US-Russia relations may spill over into cyberspace

News by Steve Gold

Pro-Russian hackers may be taking a leaf out of their Chinese counterparts. They are alleged to have systematically attacked the servers of US banks, and allied financial organisations, since the middle of the month

The Bloomberg newswire quotes two people "familiar with the probe" as saying the attacks may be in retaliation to US government lockdowns on financial trading against Russian companies and individuals.

These lockdowns - which started earlier in the year - are sanctions against Russia for the escalating situation in Eastern Ukraine, where today's news reports suggest Russian troops and tanks are on the ground - despite Russian government denials.

If the Bloomberg report is true - and most experts seem to agree that it is - then it confirms warnings that cold wars and battles will spill over from the real world into cyberspace. The problem with cyberspace attacks, however, is that successful defences against state-sponsored attacks are both untested and relatively thin on the ground.

The newswire claims that Russian hackers attacked the US financial system in mid-August, infiltrating and stealing data from JPMorgan Chase & Co and at least one other bank. The FBI and the NSA are investigating the attacks, which reportedly involved "the loss of gigabytes of sensitive data."

Perhaps worse - from a UK perspective - is the claims that the pro-Russian hackers have also been active against a number of major European banks, an assertion that has gone unreported here in Europe, until now.

Bloomberg says the pro-Russian hackers have used an unspecified zero-day flaw to gain access to one of the banks' websites - "a feat [that] security experts said appeared far beyond the capability of ordinary criminal hackers."

Overnight US TV news reports on CNN and NBC were full of speculation, but the US government and its agencies are refusing comment on the reports.

Amichai Shulman, CTO of Imperva, says that the fact that there are no financial losses associated with the attacks indicates they are politically motivated:

"This is very different from the alleged Iranian attacks earlier in 2012 and late 2013 that were purely of a denial-of-service nature. Apparently, this time around hackers got inside bank systems," he said.

"None of the people commenting on the incident mentioned a direct financial loss, or a direct fraudulent financial activity by the attacker. Everyone is talking about grabbing sensitive information. I find it odd that someone who was actually able to break into a bank is not using it for making immediate profit. There are two possibilities here: first is that there are missing pieces in the puzzle (i.e. we are not being told everything) and second is that these were indeed politically motivated hackers," he added.

Shulman went onto say that everyone is trying hard to tie the attacks in with the political situation with Russia, although he notes that is well known that, for a few years now, a large portion of banking attacks and financially related hacking has consistently been coming from Eastern Europe.

Nigel Stanley, practice director for cyber security, risk and compliance with OpenSky UK, meanwhile, said that, if a major bank such as JPMorgan Chase can be breached it makes you wonder what hope there is for smaller, less adept businesses struggling with information security risks whilst trying to drive profits.

"It reminds me of when security at Buckingham Palace was breached in the 1980s and an intruder reportedly made his way into Queen's bedroom. No matter what security controls you may have in place, if someone is intent to get in. they will," he said.

"Attribution is going to be a problem, and those of us in the public domain will never really know who conducted the attack, but as we have seen so often in the past geopolitical events almost always spill over into the virtual world," he added.

No surprise banks are being targeted

Bob Tarzey, an analyst and director with Quocirca, the business and IT research house, said that banks are a necessary part of any economy - and that they function continually and optimally is essential to the smooth running of those economies.

"Given their importance, it is not surprising that banks may be targeted - not just for financial gain but to undermine the economy in general," he said, adding that this could be the motive if the current speculation turns out to be correct.

"Government security agencies, such as the FBI, need to work with commercial organisations to help protect them from such attacks in the overall national interest and to help establish if there may be nation-state involvement and, if this turns out to be the case, formulate a response," he noted.

Tarzey argues, however, that there is also a need for an investigation to show if the vulnerability of a given bank is due to negligence - or whether it has simply been a victim of unforeseeable circumstances.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews