Nude celebrity picture leak looks like phishing or email account hack

Nude celebrity picture leak looks like phishing or email account hack

The leak of pictures and, allegedly, videos of Jennifer Lawrence by an unknown hacker has security experts – and Apple – puzzled. Though the hacker has posted a list of scores of female celebrities to a chatroom claiming to have more pictures of them, a number of those named have come forward to say that photos claimed to be of them are faked, while others claim they were deleted.

The list of those allegedly affected is long, and includes Jennifer Lawrence, Jenny McCarthy, Rihanna, Kate Upton and the American actress Mary E Winstead. With any hack, the principal questions are: what was the avenue of attack? And where were the photos and videos – if they were real – downloaded from?

The most headline-grabbing possibility for the source of the photos – a full-on frontal-assault ground-up hack of Apple’s iCloud service – is also the least likely. Large companies like Apple have dedicated in-house security teams who attempt to break into their own systems regularly.

“A wide scale ‘hack’ of Apple’s iCloud is unlikely. Even the original poster is not claiming that,” noted Rik Ferguson, vice-president of security research at Trend Micro.

As with the many celebrity hacks (and daily hacks that affect less famous people), the simpler and more likely explanation is the leak of an email and password combination, either through guesswork or “phishing”, when users are fooled by authentic-looking sites into entering their login details, which are then used against them.

Apple is still investigating what is claimed to be an attack on its iCloud service, which is used by iPhone users to store settings and, crucially, which backs up photos taken with the phone to “cloud” servers. If you have a user’s email address and password for their iCloud service, you can log in to their account and download those photos and other details.

The only block to that is if the account owner has enabled “two-factor authentication” (2FA) – an extra layer of security that will send a code to the owner’s phone before it allows login. Comparatively few people use 2FA, however, either because they don’t know about it or find it cumbersome.

Apple is still investigating whether the data was all taken from its iCloud service and, if so, to what extent users’ accounts were compromised. The company had no statement at the time of publication.

Ferguson suggests that the hacker may have used the “forgot password” link on Apple’s iCloud system after gathering the celebrities’ email addresses – perhaps from the address book of another hacked device. Alternatively, the stars used the same password on multiple services, which were captured through that.

Lawrence’s publicist says the photos are real, though not how old they are. In a tweet, Winstead suggested a longstanding effort by the hacker. “Knowing those photos were deleted long ago, I can only imagine the creepy effort that went into this. Feeling for everyone who got hacked,” she wrote.

However the independent security expert Graham Cluley points out that Winstead may have thought that she had deleted the photos from her phone – but with modern smartphones, deleting a picture from the phone does not always mean that no copies exist.

Modern smartphones routinely save photos to the cloud because they often lack enough capacity for the huge number of photos that people take. Apple’s iPhone by default saves photos to iCloud; Google’s Android to its Google+ service; Microsoft’s Windows Phone to its OneDrive service. Third-party services such as Dropbox also offer automated photo and data backups. “People take photos and zap them, but don’t realise that they are being uploaded,” Cluley told the Guardian. Ferguson agrees: “Deleted doesn’t always mean deleted,” he notes.

Those photos and videos can remain stored for years. If someone then gets hold of a user’s email and password, they can re-download all the photos – and also any videos that might have been sent by email. For an Apple device, the photos can be downloaded on to a Mac or Windows PC, or any Apple device. The hacker posted a screenshot claiming to be of so-far unreleased videos and images taken on a Windows PC.

“Two-factor authentication” protects against such hacks because it requires anyone setting up a copy of an existing account on a new device to enter a code that is sent to the primary device – usually a phone. Without that, access is blocked. Apple, Google, Microsoft and Yahoo all offer two-factor authentication on accounts, though it is not known how many, if any, of the affected celebrities used it.

Others have claimed that pictures allegedly of them are not authentic. A representative for Ariana Grande said the photos said to be of her are “completely fake”. Victoria Justice also tweeted that the “so called nudes of me are FAKE people. Let me nip this in the bud right now *pun intended*”

Cluley points to another possibility. Because those involved are celebrities, their accounts might have been hacked through someone who was handling their social media accounts or who regularly deals with their emails. “I wonder whether the agencies or some minion might be some part of this,” he mused. However, the stars named do not share a single publicist or management agency.

Another possibility is that someone who set up one or more of the victims’ systems, or helped configure one, secretly altered it so that any data would be passed back to them. That happened in the case of the “Hollywood hacker” Christopher Chaney, from Florida, who spread photos from Scarlettt Johansson and Mila Kunis’s email accounts in 2011, and was sentenced to 10 years in jail in December 2012 and ordered to pay more than $66,000 in restitution.

Chaney was accused of illegally accessing the email accounts of more than 50 people in the entertainment industry between November 2010 and October 2011; in one instance he sent an email from the account of Aguilera’s stylist to the star, asking for scantily clad photos, and then posted them online. Afterwards Chaney apologised, saying that his actions were “probably one of the worst invasions of privacy someone could experience”. It was also claimed he had stalked two people online for more than ten years.

Cluley said: “In the Chaney case, the stars had their email accounts hacked, and they were being altered so that somebody kept being forwarded their data even when the password changed.”

He said that the obsessive behaviour of those who try to hack such accounts was like “butterfly collectors”. “They just like to collect this stuff. Perhaps what has happened here is that someone stumbled across a stash of these accounts and logins on somewhere like Dropbox. Or they have been at work for a long time to get at them. Or they hacked someone’s email account and got at their address book, and then phished other people. My suspicion is that this isn’t an iCloud security flaw as such.”

This article originally appeared on

Next big bailout for US banks could be forced by cyber-attack

Next big bailout for US banks could be forced by cyber-attack

New York: Bankers and US officials have warned that cyber-terrorists will try to wreck the financial system’s computer networks. What they aren’t saying publicly is that taxpayers will probably have to cover much of the damage.

Even if customers don’t lose money from a hacking assault on JPMorgan Chase, the episode is a reminder that banks with the most sophisticated defences are vulnerable. Treasury Department officials have quietly told bank insurers that in the event of a cataclysmic attack, they would activate a government backstop that doesn’t explicitly cover electronic intrusions, two people briefed on the talks said.

“I can’t foresee a situation where the president wouldn’t do something via executive order,” said Edward DeMarco, general counsel of the Risk Management Association, a professional group of the banking industry. “All we’re talking about is the difference between the destruction of tangible property and intangible property.”

The attack on New York-based JPMorgan, though limited in scope, underscored how cyber assaults are evolving in ferocity and sophistication, and turning more political, possibly as a prelude to the sort of event DeMarco describes.

Not simply an effort to steal money, the attack looted the bank of gigabytes of data from deep within JPMorgan’s network. And bank security officials believe the hackers may have been aided by the Russian government, possibly as retribution for US sanctions over the Ukraine war.

Worst-case event
A worst-case event that destroyed records, drained accounts and froze networks could hurt the economy on the scale of the terrorist attacks of September 11, 2001. The government response, though, might be more akin to that following the 2008 credit meltdown, when the US Federal Reserve invoked “unusual and exigent circumstances” to lend billions of dollars.

The government might have little choice but to step in after an attack large enough to threaten the financial system. Federal deposit insurance would apply only if a bank failed, not if hackers drained accounts. The banks would have to tap their reserves and then their private insurance, which wouldn’t be enough to cover all claims from a catastrophic event, DeMarco and other industry officials said.

Janet Napolitano, the Secretary of Homeland Security until August 2013, had earlier warned in her valedictory speech that the country will someday suffer a cyber September 11 “that will have a serious effect on our lives, our economy, and the everyday functioning of our society.”

Wall Street banks, brokerages and other leading companies have grown increasingly concerned as well. It’s just a matter of time before nation-states or terrorist groups aim to “destroy data and machines,” the industry’s biggest lobbying group wrote in a June 27 internal document.

Economic losses

The Insurance Information Institute (III), a leading industry group, estimates that policies paid out about $42.9 billion after the September 11 attacks. Economic losses, given the closure of lower Manhattan, grounded flights and shuttered financial markets, were much larger.

Regulators are also seen raising pressure on banks, broker-dealers and hedge funds to report intrusions and show they’re improving cyber defences.

The June document, from the Securities Industry and Financial Markets Association (SIFMA), asked for federal help in those tasks, too. It proposed a government-industry cyber-war council to share threat information, help build firewalls and prevent attacks from spreading.

© Muscat Press and Publishing House SAOC 2014 Provided by SyndiGate Media Inc. (

Game of Thrones, the most pirated show in the world.

Telcos back internet piracy crackdown


The country’s biggest telecommunications companies are willing to block their customers from accessing overseas websites hosting pirated movies and music despite concerns harmless sites could also get caught by the filter.

Telstra, Optus, iiNet, Vodafone and other internet service providers are also ready to negotiate a scheme that would punish internet users who have received three warnings to stop downloading illicit content.

In a separate submission to the federal government, which is planning to crack down on online piracy, film production company Village Roadshow argues internet service providers should be forced to slow down speeds for customers who ignore warnings to stop infringing copyright.

“Just as there is no place on the internet for terrorism or paedophilia, there should be no place for theft that will impact the livelihoods of the 900,000 people whose security is protected by legitimate copyright,” Village Roadshow argues.

“The problem is urgent as piracy is spreading like a highly infectious disease and as bad habits become entrenched, they become harder to eradicate.”

Attorney-General George Brandis recently described Australia as the world’s “worst offender” for illicit downloading and argued action was needed to protect local creative industry. 

The government has proposed making it possible for rights holders to seek a court order requiring internet service providers (ISPs) to block overseas-based websites – such as the Pirate Bay – whose dominant purpose is breaching copyright.

Consumer group Choice says this would amount to an “industry-run internet filter“. 

The Communications Alliance admitted in its submission that site blocking carries a high risk of “collateral damage”: legitimate sites could inadvertently be blocked and blocked sites may also quickly reappear at a new address.

Yet “such a proposal might be able to play a useful role in addressing online copyright infringement in Australia” if safeguards are put in place, the telcos argued.

Village Roadshow argued in its submission that slowing down internet speeds for repeat copyright infringers was “in no way draconian” and that the mere threat of slower speeds would discourage illicit downloading. It said the government should encourage ISPs to participate in such a scheme by legislating to make them liable for customers’ illicit downloads.

Village Roadshow said any scheme should include a review mechanism and rights holders should pay a “healthy amount” towards administration costs. Village Roadshow co-chairman Graham Burke said rights holders and ISPs could split the costs 50-50. 

Previous negotiations have broken down over who should pay for the scheme.

The telecommunications companies say they are willing to negotiate with rights holders on a so-called “graduated response” or “three strikes” scheme. But they are opposed to threatening customers with slower speeds or terminated services. 

The Communications Alliance said such a scheme would have to include all ISPs, be funded by rights owners and include oversight by an independent arbitration authority.

“The internet industry recognises that online copyright infringement is a large and complex problem that needs to be addressed,” Communications Alliance chief executive John Stanton said. “The bottom line is that consumer rights should be protected and that law-abiding internet users should not have to pay the cost of doing Hollywood’s police work for it.”

Telcos are strongly opposed to changing the Copyright Act to make it easier for rights holders to confront them for not doing enough to prevent illicit downloading. They prefer a “follow the money” approach, where the government actively discourages advertisers from doing business with sites hosting pirated content. This has reduced advertising by major household brands on identified sites by 12 per cent in Britain, they argue. 

In its submission, Choice said the government should publicly report on pricing for digital goods in Australia and overseas to stop price gouging. It said copyright law should also be changed to clarify that consumer circumventing of “geo-blocking” was legal. 

Such a scheme would have to include all ISPs, be funded by rights owners and include oversight by an independent arbitration authority.

Any sanctions should not include interrupting or terminating internet services.

Such a scheme would have to include all ISPs, be funded by rights owners and include oversight by an independent arbitration authority.

Any sanctions should not include interrupting or terminating internet services.

Georgia Tech launches early warning system for cyberthreats

How a hacker could cause chaos on city streets

Traffic is chaotic enough in major cities, but imagine how much worse it would be if a criminal hacker got control of the traffic lights.

That Hollywood scenario is what researchers at the University of Michigan proved could happen given the security flaws in today’s traffic infrastructure.

[Survey: Most hackers do it for the lulz]

In a paper released this month, the researchers described how they were able to commandeer roughly 100 lights in an unnamed Michigan town. The study was done in cooperation with local authorities.

“Our attacks show that an adversary can control traffic infrastructure to cause disruption, degrade safety, or gain an unfair advantage,” the research said.

As hacking goes, the task of breaking into the traffic system wasn’t difficult.

The first step is to buy the same radio found in a separate box or on one of the traffic lights on an intersection. Oftentimes, the manufacturer’s name is on an external label at the radio’s location.

The radio receives instructions from a city control room and passes it on to a controller that operates the lights. Each intersection has a radio and controller and all the radios are capable of passing instructions to each other.

For example, if traffic control officials want to time green lights on a particular road to keep traffic flowing during certain times of the day, they can do that by sending the instructions to one radio, which will pass them along to the others on the street.

Like many cities, the one where the research took place communicated with traffic lights wirelessly. By purchasing the same radio used by the city, the researchers were sure to use the same communications protocol.

In this case, it was NTCIP 1202, which is often used for radio to controller communications.

Manufacturers of traffic-light radios are suppose to sell these products only to governments, but “there’s been a lot of literature on how easy it is to social engineer these people into selling you a radio,” Branden Ghena, a doctorate student and co-author of the report, said.

Once the researchers had the radio and plugged it into a laptop, controlling the traffic lights was easy, because getting on the network did not require a password and the communications between radios and controllers were unencrypted.

The researchers blame the latter problem on the standards body that sets the NTCIP, which stands for the National Transportation Communications for Intelligent Transportation System (ITS) Protocol.

The NTCIP is a joint standard set by the National Electronics Manufacturers Association (NEMA), the American Association of State Highway and Transportation Officials (AASHTO), and the Institute of Transportation Engineers (ITE).

“The standards that define how you communicate with the traffic controller really don’t go the distance in providing the security and access controls for these systems,” Ghena said.

Once in the network, an attacker would not be able to switch lights to red, green and yellow. A safety feature called a malfunction management unit and required in all controllers is hardcoded to know all the safe patterns for traffic lights.

Trying an unsafe configuration would automatically send the light to blinking red. Therefore, a hacker would be limited to changing lights to red.

Nevertheless, a city filled with red lights would cause major traffic jams and chaos on the streets. To fix the mess, city workers would have to go to each intersection to reset the lights.

[How hackers used Google in stealing corporate data]

“The cost would be real in terms of man hours and money, but it wouldn’t be as dangerous as a four-way green light would be,” Ghena said.

Whether other towns and cities would be susceptible to the same attack would depend on their individual security mechanisms.

“There’s lots of little simple things you can do to improve your security,” Ghena said. “But to really fix the problem involves the standards organizations and the vendors getting together and really trying to make sure their systems are designed with security in mind.”

Unaware of any ‘significant’ cyber attack, says US banking group

Unaware of any ‘significant’ cyber attack, says US banking group

Boston: An influential US financial services industry group that shares information about cyber threats has said it is unaware of any “significant” cyber attacks, downplaying concerns about possible breaches at JPMorgan Chase and other banks.

The group, known as the Financial Services Information Sharing and Analysis Centre, or FS-ISAC, includes all major US banks and dozens of smaller ones along with some large European financial institutions.

“There are no credible threats posed to the financial services sector at this time,” the group said in an email to its members.

FS-ISAC told members in the email that it decided not to raise its barometer of threats facing banks during a regularly scheduled conference call on Thursday. During the call, members discussed threats facing the financial services sector, including reports of suspected cyber attacks on JPMorgan and other banks.

It added that it was “unaware of any significant cyber-attacks causing unauthorised access to sensitive information at any member institutions.”

JPMorgan had said early on Thursday that it was working with US law enforcement authorities to investigate a possible cyber attack.

The bank provided little information about the suspected attack, declining to say whether it believed hackers had stolen any data or who might be responsible.

“Companies of our size unfortunately experience cyber attacks nearly every day. We have multiple layers of defence to counteract any threats and constantly monitor fraud levels,” it said in a statement.

The FBI had said late on Wednesday that it was looking into media reports on a spate of attacks on US banks, raising concerns that the sector was under siege by sophisticated hackers.

Yet several cyber security experts said that they believe those concerns are overblown.
“Banks are getting attacked every single day. These comments from FS-ISAC and its members indicate that this is not a major new offensive,” said Dave Kennedy, chief executive officer of TrustedSEC, whose clients include several large US banks.

“While we should remain diligent and active in monitoring, it doesn’t appear there is a major offensive,” said Kennedy.

The email said that FS-ISAC was maintaining the threat level at “guarded,” noting that financial services firms continue to face a variety of threats.
It cited recent attacks on retailers using malicious software that targets point-of-sales systems, SMS phishing campaigns targeting bank customers and a recently disclosed attack on hospital operator Community Health Systems. The group also warned members about the potential for cyber-related activity emerging from conflicts in the Middle East and Ukraine.

“They are basically saying that the attacks they are seeing are the standard patterns. That it is business as usual,” said Daniel Clemens, chief executive of cyber security firm PacketNinjas.

© Muscat Press and Publishing House SAOC 2014 Provided by SyndiGate Media Inc. (

Why Russian hackers are beating us

Why Russian hackers are beating us

Russian hackers like the ones who breached the computer systems of JP Morgan Chase and at least four other banks win because they think strategically like the best chess players, an expert says.

“Russians are more intelligent than Americans,” Tom Kellermann, chief cyber-security officer for Trend Micro, said. “They’re more intelligent because they think through every action they take to a point where it’s incredibly strategic.

[Ukraine says Russia is attacking critical infrastructure]

“They’re operating at eight to 12 steps ahead on both the offensive and defensive side of the (chess) board.”

The attacks that occurred this month resulted in the loss of gigabytes of customer data. One of the banks has linked the breach to state-sponsored hackers in Russia, Bloomberg reported Thursday.

The FBI is investigating whether the attacks are in retaliation to U.S.-imposed sanctions for Russia’s involvement in the battle between the Ukranian government and Kremlin-supported separatists.

Trend Micro has studied Russian hackers for years. In 2012, the company released a research paper called “Russian Underground 101″ that described in details the tools and services available in online marketplaces.

Russian hackers operate within a grey area in which cybercrime is ignored as long as it occurs outside the country and the hackers are willing to conduct government-sponsored campaigns when asked, Kellermann said.

“The regime essentially sees the underground of hacking as a national resource, as long as the hackers in Russia abide by the rules,” he said.

Attacks typically start with target reconnaissance to gain an understanding of the network topology and then predicting the security tools and controls that will have to be bypassed to infect systems and get data out.

“They’re complete geniuses because of how they operate with their very chess-like perspective on IT and cybersecurity,” Kellermann said.

The hackers develop automated attack platforms and exploit kits with some of the most advanced capabilities and are adept at finding and exploiting zero-day vulnerabilities in software.

Indeed, the hackers responsible for the latest breach exploited a zero-day flaw in at least one bank’s website.

Tools are available for each attack stage, including the delivery of the exploit, the lateral movement of malware in the network, data mining and the exfiltration of data.

“It (Russia) is the most advanced marketplace for hacking services in the world and it maintains, what I would consider, the true Silicon Valley of the East,” Kellermann said. “It has the greatest expertise when it comes to ethical hacking, penetration testing and black-hat hacking.”

Russia has used hackers before to strike political targets. In 2007, the country was behind distributed denial of service (DDoS) attacks that took down Estonian government websites during a disagreement over the relocation of a Soviet-era grave marker and war graves.

In 2008, Russia orchestrated an attack that disrupted Internet communications in Georgia several weeks before invading the country.

Without cooperation from the Russian government, arresting hackers in the country is nearly impossible. Therefore, U.S. companies have to change their security paradigm from keeping hackers out to catching them once they are in the computer network.

[Feds probing possible hacking incident at JP Morgan Chase]

The first step is to collect intelligence on the most likely attackers and then perform penetration testing on critical software most likely to be on the path hackers would take in the network, Kellermann said.

Secondly, spending should be less concentrated on antivirus software, firewalls and intrusion detection systems and shifted to technology that detects malware and its lateral movement within a network.

Russian Hackers Had Means, Motive To Infiltrate JPMorgan Chase

Russian Hackers Had Means, Motive To Infiltrate JPMorgan Chase

Kaspersky cybersecurity labs in Moscow, Russia

U.S. law enforcement and corporate security experts are investigating a cyberattack earlier this month on JPMorgan Chase & Co. (NYSE: JPM) under the assumption it originated in Russia. Unlike the usual identity theft motive, though, this hack has been reported as a Kremlin-sponsored retailiation for the bank’s interference in a Russian financial transfer earlier this year.

A who’s who of U.S. agencies, including the FBI, National Security Agency and Secret Service, have become involved since the probe launched earlier this month in what anonymous sources told Bloomberg News resulted in the theft of a gigabyte of “sensitive data from the files of bank employees, including executives.” The unnamed sources said federal investigators opened the investigation suspecting JPMorgan was specifically targeted for infiltration as “possible retaliation for [U.S.] government-sponsored sanctions” against Russia.

The Russian military first began the annexation of Ukraine’s Crimean Peninsula in late February, and in March the U.S. responded with a round of sanctions designed to prevent prominent Russian leaders from traveling to the U.S., Canada and European Union. American officials also threatened to increase the severity of the penalties if Russian aggression didn’t subside. The U.S. eventually launched two more rounds of sanctions.

JPMorgan Chase, meanwhile, fresh off years of bad publicity, during which it was fined nearly $30 billion in penalties and settlements, blocked a payment from the Russian embassy in Astana, Kazakhatan, to the Sogaz Insurance Group. Sogaz is partly owned by OAO Bank Rossiya, a St. Petersburg-based institution operated by Russian President Vladimir Putin’s associates.

The attempted transaction was for less than $5,000, Bloomberg reported at the time, but it came after President Obama announced in March that Rossiya was included as part of the sanctions on Russian officials.

“Any hostile actions against the Russian diplomatic mission are not only a grossest violation of international law, but are also fraught with countermeasures that unavoidably will affect activities of the embassy and consulates of the U.S. in Russia,” said Russian Foreign Ministry spokesman Alexander Lukashevich, adding that JP Morgan’s decision was “absolutely unacceptable, illegal and absurd.”

Sources cautioned the Wall Street Journal that it’s still too early to tell who is behind the attack, although they admitted that Russian and Eastern European hackers have increased their attacks on Wall Street and other sources of prized financial data in recent years. Russian hackers have been erroneously blamed for a slew of distributed-denial-of-service attacks in recent years, including instances where hackers from Georgia and Estonia ultimately were deemed responsible. No cases of identity theft have been made public in the wake of this attack, a point that has led experts to say retaliation for the sanctions could be a motive.

“None of the people commenting on the incident mentioned a direct financial loss, or a direct fraudulent financial activity by the attacker,” Amichai Shulman, chief technical officer of Imperva security, told the International Business Times. “Everyone is talking about grabbing sensitive information. I find it odd that someone who was actually able to break into a bank is not using it for making immediate profit.”

Earlier this year JPMorgan chairman and CEO Jamie Dimon wrote in his annual message to shareholders that the bank was planning on dedicating $250 million annually on cybersecurity, an initiative that includes having 1,000 employees focused on cybersecurity by the end of 2014.

“Cyberattacks are growing every day in strength and velocity across the globe,” he wrote, as quoted by the Wall Street Journal. “It is going to be a continual and likely never-ending battle to stay ahead of it — and, unfortunately, not every battle will be won.”

News of the cyberattack on the big bank coincides with yet another effort by pro-Kremlin hackers to subvert Western computers. A shadowy group of criminals published a letter this week indicating they’re trying to mine everyday users’ personal data by installing malicious software hidden in spam messages that falsely claim to attack Western governments. The curious logic means that the hackers in question are attempting to attack people who actually sympathize with their cause.

“We, a group of hackers from the Russian Federation, are worried about the unreasonable sanctions that western states imposed against our country,” the group wrote in a declaration highlighted by BitDefender security researchers. “We have coded our answer and below you will find the link to our program. Run the application on your computer, and it will secretly attack the government agencies of the states that have adopted those sanctions.” 

FBI investigating Russian links to JPMorgan hacking

FBI investigating Russian links to JPMorgan hacking

The US Federal Bureau of Investigation (FBI) is investigating reports that JPMorgan and at least four other US banks have been targeted by hackers in an attempt to obtain sensitive customer data.

The cyberattacks have been linked to Russian hackers, Bloomberg reported, who quoted sources claiming that hackers have been able to extract “gigabytes of sensitive data”.

The attacks may be connected to recent hacking attempts against European banks, it is understood. Investigators are said to be exploring links to both the Russian government and to Russian criminal networks, although Eastern European criminals are also a potential source.

Cybersecurity experts and US government officials have not yet confirmed this, nor have they been able to confirm these attacks are linked to the recent US imposed sanctions on Russia.

In a statement, the FBI is said to be currently working with the Secret Service to determine the source of the attack.

“We are working with the United States secret service to determine the scope of recently reported cyber attacks against several American financial institutions,” said FBI supervisory special agent Joshua Campbell.

JPMorgan Chase declined to comment about the attacks. “Companies of our size unfortunately experience cyberattacks nearly every day. We have multiple, layers of defense to counteract any threats and constantly monitor fraud levels,” said a statement.

Cybersecurity experts say that these sorts of crimes are usually linked to obtaining intellectual property, rather than causing damage to financial institutions.

“There’s always been an assumption because of the global nature of financial systems, that attacking a financial system will cause mutual disruption and financial loss,” said Rory Innes, head of cybersecurity at Salamanca Group.

“Russia, for example, has money in the US financial system as do all big nations, and it will affect every nation involved. If it is state sponsored espionage, which is what the FBI have proposed, it’s likely that it is about intellectual property theft to increase home competitive advantage or to make a political statement in retaliation for Western sanctions.”

Costin G Raiu, senior security researcher at Kaspersky Lab, said that cybercriminals are constantly developing more sophisticated ways to target instiutions st scale.

“JP Morgan is a gold mine for this sort of information. Previously cyber criminals have been going after individual people’s money, so in a sense we’re seeing an evolution of cyber attacks.

“Instead of going after a few dollars these cyber criminals are using their resources to go straight to the banks.”

This article originally appeared on

JP Morgan Chase & Co sign outside headquarters in New York

JPMorgan confirms it is investigating possible cyber attack

BOSTON (Reuters) – JPMorgan Chase & Co is investigating a possible cyber attack and working with law enforcement to determine the scope, company spokeswoman Trish Wexler said.

The bank is taking additional steps to safeguard sensitive or confidential information, though it not seeing unusual fraud activity at this time, she said.

(Reporting by Jim Finkle)

JP Morgan Chase & Co sign outside headquarters in New York

FBI, Secret Service investigate reports of cyber attacks on U.S. banks

(Reuters) – The U.S. Federal Bureau of Investigation said it is investigating media reports that several U.S. financial firms have been victims of recent cyber attacks.

“We are working with the United States Secret Service to determine the scope of recently reported cyber attacks against several American financial institutions,” FBI spokesman Joshua Campbell said in a statement late on Wednesday.

He did not name any firms or give further details. A Secret Service spokesman could not be reached for comment.

JPMorgan Chase & Co was the victim of a recent cyber attack, according to two people familiar with the incident who asked not to be identified because they were not authorized to speak publicly about the matter. They declined to elaborate on the severity of the incident, saying JPMorgan was still conducting an investigation to determine what happened.

JPMorgan spokesman Brian Marchiony declined comment when asked about the attack.

“Companies of our size unfortunately experience cyber attacks nearly every day. We have multiple, layers of defense to counteract any threats and constantly monitor fraud levels,” he said in a statement.

Earlier on Wednesday, Bloomberg News reported that Russian hackers were believed to have carried out cyber attacks against JPMorgan Chase and another unnamed U.S. bank in mid-August, resulting in the loss of sensitive data.  Authorities are investigating whether the breaches were linked to recent attacks on major European banks, the Bloomberg report said.

The New York Times reported late on Wednesday that the networks of JPMorgan and at least four other U.S. banks had been infiltrated in a string of coordinated attacks this month, citing four people familiar with the investigation.

The attackers stole large quantities of data, including checking and savings account information, though their motivation is not yet clear, according to the Times report, which said several private security firms have been hired to conduct forensic reviews of infected networks.

Reuters was not able to independently verify the details in the Bloomberg and Times reports.

(Reporting by Jim Finkle in Boston and David Henry in New York. Additional reporting by Mark Hosenball in Washington; Editing by David Gregorio and Jeremy Laurence)