Last updated: August 28, 2014 11:07 pm

US probes wave of cyber attacks on banks

A Federal Bureau of Investigation command vehicle is seen during an FBI field training exercise at the Landmark Mall May 2, 2014 in Alexandria, Virginia. The law enforcement agency held the training to practice responding to a terrorist attack in a public venue. AFP PHOTO/Brendan SMIALOWSKI (Photo credit should read BRENDAN SMIALOWSKI/AFP/Getty Images)©AFP

US authorities are investigating a new wave of cyber attacks against American financial institutions, including JPMorgan Chase, as officials discuss how to safeguard the industry against increasingly-sophisticated computer hacking.

The Federal Bureau of Investigation is working with the US Secret Service “to determine the scope of recently reported cyber attacks against several American financial institutions”, including JPMorgan, the largest US bank by assets.

Of the biggest banks in the country, Goldman Sachs, Morgan Stanley, Bank of America, Citigroup and Wells Fargo, were not affected, said people close to the institutions. They have all been targeted in previous efforts to steal data or disrupt services.

“Combating cyber threats and criminals remains a top priority for the United States government,” the FBI said. “We are constantly working with American companies to fight cyber attacks.”

The US Treasury is hosting a meeting next month between officials and the biggest banks to discuss how to fend off co-ordinated attacks, some of which are believed to be instigated by foreign governments.

Bloomberg News earlier reported that the FBI was investigating whether the attack had been backed by the Russian government in retaliation for US sanctions instigated over the crisis in Ukraine. One person familiar with the matter said investigators had not determined that.

Though serious, people informed about the scope of the attack said there was nothing to suggest it achieved anything of the magnitude of last year’s data breach at Target, the retailer, which saw the theft of millions of cardholders’ information.

JPMorgan said it had not seen any unusual fraud activity and it was taking additional steps to safeguard sensitive or confidential information. It said it would notify anyone affected by the attack.

“Companies of our size unfortunately experience cyber attacks nearly every day,” JPMorgan said. “We have multiple layers of defence to counteract any threats and constantly monitor fraud levels.”

The financial sector is a main target for cyber criminals, whether they are seeking to make a profit from customer data or confidential information about dealmaking, or are “hacktivists” or nation states wishing to make a political point. But the banks are also some of the best protected companies against cyber crime, with large numbers of security staff and customised software that many other companies cannot afford.

In depth

Cyber warfare

Cyber security

As online threats race up national security agendas and governments look at ways of protecting their national infrastructures a cyber arms race is causing concern to the developed world

Further reading

Russia is home to many organised crime groups that have become expert in cyber crime, often to steal data to sell on underground markets but sometimes – for example, during the conflict with Ukraine – using it as part of a cyber war. This month, dozens of computers in the Ukrainian prime minister’s office and at least 10 of Ukraine’s embassies abroad have been infected with a cyber espionage weapon linked to Russia.

Scott Borg, chief executive of the US Cyber Consequences Unit, an independent, non-profit research institute, said Russian cyber criminals were “very sensitive” to political events, citing a campaign waged against Georgia. While not actively employed by the Russian government, the groups have connections to power, he said.

“They are tolerated and even to some degree protected by the Russian government because they regularly engage in ‘patriotic hacking’,” he said. “But they will often carry out cyber attacks that allow them to profit, while still falling in line with what they perceive to be Russia’s political interests.”

Sean Sullivan, a security adviser at F-Secure, a Helsinki-based cyber security company, said he suspected it was an attack by Russian “privateers” who saw it as a patriotic act, rather than one explicitly requested by the Russian government.

Copyright The Financial Times Limited 2015. You may share using our article tools.
Please don't cut articles from and redistribute by email or post to the web.