect ransomware ransons.

How JP Morgan was Robbed
John Pierpont Morgan was one of America’s earliest financial titans. The bank he founded in 1857 still survives 159 years later. Now it is merged with Chase bank, a bank that had to be bailed out in the US Great Recession of 2008. Morgan was smarter than the other banks as it had much less toxic mortgage backed bonds on its books, which is what caused Lehman Brothers and other giant American banks to fail and Wells Fargo to take over Wachovia.

jp morgans hackers plead guilty

One presumes that a bank would have as sophisticated cybersecurity defenses as the military or government. That they were hacked shows that hackers can penetrate pretty much any system.

What made the attack so bad is that data stolen included customer emails. So hackers could make up phishing mails that looked like official JP Morgan emails and trick many customers into giving away passwords. That is what the Israelis did.

The hack was uncovered by a system audit, which shows it is a good idea to do that. There the bank found malware that was transmitting out gigabytes of data.

Bloomberg reported that the hackers exploited several zero day defects. Given what we have seen from other hackers it is possible that the hackers bought those attacks from other hackers or just attacked unpatched systems. The New York Time suggests that unpatched servers could have been a conduit, calling some of those “neglected” despite the bank spending $250 million per year on cybersecurity.

Bloomberg also says the data was transmitted to Russia. They do not mention Israel. Of course the Israelis could operate in Russia easier than Israel.

Wired reports that the hackers user brute force attacks, phishing to steal credentials, and the HeartBleed bug, which lets a hacker gain access to a server via a programming error in certain versions of OpenSSL, which is what web sites use for SSL encryption.

Brute force would work by using dictionary mining techniques and then going after Linux systems that do not connect to an enterprise user store like LDAP or use ssh with RSA certificates and keys. Having a server open to the internet without either of those is a bad idea. Linux systems configured like that do not lock accounts after a certain number of failed attempts to log in.

So there are lots of lessons to be learned from what happened at JP Morgan that can be applied to your business.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal